Forwarded from UNDERCODE NEWS
FREE BUG BOUNTY :
Basics
Setup
Tools
Labs & Testing Environments
Vulnerability Types
Mobile Hacking
Smart Contracts
Coding & Scripting
Hardware & IoT
Blog posts & Talks
Media Resources
Certifications
Mindset & Mental Health
> Download:
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
β β β Uππ»βΊπ«Δπ¬πβ β β β
Basics
Setup
Tools
Labs & Testing Environments
Vulnerability Types
Mobile Hacking
Smart Contracts
Coding & Scripting
Hardware & IoT
Blog posts & Talks
Media Resources
Certifications
Mindset & Mental Health
> Download:
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bugβ¦
A list of resources for those interested in getting started in bug bounties - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip
2) git clone --depth 1 https://github.com/danielmiessler/SecLists.git
for kali :
apt -y install seclists
F E A T U R E S :
Fuzzing
dos2unix
IOCs
Miscellaneous
Add Invisible control characters
Passwords
Pattern-Matching
Update Angular dangerous functions
Payloads
Add more zip-bombs
Web-Shells
β β β Uππ»βΊπ«Δπ¬πβ β β β
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \
&& unzip SecList.zip \
&& rm -f SecList.zip
2) git clone --depth 1 https://github.com/danielmiessler/SecLists.git
for kali :
apt -y install seclists
F E A T U R E S :
Fuzzing
dos2unix
IOCs
Miscellaneous
Add Invisible control characters
Passwords
Pattern-Matching
Update Angular dangerous functions
Payloads
Add more zip-bombs
Web-Shells
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists usedβ¦
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, pas...
Forwarded from UNDERCODE NEWS
OnePlus is speculated to announce the architecture and configuration of OnePlus Nord SE with big upgrades.
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
for termux djangohunter - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
pkg update && pkg upgrade
You can use the apt command if your prefer.
apt update && apt upgrade
Tip: Enlarge the font size by pressing CTRL+Alt++
Setup External Storage
Create a storage directory to access other areas of the device.
termux-setup-storage
Install Python
Install Python
pkg install python
Install Git
Install Git
pkg install git
Project Setup
Local Directory
Change directories to the newly created storage folder.
cd storage
Create a directory to store our project files.
mkdir myapp && cd myapp
Virtual Environment
Now that we are in our newly created project folder it's time to setup a virtual environment for our app.
Create Virtual Environment
python -m venv <virtual environment name>
Example:
python -m venv venv
Activate Virtual Environmemt
What good is a virtual environment if it's not being used? That's right, we need to activate it to use it.
source <venv>/bin/activate
Example:
source venv/bin/activate
Tip: Close out of a virtual environment by typing deactivate and then hitting Enter
Install Django
Our virtual environment is activated and we're ready to install Django.
pip install django
Save installed packages to a text file
pip freeze > requirements.txt
Django Setup
Start Project
Tell Django admin to start a new project with your project name.
django-admin startproject <project name>
Example:
django-admin startproject myapp
Change into the Django project directory to view the files Django generated
cd <project name>
Example:
cd myapp
Start App
Tell Django to run a local server and watch for changes
python manage.py runserver
Open your web browser and navigate to localhost:8000 to confirm the Django app is running successfully!
Tip: Stop the local server from running by hitting CTRL+c
β β β Uππ»βΊπ«Δπ¬πβ β β β
for termux djangohunter - Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
pkg update && pkg upgrade
You can use the apt command if your prefer.
apt update && apt upgrade
Tip: Enlarge the font size by pressing CTRL+Alt++
Setup External Storage
Create a storage directory to access other areas of the device.
termux-setup-storage
Install Python
Install Python
pkg install python
Install Git
Install Git
pkg install git
Project Setup
Local Directory
Change directories to the newly created storage folder.
cd storage
Create a directory to store our project files.
mkdir myapp && cd myapp
Virtual Environment
Now that we are in our newly created project folder it's time to setup a virtual environment for our app.
Create Virtual Environment
python -m venv <virtual environment name>
Example:
python -m venv venv
Activate Virtual Environmemt
What good is a virtual environment if it's not being used? That's right, we need to activate it to use it.
source <venv>/bin/activate
Example:
source venv/bin/activate
Tip: Close out of a virtual environment by typing deactivate and then hitting Enter
Install Django
Our virtual environment is activated and we're ready to install Django.
pip install django
Save installed packages to a text file
pip freeze > requirements.txt
Django Setup
Start Project
Tell Django admin to start a new project with your project name.
django-admin startproject <project name>
Example:
django-admin startproject myapp
Change into the Django project directory to view the files Django generated
cd <project name>
Example:
cd myapp
Start App
Tell Django to run a local server and watch for changes
python manage.py runserver
Open your web browser and navigate to localhost:8000 to confirm the Django app is running successfully!
