▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Secure Traffic Between VPS Using OpenVPN ?
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> You'll need at least two droplets or VPS for this OpenVPN setup, and will work up to around 60 VPS without major modifications. So to get started, create two droplets. For the rest of this tutorial, I'll refer to them as Droplet 1 and Droplet 2.

🦑 On Droplet 1

1) Create the droplet with Ubuntu 13.04 x32.

> This should work without modification on any version of Ubuntu that DigitalOcean offers, but was only tested on 13.04.

2) Connect to the VPS via secure shell. We're going to update packages and install a few things.

3) aptitude update

4) aptitude dist-upgrade -y

5) aptitude install openvpn firehol -y && reboot

6) if your shell goes purple during this, just choose "Install Package Maintainer's Version" twice.

🦑 Meanwhile, on Droplet 2

1) Create the droplet with Ubuntu 13.04 x32.

2) Again, this should work on any version of Ubuntu.

> Connect to the VPS via secure shell. We're going to update packages in install a few things.

3) aptitude update

4) aptitude dist-upgrade -y

5) aptitude install openvpn -y && reboot

6) Again, if your shell goes purple during this, just choose "Install Package Maintainer's Version" twice.

🦑 Now Generating the Keys:

> The key generation is going to be done exclusively on Droplet 1. Type the following commands into the shell:

1) cd /etc/openvpn/

2) mkdir easy-rsa

3) cd easy-rsa

4) cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* .

5) Next, we're going to type in some presets which will vastly speed up the key generation process. Type the following command:

6) nano /etc/openvpn/easy-rsa/vars

70 Go ahead and edit the following values (you only need do to these, although there are several more present

KEY_COUNTRY
KEY_PROVINCE
KEY_CITY
KEY_ORG and
KEY_EMAIL

8) You may adjust the KEY_SIZE to 2048 or higher for added protection.

9) Save and exit with Control-O, Enter, and Control-X.

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Create the Certificate Authority Certificate and Key (vps tutorial)
twitter.com/UndercodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) type the following commands:

source vars
./clean-all
./build-ca

2) You should be able to hit Enter though all of the questions.

Note: if you ever have to go back and create more keys, you'll need to retype source vars but don't type ./clean-all or you'll erase your Certificate Authority, undermining your whole VPN setup.

3) Create Server Certificate and Key

> Generate the server certificate and key with the following command:

4) ./build-key-server server

5) You should be able to hit Enter on defaults, but make sure the Common Name of the certificate is "server".

6) It will ask you to add a pass phrase, but just hit Enter without typing one.

7) When it asks you "Sign the certificate?", type y and hit Enter.

8) When it says "1 out of 1 certificate requests certified, commit?", type y and hit Enter

🦑Tested by UndercOde

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Generate Client Keys (vps tutorial3)

> Next is generating the certificate and keys for the clients. For security purposes, each client will get its own certificate and key.
fb.com/UndercOdeTestingCompany

🦑Example :

1) I'm naming the first client "client1", so if you change this, you'll have to adjust it several times later. So type in the following:

> ./build-key client1

2) As with the server key, when it asks you "Sign the certificate?", type y and hit Enter.

3) When it says "1 out of 1 certificate requests certified, commit?", type y and hit Enter.

4) Go ahead and repeat this for as many clients as you need to make. You can also come back to this later (though remember to "source var" again if you do so).

