β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IMPORTANT 2020 HACKING TOOLS :'
Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Spawning (TTY Shell Spawning)
XSS Payloads
Basic SQLi payloads
Local file inclusion payloads (LFI)
Base64 Encoder / Decoder
Hash Generator (MD5, SHA1, SHA256, SHA512)
Useful Linux commands (Port Forwarding, SUID)
RSS Feed (Exploit DB and Cisco Security Advisories)
CVE Search Engine
Various method of data exfiltration and download from a remote machine
Download: https://github.com/LasCC/Hack-Tools
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IMPORTANT 2020 HACKING TOOLS :'
Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
Shell Spawning (TTY Shell Spawning)
XSS Payloads
Basic SQLi payloads
Local file inclusion payloads (LFI)
Base64 Encoder / Decoder
Hash Generator (MD5, SHA1, SHA256, SHA512)
Useful Linux commands (Port Forwarding, SUID)
RSS Feed (Exploit DB and Cisco Security Advisories)
CVE Search Engine
Various method of data exfiltration and download from a remote machine
Download: https://github.com/LasCC/Hack-Tools
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - LasCC/HackTools: The all-in-one browser extension for offensive security professionals π
The all-in-one browser extension for offensive security professionals π - LasCC/HackTools
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST HACKING TERMS:
Delete process record.
Alternative Process Implementation.
Redirecting data using Trojans.
Redirection and Disadvantages of Tripwire.
Driver for redirection.
Hiding files and directories.
Binary code fix.
"Keyhole" in the program.
Installing patches in the Windows NT kernel to block the entire security system.
Hardware virus.
Read and write operations for non-volatile memory.
Read and write operations for memory embedded in critical devices
CIH virus.
EEPROM memory and synchronization.
EEPROM memory on Ethernet network adapters.
Serial or parallel EEPROM.
How hardware burns out.
Manufacturers.
Discovery of devices using the CFI specification.
Identifying Devices Using ID or JEDEC ID Mode.
Low-level disk access.
Read / write operations for the master boot record (MBR).
Data corruption in CD images.
Adding network access to the driver.
Using the NDIS Library.
Putting the interface in promiscuous mode.
Finding the correct network adapter.
Using boron tags to keep a hacker safe.
Adding an interactive command interpreter.
Interrupts.
Interrupt request architecture.
Intercept interrupt.
The riddle of the programmable interrupt controller.
Registration of keystrokes.
Program for registering keystrokes in Linux-system.
Keystroke logger for Windows NT / / XP.
Keyboard controller.
Enhanced Hacking Toolkits.
Using the Hacking Toolkit as a Debugger.
Disable Windows system file protection.
Direct writing of data to physical memory.
Kernel buffer overflow.
"Infection" of the kernel image.
Redirecting execution.
Cracking Toolkit Discovery.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST HACKING TERMS:
Delete process record.
Alternative Process Implementation.
Redirecting data using Trojans.
Redirection and Disadvantages of Tripwire.
Driver for redirection.
Hiding files and directories.
Binary code fix.
"Keyhole" in the program.
Installing patches in the Windows NT kernel to block the entire security system.
Hardware virus.
Read and write operations for non-volatile memory.
Read and write operations for memory embedded in critical devices
CIH virus.
EEPROM memory and synchronization.
EEPROM memory on Ethernet network adapters.
Serial or parallel EEPROM.
How hardware burns out.
Manufacturers.
Discovery of devices using the CFI specification.
Identifying Devices Using ID or JEDEC ID Mode.
Low-level disk access.
Read / write operations for the master boot record (MBR).
Data corruption in CD images.
Adding network access to the driver.
Using the NDIS Library.
Putting the interface in promiscuous mode.
Finding the correct network adapter.
Using boron tags to keep a hacker safe.
Adding an interactive command interpreter.
Interrupts.
Interrupt request architecture.
Intercept interrupt.
The riddle of the programmable interrupt controller.
Registration of keystrokes.
Program for registering keystrokes in Linux-system.
Keystroke logger for Windows NT / / XP.
Keyboard controller.
Enhanced Hacking Toolkits.
Using the Hacking Toolkit as a Debugger.
Disable Windows system file protection.
Direct writing of data to physical memory.
Kernel buffer overflow.
"Infection" of the kernel image.
Redirecting execution.
Cracking Toolkit Discovery.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to install Apache mod_cloudflare on Debian ?
1) Cloudflare is the most popular service provider as a network provider.
This also includes DNS, DDoS protection and website security.
Cloudflare works as a reverse proxy server.