Tip: Stop the local server from running by hitting CTRL+c
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
What kind of PC setup will seamlessly play the light chase game?
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
Blind Attacking Framework :
F E A T U R E S :
> because blind attacking makes every vulnerable & exposed host to the internet a targeted one , hence increases the awareness of potential threats
> because the best way to prevent knowlege abuse under the hood is sharing it with everyone
> because it will always add new to the community and will never be a replica
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) fire up a terminal and sudo apt-get update && apt-get upgrade && apt-get dist-upgrade
2) install [ requests , httplib , urllib , time , bs4 "BeautifulSoup" , colored , selenium , sys ] python modules
3) python BAF_0.1.0.py
4) use BAF authentication to atomatically authenticate with shodan via premium account to get access to all search results or enter your shodan's account username and pass for custom account login
5) choose 1 , let it do it's job , press y , close the previous tab , press y ,close the previous tabs ...etc till u have the vulnerable cams only
6) choose 2 , enter what do u want to search for (ie: NSA) , when it's done , refer to the targets text file , it will contain the targets ip:port
that's all
7) DON'T close a loading webpage
beta versions will make automated browser open for better understanding ,but you can close the webcam tabs freely
TESTED ON:
Ubuntu
Termux
Kali
β β β Uππ»βΊπ«Δπ¬πβ β β β
Blind Attacking Framework :
F E A T U R E S :
> because blind attacking makes every vulnerable & exposed host to the internet a targeted one , hence increases the awareness of potential threats
> because the best way to prevent knowlege abuse under the hood is sharing it with everyone
> because it will always add new to the community and will never be a replica
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) fire up a terminal and sudo apt-get update && apt-get upgrade && apt-get dist-upgrade
2) install [ requests , httplib , urllib , time , bs4 "BeautifulSoup" , colored , selenium , sys ] python modules
3) python BAF_0.1.0.py
4) use BAF authentication to atomatically authenticate with shodan via premium account to get access to all search results or enter your shodan's account username and pass for custom account login
5) choose 1 , let it do it's job , press y , close the previous tab , press y ,close the previous tabs ...etc till u have the vulnerable cams only
6) choose 2 , enter what do u want to search for (ie: NSA) , when it's done , refer to the targets text file , it will contain the targets ip:port
that's all
7) DON'T close a loading webpage
beta versions will make automated browser open for better understanding ,but you can close the webcam tabs freely
TESTED ON:
Ubuntu
Termux
Kali
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Apple lends security experts the βspecial editionβ iPhone: itβs easier to find glitches.
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Why not use a camera that massively improves the camera capability of the iPhone for device photography?
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to set rights to allWEB directories 755 and all files 644:
Let's take a look at this with examples.
1) Recursive change of rights
Change the directory with the cd command to your desired location where you need to assign permissions for all directories to 755 and all files to 644.
cd /home/user/public_html
2) Then use the first chmod 755 command for all directories and subdirectories.
3) The second command will change the permissions for all files to 0644 (chmod 644) in the directory tree.
find . -type d -exec chmod 0755 {} \;
find . -type f -exec chmod 0644 {} \;
4) You can also change the resolution using the xargs command to make it faster:
find . -type d -print0 | xargs -0 chmod 755
find . -type f -print0 | xargs -0 chmod 644
5) The permissions for directory 0755 are similar to "rwxr-xr-x", and the permissions for file 644 are "rw-r - rβ".
6) How to change permissions for specific files
Instead of changing the permissions for all files, you can also target specific files with similar extensions.
For example, you have a PHP application installed on your server.
And you don't want to let others run php files.
7) Use the following command to chmod 0640 for all php files:
find . -type f -name "*.php" -exec chmod 0640 {} \;
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to set rights to allWEB directories 755 and all files 644:
Let's take a look at this with examples.
1) Recursive change of rights
Change the directory with the cd command to your desired location where you need to assign permissions for all directories to 755 and all files to 644.
cd /home/user/public_html
2) Then use the first chmod 755 command for all directories and subdirectories.
3) The second command will change the permissions for all files to 0644 (chmod 644) in the directory tree.
find . -type d -exec chmod 0755 {} \;
find . -type f -exec chmod 0644 {} \;
4) You can also change the resolution using the xargs command to make it faster:
find . -type d -print0 | xargs -0 chmod 755
find . -type f -print0 | xargs -0 chmod 644
5) The permissions for directory 0755 are similar to "rwxr-xr-x", and the permissions for file 644 are "rw-r - rβ".
6) How to change permissions for specific files
Instead of changing the permissions for all files, you can also target specific files with similar extensions.
For example, you have a PHP application installed on your server.
And you don't want to let others run php files.