5) Generate Diffie-Hellman Parameters
This is used after authentication, to determine the encryption parameters. Simply type the following line:

> ./build-dh

6) Copy Keys into Place

7) Next, we copy the various keys and certificates into place on the cloud server:

> cd /etc/openvpn/easy-rsa/keys

> cp ca.crt dh1024.pem server.crt server.key /etc/openvpn

8) It's very important that keys are kept secure. Double check that only root has permission to read. So type:

> ls -lah /etc/openvpn

9) What you're looking for is that server.key has -rw------- for permissions (read/write for owner, none for group, and none everyone). If you need to change it, use this command:

> chmod 600 /etc/openvpn/server.key

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Now Lets generate a ssh for secure a server :
> example we have two clients :
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) On Droplet 1
Generate SSH keys with the following command:

> ssh-keygen -t rsa

2) It will choose a default filename and then ask you for a secure passphrase, which you should set. Find the SSH public key you just generated and type:

> cat ~/.ssh/id_rsa.pub

3) Copy the results onto the clipboard. It's a few lines of letters and numbers looking like:

> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo249TgbI1gYP42RbLcDhsNN28r/fNT6ljdFOZxhk+05UAPhxq8bASaqSXZI3K8EEI3wSpigaceNUu65pxLEsZWS8xTtjY4AVxZU2w8GIlnFDSQYr3M2A77ZAq5DqyhGmnnB3cPsIJi5Q6JQNaQ/Meg1v7mYR9prfEENJeXrDiXjxUqi41NlVdb5ZQnPL1EdKM+KN/EPjiTD5XY1q4ICmLJUB8RkffHwH2knEcBoSZW2cNADpMu/IqtxTZpFL0I1eIEtoCWg4mGIdIo8Dj/nzjheFjavDhiqvUEImt1vWFPxHEXt79Iap/VQp/yc80fhr2UqXmxOa0XS7oSGGfFuXz root@openvpn1

4) But USE YOUR OWN, not mine. Your id_rsa.pub doesn't need to be kept secure, but if you use the key above, that would allow me access to your VPS.

5) Meanwhile, on Droplet 2
cd ~/.ssh
(If you get an error, create the folder with mkdir ~/.ssh).

nano authorized_keys

6) Paste the public key that is in your clipboard onto a new line, then save and exit with Control-O, Enter, Control-X.

7) Back to Droplet 1
Next, we copy the appropriate keys onto the second server:
scp /etc/openvpn/easy-rsa/keys/ca.crt \
/etc/openvpn/easy-rsa/keys/client1.crt \
/etc/openvpn/easy-rsa/keys/client1.key \
root@droplet2ip:~/

8) It will ask you "Are you sure you want to continue connecting (yes/no)?", so type yes and hit Enter.

> Then input the passphrase you've just created.

🦑 Switching again to Droplet 2 :

1) Next, we move the certificates and keys into their final location:

cd ~
mv ca.crt client1.crt client1.key /etc/openvpn
ls -l /etc/openvpn

2) As the key must be kept secure, let's make sure client1.key has the correct permissions (-rw-------).

3) Again, if need be, the permissions can be reset with the following command:

> chmod 600 /etc/openvpn/client1.key

@UNDERCODEOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to install and run WPScan on Windows
> WPScan is a vulnerability scanner for WordPress powered sites. It works on the principle of a “black box”, that is, without access to the source code. It can be used to crawl remote WordPress sites for security issues.
t.me/UndercOdeTesting

🦑The vulnerability search process is as follows:

1) Installed plugins and themes are searched for for the specified site.

2) Since plugins are placed in the same folders on all sites, you can determine the availability of the plugin by making a request to a specific file. Attempts are also being made to determine the versions for plugins and detected themes.

3) If the plugin is found, then the database checks if there are vulnerabilities for it.

4) Additionally, the version of WordPress is determined and known vulnerabilities are displayed.

5) Backup files and databases are also searched, the robots.txt file is analyzed, a list of users and other information useful to the site security auditor are displayed.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) WPScan is usually used on Linux, this program is already preinstalled on distributions such as Kali Linux and BlackArch. WPScan is written in Ruby and can be run on any operating system that supports Ruby, including Windows. When using WPScan in Windows, there are some nuances that will be discussed later.

2) To install WPScan on Windows, you need to start by installing Ruby , as described in this article .