2) Once website traffic is routed through the Cloudflare network, the backend server does not know the visitor's actual IP address.
As a result, you will see the cloudflare IP address in the Apache logs.
3) Now the question is how to get the real IP of the visitor in the logs, and not the IP of Cloudflare.
To solve this problem, cloudflare provides an Apache module to get the real IP addresses of visitors and register them.
4) This guide will help you enable Apache mod_cloudflare module on Debian system.
It will register the IP address of the real visitor in the Apache access logs.
5) Installing Apache mod_cloudflare on Debian
Cloudflare provides an official module for Apache server to capture real IP address.
6) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.
7) sudo apt install curl
8) curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -
9) Add PPA - then add cloudflare repository to your debian system
10) echo "deb http://pkg.cloudflare.com/
11) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
12) sudo apt update
13) sudo apt install libapache2-mod-cloudflare
14) Press "Y" to confirm the request during installation.
15) Restart Apache
16) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.
17) sudo systemctl restart apache2
It's all.
18) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to install Apache mod_cloudflare on Debian ?
1) Cloudflare is the most popular service provider as a network provider.
This also includes DNS, DDoS protection and website security.
Cloudflare works as a reverse proxy server.
2) Once website traffic is routed through the Cloudflare network, the backend server does not know the visitor's actual IP address.
As a result, you will see the cloudflare IP address in the Apache logs.
3) Now the question is how to get the real IP of the visitor in the logs, and not the IP of Cloudflare.
To solve this problem, cloudflare provides an Apache module to get the real IP addresses of visitors and register them.
4) This guide will help you enable Apache mod_cloudflare module on Debian system.
It will register the IP address of the real visitor in the Apache access logs.
5) Installing Apache mod_cloudflare on Debian
Cloudflare provides an official module for Apache server to capture real IP address.
6) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.
7) sudo apt install curl
8) curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -
9) Add PPA - then add cloudflare repository to your debian system
10) echo "deb http://pkg.cloudflare.com/
lsb_release -cs main" | sudo tee /etc/apt/sources.list.d/cloudflare.list 11) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
12) sudo apt update
13) sudo apt install libapache2-mod-cloudflare
14) Press "Y" to confirm the request during installation.
15) Restart Apache
16) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.
17) sudo systemctl restart apache2
It's all.
18) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to test SSH connection with a remote host ?
1) Using bash's timeout utility to test the SSH connection
The / usr / bin / timeout utility is installed by default on most distributions that come with the coreutils rpm on Linux
2) Check if coreutils is installed on your server
# rpm -q coreutils
coreutils-8.22-24.el7.x86_64
We can use this utility to test the SSH connection by checking the status of port 22.
Syntax:
# timeout <value> bash -c "</ dev / tcp / <server> / <port>"
3) Here server2 is my target host, I will execute the command with a timeout value of 5s on port 22
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
4) If the output status is 0 it means the test ssh connection was successful
# echo $?
0
5) Or if you get " connection refused " with a non-zero output state, then the test SSH connection failed
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
bash: connect: Connection refused
bash: /dev/tcp/10.10.10.10/22: Connection refused
# echo $?
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
timeout $ connect_timeout bash -c "</ dev / tcp / $ server / $ port"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to test SSH connection with a remote host ?
1) Using bash's timeout utility to test the SSH connection
The / usr / bin / timeout utility is installed by default on most distributions that come with the coreutils rpm on Linux
2) Check if coreutils is installed on your server
# rpm -q coreutils
coreutils-8.22-24.el7.x86_64
We can use this utility to test the SSH connection by checking the status of port 22.
Syntax:
# timeout <value> bash -c "</ dev / tcp / <server> / <port>"
3) Here server2 is my target host, I will execute the command with a timeout value of 5s on port 22
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
4) If the output status is 0 it means the test ssh connection was successful
# echo $?
0
5) Or if you get " connection refused " with a non-zero output state, then the test SSH connection failed
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
bash: connect: Connection refused
bash: /dev/tcp/10.10.10.10/22: Connection refused
# echo $?
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
timeout $ connect_timeout bash -c "</ dev / tcp / $ server / $ port"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack ssh methode
use telnet to test the SSH connection ?
1) Telnet is another very handy tool for checking port status.
/ usr / bin / telnet is provided by the telnet rpm package which is part of the default repositories and you don't need any third party repository to install
Check if telnet is installed
# rpm -q telnet
telnet-0.17-65.el7_8.x86_64
π¦Syntax
# telnet <server> <port>
2) But since our ultimate goal is automation, we'll set up the syntax like this:
# echo quit | telnet <server> <port> 2> / dev / null | egrep -qi Connected
3) Let's use this to test SSH connection on Linux.
