▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 NSFOCUS Technology Statement :
twitter.com/UndercodeNews
1) This security bulletin is only used to describe possible security issues.

2) NSFOCUS does not provide any guarantee or commitment for this security bulletin. Any direct or indirect consequences and losses caused by the dissemination and use of the information provided in this security bulletin are the responsibility of the user himself.

3) NSFOCUS and the author of the security bulletin shall not bear any responsibility for this. NSFOCUS has the right to modify and interpret this security announcement.

4) If you want to reprint or disseminate this security bulletin, you must ensure the integrity of this security bulletin, including the entire contents of the copyright statement. Without the permission of NSFOCUS Technology, the content of this security bulletin may not be modified or added arbitrarily, and it may not be used for commercial purposes in any way.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Versatile Python Keylogger: Radium :
The so-called keyboard recording usually refers to recording the key operations performed by the user on the keyboard, that is, recording which keys the user has pressed. This keyboard recording activity is usually performed quietly in the background, so users who use the keyboard usually do not realize that their typing operations have been illegally monitored. In addition, the attacker can also use keyboard records to understand the habits of the target user using the computer.
pinterest.com/Undercode_Testing

𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Radium, a keylogger with multiple functions. This tool is written in Python and has many functions as shown below:

-Application and keylogger

-Screenshot record

-Send keyboard records via email

-Recover password for Chrome, Mozilla, Filezilla, Core FTP, CyberDuck, FTPNavigator, WinSCP, Outlook, Putty, Skype and more

-Cookie stealing

-Automatic update function

-Collect system information, including internal / external IP addresses, Ipconfig and / all output, and platform version.

🦑Dependent component

1) PyHook

2) PyWin32

3) MicrosoftVisual C ++ Compiler for Python

4) PyInstaller

🦑 Tool use:

-Download dependent libraries

-Set Gmail email username and password to minimize Gmail security settings to allow all connections;

-Set up FTP server, including IP, username and password, and the directory where new version of Radium needs to be stored;

-Remember to use base64 encoding for passwords;

-Set the originalfilename variable in copytostartup (), which is the name of the exe file;

-Use Pyinstaller to make exe files;

-After recording 300 (modifiable) user keystrokes, a keyboard record is automatically sent to the attacker via email;

-After recording 500 (modifiable) user keystrokes, screenshots will be taken automatically;

-Remember, when you convert Radium to exe format, you need to modify the originalfilename and coppiedfilename variables in the copytostartup () function.

ENJOY WITH Undercode Tutorials
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Internet- Top Firefox Addon choosed by UndercOde :
instagram.com/UnderCodeTesting

#adblock_plus
https://addons.mozilla.org/firefox/downloads/file/808841/adblock_plus-3.0.2-an+fx.xpi?src=dp-btn-primary

#gnome_shell_integration
https://addons.mozilla.org/firefox/downloads/file/854306/gnome_shell_integration-10-an+fx-linux.xpi?src=dp-btn-primary

#IP Address and Domain Information
https://addons.mozilla.org/firefox/downloads/file/689443/ip_address_and_domain_information-4.0.0-fx.xpi?src=dp-btn-primary

#New Hackbar
https://addons.mozilla.org/firefox/downloads/file/831304/new_hackbar-1.0.4-an+fx.xpi?src=dp-btn-primary

#HackBar (F12)
https://addons.mozilla.org/firefox/downloads/file/851494/hackbar-1.1.7-an+fx.xpi?src=dp-btn-primary

#Proxy SwitchyOmega
https://addons.mozilla.org/firefox/downloads/file/848109/proxy_switchyomega-2.5.10-an+fx.xpi?src=dp-btn-primary

#Show External IP
https://addons.mozilla.org/firefox/downloads/file/776591/show_external_ip-1.0.6-an+fx.xpi?src=dp-btn-primary

#Show Server IP
https://addons.mozilla.org/firefox/downloads/file/739407/show_server_ip-2.3-an+fx-linux.xpi?src=dp-btn-primary

