▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Information gathering:
> Parrot-Kali Linux operating system provides some tools that can help users organize and organize the data of the target host, so that users get better late reconnaissance
twitter.com/UndercOdeTC

🦑 tools as follows:

Enumeration service

Test network range;

Identify active hosts and view open ports;

System fingerprint identification;

Service fingerprint identification;

Other means of information collection;

Use Maltego to collect information;

Draw a network diagram.

🦑so lets start Those Tutorials on Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 DNS enum tool DNSenum- for info gathring :
fb.com/UndercOdeTestingCompany

1) DNSenum is a very powerful tool for collecting domain name information.

2) It can guess possible domain names through Google or dictionary files, and perform reverse query on a network segment.

3) it can not only query website host address information, domain name server and mail exchange records, but also perform axfr requests on the domain name server, and then obtain extended domain name information through Google scripts, extract subdomain names and query, finally calculate class C addresses and execute whois Query, perform a reverse query, and write the address segment to a file.

4) This section will introduce checking DNS enumeration using DNSenum tool. Execute the following command in the terminal:
root@kali:~# dnsenum --enum benet.com
dnsenum.pl VERSION:

Warning: can't load Net::Whois::IP module, whois queries disabled.
----- benet.com -----
Host's addresses:
__________________
benet.com. 86400 IN A 192.168.41.131
benet.com. 86400 IN A 127.0.0.1
Name Servers:
______________
benet.com. 86400 IN A 127.0.0.1
benet.com. 86400 IN A 192.168.41.131
www.benet.com. 86400 IN A 192.168.41.131
Mail (MX) Servers:
___________________
mail.benet.com. 86400 IN A 192.168.41.2

> Trying Zone Transfers and getting Bind Versions:
The output shows detailed information about the DNS service.

> These include host addresses, domain name service addresses, and mail service addresses. If you are lucky, you can also see a regional transmission.

> When using the DNSenum tool to check DNS enumeration, you can use some additional options of dnsenum as shown below.

--threads [number]: Sets the number of users running multiple processes simultaneously.

-r: Allows the user to enable recursive queries.

-d: Allows the user to set the number of time delays (in seconds) between WHOIS requests.

-o: Allows the user to specify the output location.

-w: Allow users to enable WHOIS requests.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SNMP Enumeration Tool Snmpwalk - information gathering :
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Snmpwalk is an SNMP application.

2) It uses the SNMP GETNEXT request to query all specified OID (object identification in SNMP) tree information and display it to the user. This section will demonstrate the use of the Snmpwalk tool.
[Example 4-1] Use the Snmpwalk command to test the Windows host.

🦑 The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 2c
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: x86 Family 6 Model 42 Stepping 7 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (49046) 0:08:10.46
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "WIN-RKPKQFBLG6C"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 76
iso.3.6.1.2.1.2.1.0 = INTEGER: 19
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4
iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5
iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6
……
iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16
iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17
iso.3.6.1.2.1.2.2.1.1.18 = INTEGER: 18
iso.3.6.1.2.1.2.2.1.1.19 = INTEGER: 19
iso.3.6.1.2.1.2.2.1.2.1 = Hex-STRING: 53 6F 66 74 77 61 72 65 20 4C 6F 6F 70 62 61 63
6B 20 49 6E 74 65 72 66 61 63 65 20 31 00
iso.3.6.1.2.1.2.2.1.2.2 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 53 53
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.3 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4C 32
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.4 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50
……
iso.3.6.1.2.1.55.1.8.1.5.11.16.254.128.0.0.0.0.0.0.149.194.132.179.177.254.120.40 = INTEGER: 1
iso.3.6.1.2.1.55.1.8.1.5.12.16.254.128.0.0.0.0.0.0.0.0.94.254.192.168.41.138 = INTEGER: 1
iso.
iso.3.6.1.2.1.55.1.9.0 = Gauge32: 9
iso.3.6.1.2.1.55.1.10.0 = Counter32: 0

3) The above output shows all the information on the Windows host 192.168.41.138.

4) Users can also use the snmpwalk command to enumerate the installed software.