If we see grep output " Connected " then port 22 is available and SSH connection is possible
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
0
Reverse option:
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
1
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
echo quit | telnet $ server $ port 2> / dev / null | egrep -qi "Connected"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack ssh methode
use telnet to test the SSH connection ?
1) Telnet is another very handy tool for checking port status.
/ usr / bin / telnet is provided by the telnet rpm package which is part of the default repositories and you don't need any third party repository to install
Check if telnet is installed
# rpm -q telnet
telnet-0.17-65.el7_8.x86_64
π¦Syntax
# telnet <server> <port>
2) But since our ultimate goal is automation, we'll set up the syntax like this:
# echo quit | telnet <server> <port> 2> / dev / null | egrep -qi Connected
3) Let's use this to test SSH connection on Linux.
If we see grep output " Connected " then port 22 is available and SSH connection is possible
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
0
Reverse option:
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
1
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22
# cat /tmp/check_connectivity.sh
#! / bin / bash
server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout
echo quit | telnet $ server $ port 2> / dev / null | egrep -qi "Connected"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to audit NoSQL for vulnerabilities?
(SQL injection is one of the popular attack methods, but it is applied not only in SQL (relational database), but also in NoSQL (non-SQL or also known as non-relational database))/
A) NoSQLMap
NoSQLMap is a tiny open source Python-based utility capable of auditing for misconfiguration and automating injection attacks.
It currently supports the following databases.
1) MongoDB
2) CouchDB
3) Redis
4) Cassandra
5) To install NoSQLMap you need the Git module, Python and Setuptools, which you can install below using Ubuntu example.
-apt-get install python
-apt-get install python-setuptools
-After installing Python, follow the instructions to install NoSQLMAP.
-git clone https://github.com/codingo/NoSQLMap.git
-python setup.py install
-After that, you can run ./nosqlmap.py from the cloned GIT directory:
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
π¦You need to set a goal by going to option 1 before testing.
Mongoaudit
7) As the name suggests, it is MongoDB specific.
Mongoaudit is good for performing a penetration test to find bugs, misconfigurations, and potential risks.
It is tested against many best practices, including the following.
8) Is MongoDB running on default port and HTTP interface enabled
9) Is the base secured with TLS, authentication
10) Authentication Method
11) CRUD operations
12) for install
You can use pip command.
pip install mongoaudit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to audit NoSQL for vulnerabilities?
(SQL injection is one of the popular attack methods, but it is applied not only in SQL (relational database), but also in NoSQL (non-SQL or also known as non-relational database))/
A) NoSQLMap
NoSQLMap is a tiny open source Python-based utility capable of auditing for misconfiguration and automating injection attacks.
It currently supports the following databases.
1) MongoDB
2) CouchDB
3) Redis
4) Cassandra
5) To install NoSQLMap you need the Git module, Python and Setuptools, which you can install below using Ubuntu example.
-apt-get install python
-apt-get install python-setuptools
-After installing Python, follow the instructions to install NoSQLMAP.
-git clone https://github.com/codingo/NoSQLMap.git
-python setup.py install
-After that, you can run ./nosqlmap.py from the cloned GIT directory:
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
π¦You need to set a goal by going to option 1 before testing.
Mongoaudit
7) As the name suggests, it is MongoDB specific.
Mongoaudit is good for performing a penetration test to find bugs, misconfigurations, and potential risks.
It is tested against many best practices, including the following.
8) Is MongoDB running on default port and HTTP interface enabled
9) Is the base secured with TLS, authentication
10) Authentication Method
11) CRUD operations
12) for install
You can use pip command.
pip install mongoaudit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - codingo/NoSQLMap: Automated NoSQL database enumeration and web application exploitation tool.
Automated NoSQL database enumeration and web application exploitation tool. - codingo/NoSQLMap
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for beginers Capture The Flag (CTF) Information
Capture the flag (CTF) is a computer security competition that is designed for educational purposes. In Lesson 6.4, "Learning How to Host Enterprise Capture the Flag Events" of the "Enterprise Penetration Testing and Continuous Monitoring (the Art of Hacking Series) LiveLessons" video course, you learned how these CTF work and how you can potentially create these as a "cyber range" within your enterprise. The following are a few links that provide numerous resources and references to past and current CTF events, as well as online practice sites.