#Tampermonkey
https://addons.mozilla.org/firefox/downloads/file/813574/tampermonkey-4.5.5660-an+fx.xpi?src=dp-btn-primary

#Site Stacks extension
https://addons.mozilla.org/firefox/downloads/file/745343/sitestacks_for_firefox_instant_tech_lookup-1.0.1-fx-linux.xpi?src=dp-btn-primary

#Wappalyze(baned-or adress changed)
https://addons.mozilla.org/firefox/downloads/file/852547/wappalyzer-5.4.6-an+fx.xpi?src=dp-btn-primary

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 small tools install-for kali

1) Linux：

sudo apt-get install screenfetch
sudo apt-get install neofetch

2) Sl
sudo apt-get install sl


3) rev
sudo apt-get install rev

4) fortune：
sudo apt-get install fortune

5) figlet
sudo apt-get install figlet

6) toilet
sudo apt-get install toilet

7) cowsay :
sudo apt-get install cowsay

8) xcowsay
sudo apt-get install xcowsay

9) cmatrix：
sudo apt-get install cmatrix

10) oneko
sudo apt-get install oneko

11) lolcat：
sudo apt-get install lolcat

12) postfix
apt-get -y install postfix

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Secure your Termux app with Termux Login
t.me/UndercOdeTesting

𝕀𝕟𝕤𝕥𝕒𝕝𝕝𝕚𝕤𝕒𝕥𝕚𝕠𝕟 & ℝ𝕦𝕟 :

1) apt update

2) apt install git -y

3) git clone https://github.com/htr-tech/termux-login.git

4) cd termux-login

5) chmod +x *

6) sh install.sh

7) exit

THATS ALL
🦑 Tested by UndercOde

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android GUI (graphical user interface) development 2020:
Part 1 :
twitter.com/UndercodeNews

1) The Android system provides rich visual interface components, including menus, buttons, dialog boxes, and so on. The Android system uses UI design ideas in Java programming, including event handling mechanisms and layout management methods.

2) All UI classes in the Android system are based on View and ViewGroup. All subclasses of View are called Widgets, and all subclasses of ViewGroup are called Layout.

3) Activity is the interface between the Android application and the user. Each screen view corresponds to an Activity.

4) The activity itself cannot be displayed on the screen, it is more like a container for displayable components. It's like a JSP page. It doesn't display anything. It is responsible for displaying various HTML tags in the JSP page. A JSP page is like a container that loads these expressions


🦑 So in the Android application, who is really responsible for the display? The answer is View and ViewGroup, where ViewGroup is a subclass of View.

1) The Android UI interface is a combination of View (View) and ViewGroup and their derived classes.

2) View is the base class for all UI components. Basically, all advanced UI components are implemented by inheriting the View class, such as TextView (Text Box), Button, List, EditText (Edit Box), Checkbox, etc. A View occupies a rectangular area on the screen and is responsible for rendering this rectangular area. It can also handle events that occur in this rectangular area, and can set whether the area is visible and get focus.

3) ViewGroup is a container that holds these components. It is also derived from View. It inherits from Android.view.View. Its function is to load and manage the next level of View object or ViewGroup object, which means that it is a container for other The element container is responsible for the management and layout of the added View and ViewGroup.

4) ViewGroup can contain one or any number of views (views), and it can also contain sub-ViewGroups as lower levels, and sub-ViewGroups can contain View and ViewGroup of leaf nodes in the next level. This flexible hierarchical relationship can form complex UI layouts.

5) The user interface UI formed during development generally comes from direct or indirect subclasses of the View and ViewGroup classes.

> For example, the direct subclasses derived from View are AnalogClock, ImageView, KeyboardView, ProgressBar, Space, SurfaceView, TextView, TextureView, ViewGroup, ViewStub, and so on.