> The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 1 | grep ftp
The output is as follows:
iso.3.6.1.2.1.25.4.2.1.5.3604 = STRING: "-k ftpsvc"

5) The output indicates that the 192.168.41.138 host has the ftp package installed.

6) The Snmpwalk tool can also be used to enumerate the TCP ports opened on the target host. The execution command is as follows:
root@kali:~# snmpwalk -c public 192.168.41.138 -v 1 | grep tcpConnState | cut -d "." -f6 | sort -nu
21
25
80
443

7) The output shows the ports opened by the host 192.168.41.138. Such as 21, 25, 80, and 443, a total of 4 port numbers are opened.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Scapy- info gathering-kali-parrot :

1) Scapy is a powerful interactive packet processing tool, packet generator, network scanner, network discovery tool and packet sniffing tool.

2) It provides multiple types of functions such as interactively generating data packets or data packet collections, operating on data packets, sending data packets, packet sniffing, response and feedback matching. .

3) Use Scapy to implement multi-line parallel trace routing function.

🦑 Start the Scapy tool. The execution command is shown below.

1) root@kali:~# scapy

INFO: Can't import python gnuplot wrapper . Won't be able to plot.
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>>

When you see the >>> prompt, it means that the scapy command is successfully logged in.

2) Use the sr () function to send and receive data packets. The execution command is as follows:

>>> ans,unans=sr(IP(dst="www.undercodetestsite.com/30",ttl=(1,6))/TCP())

3) Begin emission:
.****Finished to send 24 packets.
………***************…………………………………..^C #Ctrl+C
Received 70 packets, got 19 answers, remaining 5 packets
After executing the above command, it will automatically establish a connection with www.undercodetestsite.com After a few minutes of execution, use Ctrl + C to terminate receiving packets. From the output information, you can see that 70 data packets were received, 19 response packets were obtained, and 5 packets were retained.

4) View the packet sending situation in the form of a table. The execution command is as follows:

>>> ans.make_table(lambda(s,r):(s.dst,s.ttl,r.src))

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How To Use Nmap to Identify Active Hosts
The previous section introduced the concepts and functions of the Nmap tool. Use this tool now to test active hosts on a network.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) Use Nmap to see if a host is online. The execution command is as follows:

> root@kali:~# nmap -sP 192.168.41.136

2) Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 17:54 CST
Nmap scan report for www.benet.com (192.168.41.136)

Host is up (0.00028s latency).

MAC Address: 00:0C:29:31:02:17 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

From the output information, you can see the domain name, online and

MAC address of the host 192.168.41.136.

Users can also use Nping (Nmap kit) to view, can get more detailed

🦑information. The execution command is as follows:

> root@kali:~# nping --echo-client "public" echo.nmap.org

> Starting Nping 0.6.40 ( http://nmap.org/nping ) at 2014-04-21 17:53 CST

> SENT (1.6030s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=1] IP [ttl=64 id=1270 iplen=28 ]
RCVD (1.7971s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64157 iplen=28 ]
SENT (2.6047s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=2] IP [ttl=64 id=1270 iplen=28 ]
RCVD (2.6149s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64159 iplen=28 ]
SENT (3.6289s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=3] IP [ttl=64 id=1270 iplen=28 ]
RCVD (3.6322s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64161 iplen=28 ]

> SENT (5.6454s) ICMP [192.168.41.234 > 74.207.244.221 Echo request (type=8/code=0) id=45896 seq=5] IP [ttl=64 id=1270 iplen=28 ]
RCVD (5.6455s) ICMP [74.207.244.221 > 192.168.41.234 Echo reply (type=0/code=0) id=45896 seq=1] IP [ttl=128 id=64164 iplen=28 ]
Max rtt: 193.736ms | Min rtt: 0.042ms | Avg rtt: 70.512ms
Raw packets sent: 5 (140B) | Rcvd: 11 (506B) | Lost: 0 (0.00%)| Echoed: 0 (0B)