3) Then do a WPScan search among the gem packages:

> gem search WPScan

> gem install wpscan

4) Now you need to update the WPScan database with information about plugins and WordPress themes:

> wpscan --update --disable-tls-checks

5) If the error “Could not open library 'libcurl.dll', 'libcurl.so.4', 'libcurl.so.dll'” occurs during startup, the continue:
if works stop (depend on win version)

6) To run WordPress site crawls on Windows using WPScan, run a command of the form

To run WordPress site awls on Windows using WPScan, run a command of the form:

> wpscan --url https://sitename.com --random-user-agent --disable-tls-checks

Written BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Why WPScan does not show vulnerabilities. How to get WPVulnDB API
WPScan used to output versions of found plugins and themes, and if a plugin or theme has vulnerabilities, then output them. Now WPScan only shows versions of WordPress, plugins and themes, but does not display vulnerabilities. Instead, the following messages are shown at the end of the scan
instagram.com/UndercodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) No WPVulnDB API Token given, as a result vulnerability data has not been output.

2) You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.

3) They say that the WPVulnDB API is not defined, so there is no information about vulnerabilities in the output. You can get a free API that gives you the right to make 50 requests per day. To do this, just
> register at https://wpvulndb.com/users/sign_up .

4) There is no catch — just go ahead, register and get your free token.

5) Then add the --api-token option to the command to run :

> wpscan --url https://URLexanple --random-user-agent --disable-tls-checks --api-token API_

Written BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ITWSV- Integrated Tool for Web Security Vulnerability linux tool : updated 2019
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/penetrate2hack/ITWSV.git

2) cd ITWSV

3) chmod +x start.sh

4) chmod +x update.sh (only if required)

5) ./start.sh

🦑Features :

WHOIS

DNSWALK

FIERCE

DNSRecon

DNSenum

NMAP

DMitry

theHarvester

LBD

SSLScan

SSLYze

WhatWeb

Automater

Grabber

Parsero

Uniscan

Metagoofil

A2SV

WPScan

Droopescan

WPSeku

XssPy

Spaghetti

sublist3r

WAFW00F

nslookup

nslookup

dirsearch

OWASP Joomscan

Spaghetti

Globuster

Grabber

OTHER TOOLS
Pureblood

Wapiti

Lscript

Trity
Written BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑to know Python you must know those topic :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In-Place Swapping Of Two Numbers.

2) Reversing a string in Python.

3) Create a single string from all the elements in list.

4 )Chaining Of Comparison Operators.

5) Print The File Path Of Imported Modules.

6) Use Of Enums In Python.

7) Return Multiple Values From Functions.

8) Find The Most Frequent Value In A List.

Written BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑to know Python you must know those topic :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In-Place Swapping Of Two Numbers.

2) Reversing a string in Python.

3) Create a single string from all the elements in list.

4 )Chaining Of Comparison Operators.

5) Print The File Path Of Imported Modules.

6) Use Of Enums In Python.

7) Return Multiple Values From Functions.

8) Find The Most Frequent Value In A List.

Written BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Unauthorized access ?
twitter.com/UNDERCODEtc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Unauthorized access is when someone gains access to a website, program, server, service, or other system using someone else's account or other methods. For example, if someone kept guessing a password or username for an account that was not theirs until they gained access, it is considered unauthorized access.

2) Unauthorized access could also occur if a user attempts to access an area of a system they should not be accessing. When attempting to access that area, they would be denied access and possibly see an unauthorized access message.

3) Some system administrators set up alerts to let them know when there is an unauthorized access attempt, so that they may investigate the reason. These alerts can help stop hackers from gaining access to a secure or confidential system. Many secure systems may also lock an account that has had too many failed login attempts.

@UndercOdeOfficial

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Preventing unauthorized access :
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

You may be alerted to a security incident in the media, such as the discovery of the Heartbleed bug, or your computer could be stolen while you're signed in to GitHub. In such cases, changing your password prevents any unintended future access to your account and projects.