6) The direct subclasses derived from ViewGroup are AbsoluteLayout, FragmentBreadCrumbs, FrameLayout, GridLayout, LinearLayout, RelativeLayout, SlidingDrawer, etc.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android uses XML files to define user interface 2020 develope your own android :
instagram.com/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

Before building a user interface with XML, we need to revisit the directory structure of the Android project.

1) taking HelloAndroid as an example, the project view lists the directory structure of the project.
(check picture by UndercOde)

🦑 Here is a brief introduction to the Android directory:

1) At .the beginning of the catalog is AS generated directory assistance, without user intervention.

2) The HelloAndroid folder is a module directory, and the programming work is mainly concentrated in this directory, which is equivalent to the project folder built using Eclipse, which contains folders such as build, src, and res.

3) The res directory is the resource directory used in the Android project. The resources involved in the user UI are basically placed in this directory.

4) For each resource file in the res directory, AAPT (Android Asset Packaging Tool) generates a corresponding public static final ID number for it, and places it in the R.java file in the build directory. To access the corresponding resources.

5) The build directory is automatically generated by AS and does not need to be modified by the user.

6) The res / drawable / directory is used to store the image files used in the project. After the drawable, hdpi, ldpi, and mdpi are used to place high-resolution, low-resolution, and medium-resolution images to accommodate different resolution phones.

7) The Android system will Automatically select a picture file with the appropriate resolution according to the configuration information of the user's mobile phone, without the need for programmer intervention.
The res / layout / directory stores XML files that define UI layout files.

8) The default file name is main.xml.

9) The res / values / directory stores files used to store some string information used in the project. The default file name is strings.xml.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android uses XML files to define user interface 2020 develope your own android :Part 2
instagram.com/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋
1) each directory can store multiple XML files, which can be created by the developer. It can be seen that the user UI design used in the Android project and the strings involved in the user UI are stored by XML files. The Android system uses XML files to define user views.

2) Click to open the string.xml file under the values folder, which displays the following code:
<? xml version = "1.0" encoding = "UTF-8"?>
<resources>
<string name = "hello" > Hello Android! </ string>
<string name = "app_name" > HelloAndroid </ string>
</ resources>
The first part of the file <?xml version="1.0" encoding="utf-8"?>defines the version number and character encoding of the XML. This part will be present in all XML files. It is automatically added by the system and does not need to be modified.

3) The <resources> tag defines two variables, hello and app_name, which can be used directly by HelloAndroid projects. When the file is modified, the R.java file in the gen directory will be updated accordingly.

4) Double-click the main.xml file, the code is as follows:
<? xml version = "1.0" encoding = "utf-8"?>
<LinearLayout xmlns: android = "http://schemas.android.com/apk/res/android"
android: layout_width = "fill_parent"
android: layout_height = "fill_parent"
android: orientation = "vertical" >
<TextView
android: id = "@ + id / textView1"
android: layout_width = "fill_parent"
android: layout_height = "wrap_content"
android: text = "@ string / hello" />
</ LinearLayout>

5) You can add various UI components between <LinearLayout ...> and </ LinearLayout> and set related properties of the components, such as the height, width, and content of the components. The usage methods of various common components will be described in detail later.

6) What is added to the HelloAndroid instance is a TextView component, which is equivalent to a label that displays the content. The Android SDK provides a @[<package_ name>:]<resource_type>/<resource_name>way to access project resources from an XML file.

7)Let's briefly introduce the properties in TextView:
android: layout_width = "fill_parent" specifies that its width covers the width of the full container.
android: layout_height = "wrap_content" specifies that its height changes with its display content.
android: id = "@ + id / textView1" indicates that the TextView's ID value is a member constant of the ID class textView1 in the R.java file.
android: text = "@ string / hello" indicates that the content displayed by this TextView component is the content of the hello variable defined in the resource file string.xml.
The android: text attribute can also directly specify the string to be displayed, but this method is discouraged in the actual project development process. Instead, you should use variables in the resource file because it is convenient for project maintenance and internationalization.