## This is one of the best resources:
* https://github.com/apsdehal/awesome-ctf
π¦ Some others:
* https://trailofbits.github.io/ctf/
* https://ctftime.org
* https://ctf365.com
* http://captf.com
* https://pentesterlab.com/exercises
* http://vulnhub.com
* https://challenges.re
* http://cryptopals.com
* https://github.com/CTFd/CTFd
git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for beginers Capture The Flag (CTF) Information
Capture the flag (CTF) is a computer security competition that is designed for educational purposes. In Lesson 6.4, "Learning How to Host Enterprise Capture the Flag Events" of the "Enterprise Penetration Testing and Continuous Monitoring (the Art of Hacking Series) LiveLessons" video course, you learned how these CTF work and how you can potentially create these as a "cyber range" within your enterprise. The following are a few links that provide numerous resources and references to past and current CTF events, as well as online practice sites.
## This is one of the best resources:
* https://github.com/apsdehal/awesome-ctf
π¦ Some others:
* https://trailofbits.github.io/ctf/
* https://ctftime.org
* https://ctf365.com
* http://captf.com
* https://pentesterlab.com/exercises
* http://vulnhub.com
* https://challenges.re
* http://cryptopals.com
* https://github.com/CTFd/CTFd
git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares
A curated list of CTF frameworks, libraries, resources and softwares - apsdehal/awesome-ctf
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to set up http / https proxy with special characters in the password :
1) In this tutorial, I will show you how to set up http_proxy or https_proxy when your username or password contains special characters such as comma, @, #, etc.
> Error: Unable to set http_proxy or https_proxy with special characters in username or password.
Usually when exporting http_proxy or https_proxy we have to provide username and password along with proxy IP address and port.
2) This will work in most cases, but if the username or password contains some special characters, you might get an error:
Resolving s ... failed: Name or service not known.
wget: unable to resolve host address βsβ
3) The error output may vary depending on the character used in the username or password.
There are two ways to overcome this error:
Solution-1: Convert text to hex Unicode
You must match the "hex Unicode" values ββof the corresponding special characters in the proxy username and password. For a list of Unicode character collations, go to:
https://unicodelookup.com/
π¦For example, a password like "P @ $$ \ / \ / 0, #" can be converted to
P β P <- no search is required
@ β 0x40
$ β 0x24
$ β 0x24
\ β 0x5C
/ β 0x2F
\ β 0x5C
/ β 0x2F
0 β 0 <- no search is required
, β 0x2C
# β 0x23
So if we combine this for "" P @ $$ \ / \ / 0, # ", we get " P0x400x240x5C0x2F0x5C0x2F00x2C0x23 "
4) Now you can export your http_proxy:
# export http_proxy = "http: // username: P0x400x240x5C0x2F0x5C0x2F00x2C0x23 @ server: port /"
Similarly for exporting https_proxy
# export https_proxy = "https: // username: P0x400x240x5C0x2F0x5C0x2F00x2C0x23 @ server: port /"
Solution-2: provide username and password using wget
Instead of performing the conversion, you can also provide the username and password in plain text using the wget command.
π¦From the wget man page:
--proxy-user = user
--proxy-password = password
Specify the username user and password password for authentication on a proxy server. Wget will encode them
using the "basic" authentication scheme.
This solution is only valid if you plan to use wget or use a system-wide proxy, you can use Solution 1 where the username or password contains any special characters.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to set up http / https proxy with special characters in the password :
1) In this tutorial, I will show you how to set up http_proxy or https_proxy when your username or password contains special characters such as comma, @, #, etc.
> Error: Unable to set http_proxy or https_proxy with special characters in username or password.
Usually when exporting http_proxy or https_proxy we have to provide username and password along with proxy IP address and port.
2) This will work in most cases, but if the username or password contains some special characters, you might get an error:
Resolving s ... failed: Name or service not known.
wget: unable to resolve host address βsβ
3) The error output may vary depending on the character used in the username or password.
There are two ways to overcome this error:
Solution-1: Convert text to hex Unicode
You must match the "hex Unicode" values ββof the corresponding special characters in the proxy username and password. For a list of Unicode character collations, go to:
https://unicodelookup.com/
π¦For example, a password like "P @ $$ \ / \ / 0, #" can be converted to
P β P <- no search is required
@ β 0x40
$ β 0x24
$ β 0x24
\ β 0x5C
/ β 0x2F
\ β 0x5C
/ β 0x2F
0 β 0 <- no search is required
, β 0x2C
# β 0x23
So if we combine this for "" P @ $$ \ / \ / 0, # ", we get " P0x400x240x5C0x2F0x5C0x2F00x2C0x23 "
4) Now you can export your http_proxy:
# export http_proxy = "http: // username: P0x400x240x5C0x2F0x5C0x2F00x2C0x23 @ server: port /"
Similarly for exporting https_proxy
# export https_proxy = "https: // username: P0x400x240x5C0x2F0x5C0x2F00x2C0x23 @ server: port /"
Solution-2: provide username and password using wget
Instead of performing the conversion, you can also provide the username and password in plain text using the wget command.