7) Use the following command to chmod 0640 for all php files:
find . -type f -name "*.php" -exec chmod 0640 {} \;
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CSS COURSES :
- >>>CSS Stats(https://cssstats.com) - Potentially interesting stats on stylesheets.
- >>>CSScomb(https://github.com/csscomb/csscomb.js) - A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.
- >>>CSSLint(http://csslint.net) - Does basic syntax checking and finds problematic patterns or signs of inefficiency.
- >>>GraphMyCSS.com(https://graphmycss.com) - CSS Specificity Graph Generator.
- >>>Parker(https://github.com/katiefenn/parker) - Stylesheet analysis tool.
- >>>PostCSS(https://postcss.org) - A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables
and mixins, transpile future CSS syntax, inline images, and more.
- >>>Project Wallace CSS Analyzer(https://www.projectwallace.com) - Analytics for CSS, part of >>>Project Wallace(https://www.projectwallace.com).
- >>>sass-lint(https://github.com/sasstools/sass-lint) :warning: - A Node-only Sass linter for both sass and scss syntax.
- >>>scsslint(https://github.com/brigade/scss-lint) :warning: - Linter for SCSS files.
- >>>Specificity Graph(https://jonassebastianohlsson.com/specificity-graph) - CSS Specificity Graph Generator.
- Stylelint(http://stylelint.io) - Linter for SCSS/CSS files.
ENJOY
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CSS COURSES :
- >>>CSS Stats(https://cssstats.com) - Potentially interesting stats on stylesheets.
- >>>CSScomb(https://github.com/csscomb/csscomb.js) - A coding style formatter for CSS. Supports own configurations to make style sheets beautiful and consistent.
- >>>CSSLint(http://csslint.net) - Does basic syntax checking and finds problematic patterns or signs of inefficiency.
- >>>GraphMyCSS.com(https://graphmycss.com) - CSS Specificity Graph Generator.
- >>>Parker(https://github.com/katiefenn/parker) - Stylesheet analysis tool.
- >>>PostCSS(https://postcss.org) - A tool for transforming styles with JS plugins. These plugins can lint your CSS, support variables
and mixins, transpile future CSS syntax, inline images, and more.
- >>>Project Wallace CSS Analyzer(https://www.projectwallace.com) - Analytics for CSS, part of >>>Project Wallace(https://www.projectwallace.com).
- >>>sass-lint(https://github.com/sasstools/sass-lint) :warning: - A Node-only Sass linter for both sass and scss syntax.
- >>>scsslint(https://github.com/brigade/scss-lint) :warning: - Linter for SCSS files.
- >>>Specificity Graph(https://jonassebastianohlsson.com/specificity-graph) - CSS Specificity Graph Generator.
- Stylelint(http://stylelint.io) - Linter for SCSS/CSS files.
ENJOY
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - csscomb/csscomb.js: CSS coding style formatter
CSS coding style formatter. Contribute to csscomb/csscomb.js development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Red Hat supports the option of CentOS and argues that 95% of existing usage scenarios can be handled by the Stream variant.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
ENJOY THIS FREE Android Clean Architecture Boilerplate :
Languages, libraries and tools used
Kotlin
Android Support Libraries
RxJava2
Dagger 2 (2.11)
Glide
Retrofit
OkHttp
Gson
Timber
Mockito
Espresso
Robolectric
π»π΄π 'π π π π°π π :
This layer makes use of the Android Framework and is used to create all of our UI components to display inside of the Browse Activity. The layer receives its data from the Presentation layer and when retrieved, the received models are mapped using the Bufferoo Mapper so that the model can be mapped to this layer's interpretation of the Bufferoo instance, which is the BufferooViewModel. The Activity makes use of the BrowseContract to enable communication to and from the presenter.
FREE :
https://github.com/bufferapp/android-clean-architecture-boilerplate
β β β Uππ»βΊπ«Δπ¬πβ β β β
ENJOY THIS FREE Android Clean Architecture Boilerplate :
Languages, libraries and tools used
Kotlin
Android Support Libraries
RxJava2
Dagger 2 (2.11)
Glide
Retrofit
OkHttp
Gson
Timber
Mockito
Espresso
Robolectric
π»π΄π 'π π π π°π π :
This layer makes use of the Android Framework and is used to create all of our UI components to display inside of the Browse Activity. The layer receives its data from the Presentation layer and when retrieved, the received models are mapped using the Bufferoo Mapper so that the model can be mapped to this layer's interpretation of the Bufferoo instance, which is the BufferooViewModel. The Activity makes use of the BrowseContract to enable communication to and from the presenter.
FREE :
https://github.com/bufferapp/android-clean-architecture-boilerplate
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - bufferapp/android-clean-architecture-boilerplate: An android boilerplate project using clean architecture
An android boilerplate project using clean architecture - bufferapp/android-clean-architecture-boilerplate
Forwarded from UNDERCODE NEWS