8) In this tutorial, in order to save space, some components with simple display content use the method of direct string assignment.

9) The resource files used in the Android project will generate corresponding entries in R.java in the gen directory. The system assigns each resource a hexadecimal integer value that uniquely identifies each resource.

The R.java file code in the HelloAndroid project is as follows:
Plain Text Copy
package introduction . android . helloandroid ;
public final class R {
public static final class attr {
}
public static final class drawable {
public static final int ic_launcher = 0x7f020000 ;
}
public static final class id {
public static final int textView1 = 0x7f050000 ;
}
public static final class layout {
public static final int main = 0x7f030000 ;
}
public static final class string {
public static final int app_name = 0x7f040001 ;
public static final int hello = 0x7f040000 ;
}
}
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Part 3 android develop;

1) As can be seen from this file, R is a static final class. The public static final class layout represents the contents of the res / layout folder, and each integer constant of the layout class represents an XML layout file under the folder.

2) For example, public static final int main represents the main.xml file, and 0x7f030000 is an integer value generated by the system's main.xml file. Find the main.xml file based on this value in the Android project. public static final class string represents the res / values ​​/ strings.xml file, and each integer constant member in the string class represents a variable defined in the strings.xml file. For example, public static final int app_name represents the app_name variable defined in strings.xml, and public static final int hello represents the hello variable defined in the sts.xml file.

3) During project development, you can access any resource defined in R through [<package_name>.] R. <resource_type>. <Resource_name>. among them:
package_name is the package path where the resource file is placed, and can be omitted in general.
resource_type is the resource type, such as layout, string, color, drawable, menu, etc.
resource_name refers to the name of the integer constant defined in the class for the resource file.

4) Consider the following example:
setContentView (R.layout.main);

5) In this line of code, the layout file main.xml is found through R.layout.main, and it is set as the view of the current Activity through the setContentView method. To find a component from a view, you need to use the findViewById method to get the component's object by the component ID.

6) For example, to get the TextView component object in main.xml, you need to execute the following code:
TextView textview = (TextView) findViewById (R.id.textView1);
🦑 Keep tunning with undercode we have all parts ready to sent later

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Lets send some gd scripts for beginers
2020 updqated script :You can use setupTermuxArch.bash , to install Arch Linux in Amazon, Android, Chromebook and Windows


𝕀𝕟𝕤𝕥𝕒𝕝𝕝𝕚𝕤𝕒𝕥𝕚𝕠𝕟 & ℝ𝕦𝕟 :

1) git clone https://github.com/SDRausty/TermuxArch

2) cd TermuxArch

3) setupTermuxArch.bash

4) startarch
THats all!
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Five Android layouts: FrameLayout, LinearLayout, AbsoluteLayout, RelativeLayout, and TableLayout: Part 1
>The Android SDK defines multiple layouts to facilitate user design of the UI. The various layout methods are subclasses of the ViewGroup class, and the structure is shown in picture after this chat
twitter.com/UndercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋

1) FrameLayout

> FrameLayout, also known as single frame layout, is the simplest layout among the layout methods provided by Android. It specifies a blank area on the screen and fills a single object in the area. For example pictures, text, buttons, etc.

2) Application developers cannot specify specific fill positions for components filled in FrameLayout. By default, these components will be fixed in the upper left corner of the screen, and components placed later will be placed on the previous component to cover and fill, forming a part. Block or block all.

3) Developers can make appropriate modifications to the component location through the component's android: layout_gravity property.