> Nping done: 1 IP address pinged in 6.72 seconds

🦑 The output information shows the data sent when connected to the echo.nmap.org website, such as the time of sending the packet, the time of receiving, the TTL value, and the round trip time.
The user can also send some hexadecimal data to the specified port, as shown below:

> root@kali:~# nping -tcp -p 445 -data AF56A43D 192.168.41.136
Starting Nping 0.6.40 ( http://nmap.org/nping ) at 2014-04-21 17:58 CST
SENT (0.0605s) TCP 192.168.41.234:14647 > 192.168.41.136:445 S ttl=64 id=54933 iplen=44 seq=3255055782 win=1480
RCVD (0.0610s) TCP 192.168.41.136:445 > 192.168.41.234:14647 RA ttl=64 id=0 iplen=40 seq=0 win=0
SENT (1.0617s) TCP 192.168.41.234:14647 > 192.168.41.136:445 S ttl=64 id=54933 iplen=44 seq=3255055782 win=1480
RCVD (1.0620s) TCP 192.168.41.136:445 > 192.168.41.234:14647 RA ttl=64 id=0 iplen=40 seq=0 win=0

🦑The output information shows the TCP transmission process between 192.168.41.234 and the target system 192.168.41.136. Some common network layer attacks are simulated by sending data packets to the designated ports to verify the defense of the target system against these tests.

E N J O Y
Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Setting ProxyChains full by Underc0de:
twitter.com/UndercOdeTc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) ProxyChains is a proxy tool for Linux and other Unices. It can make any program go online through a proxy, allow TCP and DNS to pass through a proxy tunnel, support HTTP, SOCKS4 and SOCKS5 proxy servers, and can configure multiple proxies.

2) ProxyChains forcibly connects the specified application through a user-defined proxy list, and directly disconnects the receiver and the sender.

3) This section describes how to set up ProxyChains.

🦑 The specific steps for setting ProxyChains are shown below.

1) Open the ProxyChains configuration file. The execution command is as follows:

> root@Kali:~# vi /etc/proxychains.conf

2) After executing the above command, the contents of the open file are as follows:
# proxychains.conf VER 3.1

# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#
# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list.
# this option is good to test your IDS :)
The output is the content of the proxychains.conf file. Due to space reasons, only some of them are listed here.

3) Cancel the comment character in front of dynamic_chain in proxychains.conf file. The configuration item to be modified is the bold part above, as shown below:
dynamic_chain

4) Add some proxy servers to the list (at the end of the proxychains.conf file), as shown below:
# ProxyList format
# type host port [user pass]
# (values separated by 'tab' or 'blank')
#
#
Examples:

socks5 192.168.67.78 1080 lamer secret
http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
#
#
# proxy types: http, socks4, socks5
# ( auth types supported: "basic"-http "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050
socks5 98.206.2.3 1893
socks5 76.22.86.170 1658
-- 插入 --
The bold part in the above information is the added proxy server.

5) Resolve the target host through the user's connection agent. The execution command is as follows:

> root@kali:~# proxyresolv www.target.com
By default, when you execute the proxyresolv command, you may see that the command does not find an error message.

6) Because proxyresolv is stored in the / usr / lib / proxychains3 / directory, it cannot be executed. proxyresolv will be called by proxychains, so put these two files in a directory like / usr / bin. The execution command is as follows:

> root@kali:~# cp /usr/lib/proxychains3/proxyresolv /usr/bin/
After executing the above command, the proxyresolv command can be executed.

7) Run ProxyChains through the application that the user wants to use, for example, start msfconsole. The execution command is as follows:
root@kali:~# proxychains msfconsole
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| 0.0.0.0
|S-chain|-<>-127.0.0.1:9050-<--timeout
|DNS-response|: 0.0.0.0 is not exist
, ,
/ \
((---,,,---))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW |||
||| |||

Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro
-- type 'go_pro' to launch it now.

=[ metasploit v4.7.0-2013082802 [core:4.7 api:1.0]
+ -- --=[ 1161 exploits - 641 auxiliary - 180 post
+ -- --=[ 310 payloads - 30 encoders - 8 nops

msf >
8) After executing the above command, if you see the msf> prompt, it means that msfconsole started successfully. Indicates that ProxyChains is successfully set.