1) GitHub requires a password to perform sensitive actions, such as adding new SSH keys, authorizing applications, or modifying team members.

2) After changing your password, you should perform these actions to make sure that your account is secure:

3) Enable two-factor authentication on your account so that access requires more than just a password.

4) Review your SSH keys, deploy keys, and authorized integrations and revoke unauthorized or unfamiliar access in your SSH and Applications settings.

5) Verify all your email addresses. If an attacker added their email address to your account, it could allow them to force an unintended password reset.

6) Review your account's security log. This provides an overview on various configurations made to your repositories. For example, you can ensure that no private repositories were turned public, or that no repositories were transferred.

7) Review the service hooks on your repositories. Service hooks could allow an attacker to intercept pushes made to your repository.

8) Make sure that no new deploy keys were created. This could enable outside servers access to your projects.

9) Review recent commits made to your repositories.

10) Review the list of collaborators for each repository

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The task is to install pypi on windows :
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) I had python 2.7 installed

2) Take pypi from here link
> https://pypi.org/project/jaraco.windows/

3) Unpack in c: pypi for example

4) Next, open cmd :

> cd c: pypi

> C: Python27python.exe setup.py install

5) Open a new cmd :

6) Let's check on :

pip install exampletool

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Asterisk and security :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Custom port instead of 5060

2) The port is configured in the sip.conf file in the [general] section : bindport = 5060 => bindport = 5071

3) Disable guest calls

4) If you do not need to receive calls without registering, turn off the following option in sip.conf:
allowguest = yes => allowguest = no

5) Turn off the notification of the wrong password

5) Change the option in sip.conf:
alwaysauthreject = no => alwaysauthreject = yes

6) We use complex passwords for accounts

7) Remove all passwords matching logins

secret = Vad34 @ QW545!

8) We use deny / permit for accounts

9) We indicate for all accounts that do not imply an Internet connection the following lines:
@UndercOdeTesting

[100]
...
deny = 0.0.0.0 / 0.0.0.0
permit = 10.1.1.1 / 24
permit = 10.1.2.1 / 24

Set the call limit:

[100]
call-limit = 1

10) We do not use default extension. All that should be in default:

[default]
exten => _X., 1, Hangup

11) We do not make one universal rule for all calls:
exten => _X., 1, Dial (SIP / $ {EXTEN} @ operator)

12) We write down clearly all the necessary combinations of numbers transmitted to the operator :;
Emergency services
exten => _0X, 1,
Dial (SIP / $ {EXTEN} @ operator)
exten => _0X, n, Hangup


; Melbourn
exten => _.,..XXXXX, 1,
Dial (SIP / $ {EXTEN} @ operator)
exten => _..XXXXX, n, Hangup
exten => _...XXXXXX, 1,
Dial (SIP / $ {EXTEN} @ operator)
exten => _...XXXXX , n, Hangup
exten => _XXXXXXX, 1,
Dial (SIP / $ {EXTEN} @ operator)
exten => _..XXXXX, n, Hangup


; Intercity Austraia / Mobile
exten => 61...

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Deep Explorer used for the search of hidden services in tor network, using Ahmia Browser and crawling the links obtained updated in 2019
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/blueudp/Deep-Explorer

2) cd Deep-Explorer

3) pip3 install -r requirements.txt

4) python3 deepexplorer.py STRING_TO_SEARCH NUMBER_OF_RESULTS TYPE_OF_CRAWL

🦑Commands :

1) python3 deepexplorer.py "legal thing" 40 default legal (will crawl if results obtained in browser do not reach 40, also the script will show links which have "legal" string in html [like intext dork in google])

2) python3 deepexplorer.py "ilegal thing" 30 all dni(will crawl every link obtained in browser [ultil reachs 30], also the script will show links which have "dni" string in html [like intext dork in google])

3) python3 deepexplorer.py "legal thing" 30 none (do not crawl, only obtain links from browser)