4) An example FrameLayoutDemo demonstrates the layout effect of FrameLayout. There are 4 TextView components in the layout. The first 3 components are placed in the layout by default. The fourth component is placed in the layout after modifying the gravity property

🦑Part of code of the layout file main.xml in the example FrameLayoutDemo is as follows:
Plain Text Copy
<? xml version = "1.0" encoding = "utf-8"?>
<FrameLayout xmlns: android = "http://schemas.android.com/apk/res/android"
android: layout_height = "fill_parent"
android: layout_width = "fill_parent" >

<TextView
android: id = "@ + id / text1"
android: layout_width = "wrap_content"
android: layout_height = "wrap_content"
android: textColor = "# 00ff00"
android: textsize = "1OOdip"
android: text = "@ string / first" />
<TextView
android: id = "@ + id / text2"
android: layout_width = "wrap_content"
android: layout_height = "wrap_content"
android: textColor = "# 00ffff"
android: textsize = "70dip"
android: text = "@ string / second" />
<TextView
android: id = "@ + id / text3"
android: layout_width = "wrap_content"
android: layout_height = "wrap_content"
android: textColor = "# ffOOOO"
.....
...
</ FrameLayout>
among them:
android: layout_width = "wrap_content"
....

🦑 LinearLayout

> LinearLayout, also known as linear layout, should be the most commonly used layout in Android view design. This layout allows the components placed in it to be arranged neatly horizontally or vertically. The specific arrangement is specified by the android: orientation property, and the weight of each component in the layout is set by the weight property.

>The strings.xml file code in the example LinearLayoutDemo is as f ollows:
Plain Text Copy
<? xml version = "1.0" encoding = "UTF-8"?>
<resources>
<string name = "app_name" > LinearLayoutDemo </ string>
<string name = "red" > red </ string>
<string name = "yellow" > yellow </ string
...

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 General X Window Options > commands :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> descriptions of the commands of the X Window System. These commands have a common set of parameters. Instead of listing these parameters in the description of each command, we will list them here.
> General X Window Options

> PARAMETER VALUE
-background
red green sippy

Setting a cyst background
-background color Setting the background color of the window
-bg color Setting the background color of the window
-display
system. server number

Using an X server with a given number (usually 0) on a given system
-fg color Setting the primary color of the window
-fn font Using the specified font
-font font Using the specified font
-foreground color
red green blue

Setting the primary color of the window
-foreground color Setting the primary color of the window
-geometry
width height + x + y

Set window size and location
-geometry widths height Setting window sizes
-geometry + x + y Setting the position of the upper left corner of the window
-height line Setting the window size vertically, in rows
-position x y Setting the position of the upper left corner of the window, in pixels
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated GEF - GDB Enhanced Features for exploit devs & reversers
>GEF (pronounced ʤɛf - "Jeff") is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. Application developers will also benefit from it, as GEF lifts a great part of regular GDB obscurity, avoiding repeating traditional commands, or bringing out the relevant information from the debugging runtime.
> t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

# via the install script
1) wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh

# manually
2) wget -O ~/.gdbinit-gef.py -q https://github.com/hugsy/gef/raw/master/gef.py

3) echo source ~/.gdbinit-gef.py >> ~/.gdbinit
Then just start playing:

4) gdb -q /path/to/my/bin
gef➤ gef help

🦑Features :

A few of GEF features include:

> One single GDB script.

> Entirely OS Agnostic, NO dependencies: GEF is battery-included and is installable in 2 seconds (unlike PwnDBG).

> Fast limiting the number of dependencies and optimizing code to make the commands as fast as possible (unlike PwnDBG).

>Provides a great variety of commands to drastically change your experience in GDB.

>Easily extendable to create other commands by providing more comprehensible layout to GDB Python API.

>Works consistently on both Python2 and Python3.

>Built around an architecture abstraction layer, so all commands work in a ny GDB-supported architecture such as x86-32/64, ARMv5/6/7,
> AARCH64, SPARC, MIPS, PowerPC, etc. (unlike PEDA)

> Suited for real-life apps debugging, exploit development, just as much as CTF (unlike PEDA or PwnDBG

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Windows Exploit Suggeste
> list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. Every Windows OS between Windows XP and Windows 10, including their Windows Server counterparts, is supported
> twitter.com/Undercodenews

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) On your linux

> git clone https://github.com/bitsadmin/wesng#windows-exploit-suggester---next-generation-wes-ng

2) go dir

> Obtain the latest database of vulnerabilities by executing the command wes.py --update.