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Directory Encryption-kali linux :

A directory encryption tool TrueCrypt is provided in Kali.
> This tool is an open source green encryption volume encryption software, which does not need to generate any files to create a virtual disk on the hard disk.
pinterest.com/UnderCodeOfficial

> Users can access by the drive letter, so the files on the virtual disk are automatically encrypted, and they need to be decrypted with a password.
> TrueCrypt provides a variety of encryption algorithms, including AES, Serpent, Twofish, AES-Twofish, and AES-Twofish-Serpent. This section will introduce the use of TrueCrypt tools.


🦑 Create encrypted directory
Use TrueCrypt tool to encrypt the directory. The specific operation steps are shown below.

1) Start TrueCrypt tool. Execute the following command in the terminal:

> root@kali:~# truecrypt

> After executing the above command, the interface shown
2) Click the Create Volume button on this interface, and the interface shown

3) In this interface, choose to create a volume container. Here, select the default Create an encrypted file container option and click the Next button

4) Specifying a new TrueCrypt volume

> Specify a name and location for the new volume on this interface. The volume name created here is CryptVolume, and it is stored in the / root directory. Then click the "Save" button

5) Volume Location

> In this interface, you can see the name and location of the volume created earlier. Then click the Next button

6) Encryption Options

Select the encryption algorithm in this interface, here select the default encryption algorithm AES, and then click Next button

7) Volume Size

> Specify the volume size as 10GB on this interface, and then click the Next button

8) Volume Password

> Enter a volume password on this interface, and then click the Next button

9) Warning message

> The interface prompts that the password set is too short, and the recommended size is 20 characters. If you confirm that you want to use the password, click the "Yes" button, and the interface shown

10) Format Options

Select the file system type on this interface. The default is FAT. The tool also supports Linux Ext2, Linux EXt3, and Linux Ext4 file types. Select Linux Ext4 here and click the Next button.

11) Cross-Platform Support

<> This interface selects a platform for mounting the volume.
> mount the volume only on Linux. Click the Next button to display the interface

12) Volume Format

Now you want to format the volume created earlier. At this time, click the Format button

13) Format process

The interface displays the formatted progress, speed, and time. After the process is finished a prompt message appear

14) TrueCrypt volume created successfully

it means that the TrueCrypt volume was created successfully. At this point, click the "OK" button

15) Volume Created

At this point, the TrueCrypt volume is created. If you want to create another TrueCrypt volume, click the Next button. Otherwise click the Exit button. After clicking the Exit button, you will return to the interface

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is Vulnerability Scanning ?
t.me/UndercOdeTesting

1) A vulnerability scanner is a program that automatically finds and discovers security vulnerabilities in computers, information systems, networks, and applications.

2) It detects the target system through the network, generates data to the target system, and matches the feedback data with its own vulnerability signature database, and then lists the security vulnerabilities existing on the target system. Vulnerability scanning is an indispensable method to ensure system and network security.

3) In the face of Internet intrusion, if users can find security vulnerabilities through network scanning as early as possible according to the specific application environment, and take appropriate measures to repair them in a timely manner. It can effectively prevent the occurrence of intrusion events.

4) Since the work is relatively boring, we can implement it with some convenient tools, such as Nessus and OpenVAS.
Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install and configure Nessus :

> In order to locate vulnerabilities on the target system, Nessus relies on the format of feeds to implement vulnerability checks. Nessus official website provides two versions: Home Edition and Professional Edition.

1) Home Edition: Home Edition is for non-commercial or personal use.

> The home version is more suitable for personal use and can be used in non-professional environments.

2) Professional: Professional is for commercial use. It includes support or additional features such as wireless concurrent connections.

> This section uses the home version of Nessus to introduce its installation.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Download the Nessus software package. Nessus's official download address is http://www.tenable.com/products/nessus/select-your-operating-system .

2) Enter the address in the browser, and the interface will shown

3) Nessus download interface

> Under Download Nessus on the left side of the interface, click Linux and choose to download the Nessus-5.2.6- debian6_i386.deb package

4) Receiving a license

> Click the Agree button on this interface and the download will start. Then save the downloaded package to the location you want to save.

