▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Parsero | Robots.txt audit tool:
> Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to not share sensitive or private information with the search engines.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/behindthefirewalls/Parsero.git

2️⃣cd Parsero

3️⃣By using setup.py script

> sudo setup.py install

4️⃣By using pip3

> sudo apt-get install python3-pip

> sudo pip3 install parsero

5️⃣In Kali Linux

> sudo apt-get update

> sudo apt-get install parsero

6️⃣example :

> root@real:~# parsero -u www.example.com -sb

🦑Compatible with termux-linux

✅git Topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑EXPLOITATION INTRO:
#resources

Http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

Http://www.mgraziano.info/docs/stsi2010.pdf

Http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/

Http://www.ethicalhacker.net/content/view/122/2/

http://code.google.com/p/it-sec-catalog/wiki/Exploitation

Http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html

Http://ref.x86asm.net/index.html

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑REVERSE ENGINEERING & MALWARES LIST 3 :


http://www.woodmann.com/TiGa/idaseries.html

Http://www.binary-auditing.com/

Http://visi.kenshoto.com/

Http://www.radare.org/y/

Http://www.offensivecomputing.net/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PASSWORDS AND HASHES CRACKING & TUTORIALS
#resources

Http://www.irongeek.com/i.php?page=videos/password-exploitation-class

Http://cirt.net/passwords

Http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html

Http://www.foofus.net/~jmk/medusa/medusa-smbnt.html

Http://www.foofus.net/?page_id=63

Http://hashcrack.blogspot.com/

Http://www.nirsoft.net/articles/saved_password_location.html

Http://www.onlinehashcrack.com/

Http://www.md5this.com/list.php?

Http://www.virus.org/default-password

Http://www.phenoelit-us.org/dpl/dpl.html

Http://news.electricalchemy.net/2009/10/cracking-passwords-in-
cloud.html

🦑WORDLISTS :


Http://contest.korelogic.com/wordlists.html

http://packetstormsecurity.org/Crackers/wordlists/

http://www.skullsecurity.org/wiki/index.php/Passwords

Http://www.ericheitzman.com/passwd/passwords/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Good collections OS & scripts tutorials for beginers :
#resources

http://en.wikipedia.org/wiki/IPv4_subnetting_reference

Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

Http://shelldorado.com/shelltips/beginner.html

Http://www.linuxsurvival.com/

http://mywiki.wooledge.org/BashPitfalls

Http://rubular.com/

Http://www.iana.org/assignments/port-numbers

Http://www.robvanderwoude.com/ntadmincommands.php

Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Helpful Tips & Tricks
- enjoy ❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MISC/UNSORTED
#Resources 2020


http://www.ikkisoft.com/stuff/SMH_XSS.txt

Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/

Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#

http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#

Http://www.sensepost.com/blog/4552.html

Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html

Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210

Http://carnal0wnage.attackresearch.com/node/410

Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf

http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf

Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Why all hackers should study C ++ ? Who is C ++ for
#FastTips

1) C ++ is considered a mid-level language as it includes a combination of high-level and low-level language features.

2) C ++ is widely used to write device drivers, operating system kernels, critical OS programs, and other software that rely on direct manipulation of hardware in real time.

3) C ++ is widely used for teaching and research because it is clear enough to successfully teach basic concepts.

4) In application writing, C ++ is used when performance is key. C ++ programs run faster and take up less space when compared to many other programming languages.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The report says the emails of local election officials in the United States may be affected by phishing attacks
#News

> According to a new report from the Wall Street Journal, the e-mail system that many election officials across the United States are using may make them more vulnerable to phishing attacks. Area 1 Security found that less than 20% of the 10,000 state and local election management agencies in the United States have advanced anti-phishing control measures, and about 666 election officials rely on personal email addresses to handle election-related matters.

> According to reports, judicial agencies in several states are using a version of the free Exim software, and Russia’s GRU intelligence agency has launched online attacks against the software in 2019. However, security experts say that weak email security is unlikely to cause votes to be hacked because the email system is not connected to the vote-counting system.

> But this raises concerns that local election officials may be insufficiently prepared for possible intrusions into email systems. In 2016, GRU was accused of stealing and leaking emails from the Hillary Clinton presidential campaign team; in 2018, GRU registered a network domain name that appeared to be a fake government website, ostensibly for phishing purposes. Microsoft seized these domain names before it was officially deemed to have caused any damage.