3) Use Windows' built-in systeminfo.exe tool to obtain the system information of the local system, or from a remote system using systeminfo.exe /S MyRemoteHost, and redirect this to a file: systeminfo > systeminfo.txt

4) Execute WES-NG with the systeminfo.txt output file as the parameter: wes.py systeminfo.txt. WES-NG then uses the database to determine which patches are applicable to the system and to which vulnerabilities are currently exposed, including exploits if available.

5) As the data provided by Microsoft's MSRC feed is frequently incomplete and false positives are reported by wes.py,

6) Additionally, make sure to check the Eliminating false positives page at the Wiki on how to interpret the results. For an overview of all available parameters, check CMDLINE.md.

# top 2020

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑UPDATED Advanced vulnerability scanning with Nmap NSE
> Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) install the files into the following folder of your Nmap installation:

Nmap\scripts\vulscan\*

2) Clone the GitHub repository like this:

git clone https://github.com/scipag/vulscan scipag_vulscan

3) ln -s pwd/scipag_vulscan /usr/share/nmap/scripts/vulscan

4) nmap -sV --script=vulscan/vulscan.nse www.example.com

🦑Single Database Mode
You may execute vulscan with the following argument to use a single database:

--script-args vulscandb=your_own_database
It is also possible to create and reference your own databases. This requires to create a database file, which has the following structure:

<id>;<title>
> Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Vulnerability Database
There are the following pre-installed databases available at the moment:

> scipvuldb.csv - https://vuldb.com

> cve.csv - https://cve.mitre.org

> securityfocus.csv - https://www.securityfocus.com/bid/

> xforce.csv - https://exchange.xforce.ibmcloud.com/

> expliotdb.csv - https://www.exploit-db.com

> openvas.csv - http://www.openvas.org

> securitytracker.csv - https://www.securitytracker.com (end-of-life)

> osvdb.csv - http://www.osvdb.org (end-of-life)

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Java Deserialization Vulnerabilities) verify and EXploitation Tool
> topic tools :
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications..
twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

A) Installation on Linux\Mac
To install the latest version of JexBoss, please use the following commands:

1) git clone https://github.com/joaomatosf/jexboss.git

2) cd jexboss

3) pip install -r requires.txt

4) python jexboss.py -h

5) python jexboss.py -host http://target_host:8080

OR:

6) Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip

7) unzip master.zip

8) cd jexboss-master

9) pip install -r requires.txt

10) python jexboss.py -h

11) python jexboss.py -host http://target_host:8080

> If you are using CentOS with Python 2.6, please install Python2.7.

B) Installation example of the Python 2.7 on CentOS using Collections Software scl:

1) yum -y install centos-release-scl

2) yum -y install python27

3) scl enable python27 bash

🦑Installation on Windows
If you are using Windows, you can use the Git Bash to run the JexBoss. Follow the steps below:

1) Download and install Python

2) Download and install Git for Windows
After installing, run the Git for Windows and type the following commands:
PATH=$PATH:C:\Python27\
PATH=$PATH:C:\Python27\Scripts
3) > git clone https://github.com/joaomatosf/jexboss.git

4) cd jexboss

5) pip install -r requires.txt

6) python jexboss.py -h

7) python jexboss.py -host http://target_host:8080


🦑 The exploitation vectors are:

/admin-console
tested and working in JBoss versions 5 and 6

/jmx-console
tested and working in JBoss versions 4, 5 and 6

/web-console/Invoker
tested and working in JBoss versions 4, 5 and 6

/invoker/JMXInvokerServlet
tested and working in JBoss versions 4, 5 and 6

Application Deserialization
tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters

Servlet Deserialization
tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an "Invoker" in a link)

Apache Struts2 CVE-2017-5638
tested in Apache Struts 2 applications

🦑Tested By UndercOde On

> Debian

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