> After downloading the Nessus software package, you can now install the tool. The execution command is as follows:

> root@kali:~# dpkg -i Nessus-5.2.6-debian6_i386.deb
Selecting previously unselected package nessus.

5) All plugins loaded

- You can start nessusd by typing /etc/init.d/nessusd start
- Then go to https://kali:8834/ to configure your scanner

> If you see a similar output message above, the Nessus software package is successfully installed. Nessus will be installed by default in the / opt / nessus directory.

6) Start Nessus. The execution command is as follows:
root@kali:~# /etc/init.d/nessusd start

$Starting Nessus

7) Plug-in program

private: Only you can use this policy to scan.

shared: Other users can also use this policy to scan.

8) This interface displays all plug-in programs, and all are started by default. In this interface,

> you can click the Disable All button to disable all launched plug-in programs. Then specify the plug-in programs that need to be started, such as the Debian Local Security Checks and Default Unix Accounts plug-in programs

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Keep tunned Next For Termux, and some Cve 2020 😁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Learn Using OpenVAS

> OpenVAS (Open Vulnerability Assessment System) is a client / server architecture that is commonly used to assess vulnerabilities on target hosts. OpenVAS is a branch of the Nessus project, and the products it provides are completely free. OpenVAS is installed by default on standard Kali Linux. This section describes how to configure and start OpenVAS.

🦑 Configure OpenVAS
OpenVAS is installed by default in Kali Linux. If you want to use the tool, you need to do some configuration. The specific steps for configuring OpenVAS are shown below.

1) Switch to the OpenVAS directory in the terminal window and create an SSL certificate for the OpenVAS program. The execution command is as follows:

root@kali:~# cd /usr/share/openvas/

root@kali:/usr/share/openvas# openvas-mkcert

2) After executing the above command, the following information will be output:
143-01

The above information can be configured or not configured. If you don't want to configure it, just press Enter to accept the default value. After the above information is set, the following information will be displayed:
-----------------------------------------------
Creation of the OpenVAS SSL Certificate
-----------------------------------------------
Congratulations. Your server certificate was properly created.
The following files were created:
. Certification authority:
Certificate = /var/lib/openvas/CA/cacert.pem
Private key = /var/lib/openvas/private/CA/cakey.pem
. OpenVAS Server :
Certificate = /var/lib/openvas/CA/servercert.pem
Private key = /var/lib/openvas/private/CA/serverkey.pem
Press [ENTER] to exit
The output shows the OpenVAS certificate created and its location. Press Enter at this time to exit the program.


3) Use the OpenVAS NVT Feed to synchronize the OpenVAS NVT database and update the latest vulnerability check. The execution command is as follows:

root@kali:/usr/share/openvas# openvas-nvt-sync

[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.

[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.

[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.

[i] NVT dir: /var/lib/openvas/plugins

[i] rsync is not recommended for the initial sync. Falling back on http.

[i] Will use wget

[i] Using GNU wget: /usr/bin/wget

[i] Configured NVT http feed: http://www.openvas.org/openvas-nvt-feed-current.tar.bz2

🦑The output above shows the detailed process of generating the client certificate, and added the om user.

> Rebuild the database. The execution command is as follows:

root@kali:/usr/share/openvas# openvasmd –rebuild

After executing the above command, there is no output information.

4) Start OpenVAS scan and load all plugins. The execution command is as follows:
root@kali:/usr/share/openvas# openvassd
Loading the OpenVAS plugins…base gpgme-Message: Setting GnuPG homedir to '/etc/openvas/ gnupg'
base gpgme-Message: Using OpenPGP engine version '1.4.12'
All plugins loaded

5) From the output, you can see that all plugins have been loaded. Since there are many plugins loaded, it takes longer to execute this command.