🦑Features :

> Deep Explorer is a tool designed to search (any) thing in a few seconds

> results.txt contains results obtaioned in previus search

Tested in ParrotOS and Kali Linux

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NEW VULNERABILITY FOUND IN BOEING 737 MAX SOFTWARE (planes)
t.me/iOsDeveloppers :

1) Security flaws exist in all kinds of software, and depending on the context, these drawbacks can represent all sorts of risk scenarios. A report by vulnerability testing experts mentions that Boeing Corporation has identified new issues affecting the software of the Boeing 737 MAX aircraft.

2) The new security flaw was discovered while an external company conducted a technical audit, a routine process in the development of this class of technology. The technical details behind this vulnerability are still unknown.

3)Boeing claims it is already in collaboration with the US Federal Aviation Administration’s vulnerability testing teams for the bug correction process.

4) Boeing had already released some documents relating to the early flight tests of the 737 MAX, during which pilots identified some problems with multiple control systems on the aircraft.

5) and Boeing ceased to be authorized to issue airworthiness certificates for 737 MAX aircraft, meaning that this aircraft was not in a position to operate safely under normal conditions.

6) According to vulnerability testing specialists at the International Institute of Cyber Security (IICS), Boeing suspended the operations of the 737 MAX after two accidents in the past year, which resulted in the deaths of 346 People. In addition, Dennis Meulenberg, the company’s director, was fired from his position.

7) However, the problems are not only for Boeing, as a few months ago it was reported that Comac, a state-controlled China aerospace company, would have conducted a complex corporate espionage campaign to access the most specific details about Boeing’s developments, both in terms of the design, control mechanisms and software of the U.S. company’s aircraft. Stolen intellectual property had been used in the development of C919, Comac’s most advanced aircraft.

8) If these reports are confirmed, the Chinese company could also face the occurrence of these safety failures, which not only compromise flight systems, but also expose huge risks to passengers and crew.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SIP-Based Audit and Attack Tool 2019-2020 :
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Install using pip:

> pip install netifaces pip install ipaddress pip install pyfiglet

2) Install using apt:

> apt-get install python-scapy

3) git clone https://github.com/meliht/Mr.SIP

4) cd Mr.SIP

5) ./mr.sip.py --ns --tn <target_ip> --dp=5060
./mr.sip.py --ns --tn <target_network_range> --dp=5060 ./mr.sip.py --ns --tn <target_network_address> --dp=5060

6) NOT-1: <target_network_range> should be like 192.168.1.10-192.168.1.20 NOT-2: <target_network> should be like 192.168.1.0 NOT-3: You can specify the output by -i <output_file_name>. By default the output will be written to ip_list.txt file which is already exists in the repo. SIP-ENUM uses that file as an input. NOT-3: Default destionation port 5060, if not given.

🦑SIP-DAS usage:

by using socket library (but doesn't support IP spoofing) \

./mr.sip.py --ds -dm=<sip_method_name> -c <number_of_packets> --di=<target_IP_address> --dp=5060 -r --to=toUser.txt --fu=fromUser.txt --ua=userAgent.txt --su=spUser.txt -l

by using scapy library (ip spoofing is supported)

./mr.sip.py --ds -dm=invite -c <number_of_packets> --di=<target_IP_address> --dp=<server_port> -r --to=toUser.txt --fu=fromUser.txt --ua=userAgent.txt --su=spUser.txt

./mr.sip.py --ds -dm=invite -c <number_of_packets> --di=<target_IP_address> --dp=<server_port> -s --to=toUser.txt --fu=fromUser.txt --ua=userAgent.txt --su=spUser.txt

./mr.sip.py --ds -dm=invite -c <number_of_packets> --di=<target_IP_address> --dp=<server_port> -m --to=toUser.txt --fu=fromUser.txt --ua=userAgent.txt --su=spUser.txt --il=ip_list.txt

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