π¦From the wget man page:
--proxy-user = user
--proxy-password = password
Specify the username user and password password for authentication on a proxy server. Wget will encode them
using the "basic" authentication scheme.
This solution is only valid if you plan to use wget or use a system-wide proxy, you can use Solution 1 where the username or password contains any special characters.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Unicodelookup
Unicode Lookup: convert special characters
Unicode Lookup is an online reference tool to lookup Unicode and HTML special characters, by name and number, and convert between their decimal, hexadecimal, and octal bases.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π» How to Install Security Tools with Homebrew on Mac ?
Nikto
Nikto is a vulnerability scanner used to validate web server configurations to detect thousands of potential problems, including misconfigurations, outdated patches, and versioning issues that could otherwise allow attackers to gain unauthorized access.
brew install nikto
How to scan a web server for vulnerabilities with Nikto scanner
SQLmap
SQLmap is an open source application that allows you to discover and exploit SQL injection vulnerabilities on database servers using Structured Query Language.
This tool can also be used to automate attacks.
brew install sqlmap
SQLiScanner: Automatic SQL Injection with Charles and sqlmap api
Zed Attack Proxy (ZAP)
Another open source security scanner, OWASP's ZAP tool, is used to test the security of web applications with a variety of tools, including a proxy server to capture encrypted and unencrypted traffic, Fuzzer, and more.
brew install caskroom / cask / brew-caskbrew cask install owasp-zap
HOW TO INSTALL OWASPZAP FOR Denian 9.0
Recon-ng
This framework is designed to collect information from open sources using community-supported modules that provide additional search resources such as social media networks using powerful (and secure) API tools.
The resulting data can then be used in other additional tools to test vulnerabilities or exploit them.
brew install recon-ng
The harvester
Harvester is an information gathering application that uses publicly available information and databases to obtain information, including domains, hostnames, email, employee directory information, to provide a holistic view of a target.
brew install theharvester
TestSSL
This scanner works as an information gathering tool that evaluates what security protocols and ciphers are in use on the server, including their configurations and on which ports the services are running.
brew install testssl
Empire
Post-production framework.
This tool uses PowerShell to establish connections and create / run scripts on remote machines in memory, avoiding network discovery, allowing modules and cmdlets to be run remotely.
brew install empire
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π» How to Install Security Tools with Homebrew on Mac ?
Nikto
Nikto is a vulnerability scanner used to validate web server configurations to detect thousands of potential problems, including misconfigurations, outdated patches, and versioning issues that could otherwise allow attackers to gain unauthorized access.
brew install nikto
How to scan a web server for vulnerabilities with Nikto scanner
SQLmap
SQLmap is an open source application that allows you to discover and exploit SQL injection vulnerabilities on database servers using Structured Query Language.
This tool can also be used to automate attacks.
brew install sqlmap
SQLiScanner: Automatic SQL Injection with Charles and sqlmap api
Zed Attack Proxy (ZAP)
Another open source security scanner, OWASP's ZAP tool, is used to test the security of web applications with a variety of tools, including a proxy server to capture encrypted and unencrypted traffic, Fuzzer, and more.
brew install caskroom / cask / brew-caskbrew cask install owasp-zap
HOW TO INSTALL OWASPZAP FOR Denian 9.0
Recon-ng
This framework is designed to collect information from open sources using community-supported modules that provide additional search resources such as social media networks using powerful (and secure) API tools.
The resulting data can then be used in other additional tools to test vulnerabilities or exploit them.
brew install recon-ng
The harvester
Harvester is an information gathering application that uses publicly available information and databases to obtain information, including domains, hostnames, email, employee directory information, to provide a holistic view of a target.
brew install theharvester
TestSSL
This scanner works as an information gathering tool that evaluates what security protocols and ciphers are in use on the server, including their configurations and on which ports the services are running.
brew install testssl
Empire
Post-production framework.
This tool uses PowerShell to establish connections and create / run scripts on remote machines in memory, avoiding network discovery, allowing modules and cmdlets to be run remotely.
brew install empire
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β