> According to reports, this year foreign hackers have targeted the personal email accounts of staff working for the presumed Democratic candidate Joe Biden and President Trump’s campaigns. For example, Iranian hackers allegedly targeted emails from Trump campaign staff. Google, which reported these attempts, said last month that it had not seen evidence of the success of these attacks.

#News
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

fresh premium proxies

https://pastebin.com/raw/95zEq2NA

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Terms related to ss/encrypt/OpenSSL that we will use:

genpkey (replaces genrsa , gendh and gendsa ) - generates private keys

req - utility for creating certificate signing requests and for generating self-signed PKCS # 10 certificates

x509 - utility for signing certificates and for showing properties of certificates

rsa - utility for working with RSA keys, for example, for converting
keys to various formats

enc - various actions with symmetric ciphers

pkcs12 - Create and parse PKCS # 12 files

crl2pkcs7 - program for converting CRL to PKCS # 7

pkcs7 - Performs operations on PKCS # 7 files in DER or PEM format

verify - program for verifying certificate chains

s_client - This command implements an SSL / TLS client that connects to a remote host using SSL / TLS. This is a very useful diagnostic tool for SSL servers

ca - is a minimal CA application. It can be used to sign various forms of certificate requests and generate CRLs. It also maintains a text database of issued certificates and their status

rand - This command generates the specified number of random bytes using a cryptographically secure pseudo-random number generator (CSPRNG)

rsautl - command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm

smime - the command processes S / MIME mail. It can encrypt, decrypt, sign and verify S / MIME messages

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑COMMUN METHODES HACK NETFLIX FOR BEGINERS
#fASTtIPS

> Unfortunately, password theft is very common within cyber security, especially for Netflix accounts.

> With over 75 million subscribers, Netflix passwords grant cyber criminals to both access user accounts without paying for a subscription, or even worse…

> sell the user’s password details and payment information on the Deep Web.

🦑How do they do it? — Some examples

1) Phishing

Hackers often use phishing campaigns to obtain access to user’s device. They accomplish this by tricking users (often via a malicious email link that leads the user to a fake Netflix login page).

Once the user clicks on the link, the malware steals their account information.

2) Keyloggers

Keylogging is a password-theft tactic that resides in a device’s system memory, runs every time you startup your PC, and logs all your keystrokes. The logs are then sent to the hacker.

3) Trojan Horse Viruses

Trojan horses are sent to victims via malicious links or file attachments that trick users into downloading malicious software onto their device. Once downloaded this malware can take full control of the computer. Its main goal is to damage, disrupt, steal or damage your data or network.

> Once installed, it can extract user logins of any website or software that the infected computer uses, way more than just Netflix accounts; Skype, Facebook, Emails, and more.

> Unfortunately, computer passwords aren’t really a safety measure against hackers who access your device remotely, as they access the system through other tactics.

> Computer passwords are more of a protection against physical theft so that somebody whose obtained physical possession of your PC cannot login to the device.

ENJOY❤️👍🏻
deepwiki
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NMAP USEFUL COMMANDS :

Scan network for live hosts

(nmap/zenmap)

For NMAP –


nmap -vv -sP 192.168.0.1-254 -oG hosts_up.txt

cat hosts_up.txt | grep -i “up”




nmap -PN 192.168.9.200-254

(this will also show open ports for each host)




Identify OS

(nmap/zenmap)

For NMAP –


nmap -O 192.168.0.100 (just OS fingerprint)


nmap -A 192.168.9.201 (runs an “aggressive” scan – scan,OS fingerprint, version scan, scripts and traceroute)




Check hosts for services

(nmap/zenmap)

For NMAP

- nmap -sS 192.168.9.254 (TCP)

- nmap -sU 192.168.9.254 (UDP)

(Could be better to do this in zenmap and group servers by services)


FOR SNMP

- snmpwalk -c public -v1 192.168.9.254 1 |grep hrSWRunName|cut -d” ” -f


For a known port

- nmap – p 139 192.168.9.254



DNS Lookups/Hostnames


host -l <domain> <dns server>

e.g. host -l acme.local 192.168.0.220




Banner grab/Version services

(nmap/zenmap/SNMP)

Check versions of software/services against milw0rm and security focus)


For NMAP

- nmap -sV 192.168.9.254


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

3 BILLIARDS COMBO MAIL PASS @UndercodeTesting

english - spanish