6) Rebuild and create a backup of the database. The execution command is as follows:

root@kali:/usr/share/openvas# openvasmd --rebuild

root@kali:/usr/share/openvas# openvasmd –backup

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How make money from internet NEW Methodes ?
instagram.com/UndercOdeTestingCompany


1) Creating sites to order or any other type of freelance (remote work) on the Internet is rather poorly suited for novice users, because it requires certain knowledge in the field of webmastering, programming, or any other chosen area of ​​application of effort. But it does not require investments, and if you, say, got acquainted with how to create a blog or create a website yourself , you can already offer your services on freelancers ’exchanges, thematic forums, or on your own resource.

Prominent representatives of freelance exchanges are Work-zilla , Weblancer , Quark and Freelancer.com . Over time, you will have both experience and professional skills that will help you do your job faster and earn more on it. I rarely use freelance (unless as a moneymaker), because again I do not want to work for my uncle. Nature is so freedom-loving.

But many due to this, we can say, live and are quite happy with their income level and position. Freelance includes not only webmastering, but also earnings from promoting other people's projects, writing various scripts and texts to order, work in the field of design, advertising services, distance learning, etc. (see the details in a separate article on freelance, the link to which is given a little higher).

2) Reselling domains ( cybersquatting ) - you can try to check domain names that have not been registered by anyone, but potentially have great prospects. For example, consonant with the activities of a commercial company, as well as promising for promotion on certain search queries or for the creation of certain Internet services, portals, etc.

Such domain names are registered for the purpose of their further resale to those who are ready to pay the required amount for them. A domain may well be bought at cost (even if, for example, six hundred rubles), and sold already for thousands or even millions of rubles (fantastic, however). I myself have never been involved in cybersquatting, but nevertheless many webmasters are not averse to trying to earn millions on this (for example, the same Maul).

When I selected a domain name for my future Internet project (which is now called KtoNaNovenkogo.ru), I tried so many different combinations, but almost everything was taken. Moreover, there were no websites as such on these domains. Those. cybersquatters have already taken almost everything, which then is likely to earn.

3) File hosting - you upload something there and for each download of these files you get some money. Probably, it was possible to earn more or less decently on this earlier, but only having your own, well-developed Internet project, for example, a warez, where you will upload counterfeit software or video. True, search engines now strongly dislike such sites, so ...

4) You can also earn money on YouTube - just create your own channel , add your author’s videos to it periodically, enter into a partnership agreement with YouTube, and then just get a percentage of the ad in your videos from Google. But this is far from all, and not even a large part. Read about other ways to earn money on YouTube .


5) The specialty of the administrator of groups (publics, business pages) on Facebook, Contact, Instagram or another social network is now becoming more and more popular. The beauty of this work is that you will not need special knowledge and mental efforts, but you will still have to pass a preliminary training course. On this blog, I began to describe some of the moments of this online business under the rubrics of Facebook , YouTube , Vkontakte and Instagram > @UndercOdeTesting. There are so far only a few articles, but in the future I will try to develop this topic in more detail.

> How Make Money from Internet >

6) Paid consultations are a fairly common option of part-time work on the network among advanced webmasters (for example, auditing a site to solve problems with its promotion in search engines), and indeed among specialists in any field. Sometimes letters also come to me with a request to provide a paid consultation either on promotion or on creating an Internet resource.

7) If you are considered a specialist in any field (well, or at least you yourself consider such a specialist), then you can very well create your own information business and start making money on its sales (several thousand rubles per copy). If you decide to do this, I advise you to pay attention to the JustClick system , which includes a full set of tools (affiliate program, store, email service, etc.).

Having screwed JustClick, you can significantly increase the number of sales (however, you have to give a third of the earnings to partners, but you should not be greedy here). I advise you to familiarize yourself with the interview I took from one of the most successful (and, importantly, honest) information businessmen in the field of webmastering by the name and surname of Evgeny Popov and the list of video lessons that he offers.

8) In principle, it is possible to receive income without investments not only online . For example, in an article about how to make money you will find a description of both online and offline options for generating income, which I do not touch in this publication.

9) Forex and other exchange speculation on the network (for example, mutual funds) are also presented as one of the main methods of extracting voiced coins from the Internet. Perhaps this is so, but it necessarily requires investment

Written by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