β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
1οΈβ£Why does the MAC address change, even if the program is not used for this?
Many modern distributions are configured to constantly change the MAC address. For details on this, as well as how to disable or vice versa enable this function, see the article " How to change MAC-address in Linux, how to enable and disable automatic MAC spoofing (Linux) ".
2οΈβ£How to find out if a Wi-Fi card will be supported for auditing Wi-Fi networks
The easiest option is to choose an adapter from this list: β USB Wi-Fi adapters with support for monitor mode and wireless injection .β
If you want to determine if another adapter that is not included in the list supports monitor mode and wireless injections, then check out β How to determine which Wi-Fi adapter is suitable for Kali Linux β.
3οΈβ£Modern Wi-Fi cards for wireless auditing
Dual-band wireless adapters with support for monitor mode and wireless injection, as well as supporting the AC standard:
>Alfa AWUS1900 (chipset: Realtek RTL8814AU)
>TRENDnet TEW-809UB (chipset: Realtek RTL8814AU)
>ASUS USB-AC68 (chipset: Realtek RTL8814AU)
>Alfa AWUS036ACH (chipset: Realtek RTL8812AU)
>Alfa AWUS036AC (chipset: Realtek RTL8812AU)
>ASUS USB-AC56 (chipset: Realtek RTL8812AU)
Any of these adapters will be relevant for many more years.
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
1οΈβ£Why does the MAC address change, even if the program is not used for this?
Many modern distributions are configured to constantly change the MAC address. For details on this, as well as how to disable or vice versa enable this function, see the article " How to change MAC-address in Linux, how to enable and disable automatic MAC spoofing (Linux) ".
2οΈβ£How to find out if a Wi-Fi card will be supported for auditing Wi-Fi networks
The easiest option is to choose an adapter from this list: β USB Wi-Fi adapters with support for monitor mode and wireless injection .β
If you want to determine if another adapter that is not included in the list supports monitor mode and wireless injections, then check out β How to determine which Wi-Fi adapter is suitable for Kali Linux β.
3οΈβ£Modern Wi-Fi cards for wireless auditing
Dual-band wireless adapters with support for monitor mode and wireless injection, as well as supporting the AC standard:
>Alfa AWUS1900 (chipset: Realtek RTL8814AU)
>TRENDnet TEW-809UB (chipset: Realtek RTL8814AU)
>ASUS USB-AC68 (chipset: Realtek RTL8814AU)
>Alfa AWUS036ACH (chipset: Realtek RTL8812AU)
>Alfa AWUS036AC (chipset: Realtek RTL8812AU)
>ASUS USB-AC56 (chipset: Realtek RTL8812AU)
Any of these adapters will be relevant for many more years.
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦WEBSITES FOR PRACTICE HACKING 2020 :
1.bWAPP
Free and open source web application security project. It helps security enthusiasts and researchers to discover and prevent web vulnerabilities.
Address: http://www. itsecgames.com/
2.Damn Vulnerable iOS App (DVIA)
DVIA is an iOS security application. Its main goal is to provide a legal platform for mobile security enthusiasts to learn iOS penetration testing skills. The APP covers all common iOS security vulnerabilities. It is free and open source, and vulnerability testing and solutions cover the iOS 10 version.
Address: http:// damnvulnerableiosapp.com /
3.Damn Vulnerable Web Application (DVWA)
Virtual web applications based on php and mysql, "built-in" common web vulnerabilities, such as SQL injection, xss, etc., can be built on their own computers.
Address: http://www. dvwa.co.uk/
4.Game of Hacks
To test your security technology based on the game, each task topic provides a lot of code, which may or may not have security holes!
Address: http://www. gameofhacks.com/
5. Google Gruyere
A low-looking URL, but full of loopholes, is intended to help those who are just beginning to learn application security.
Address: http:// google-gruyere.appspot.com /
6.HackThis!!
Designed to teach you how to crack, dump and alter, as well as hacking skills to protect your website, it offers over 50 different levels of difficulty.
Address: https://www. hackthis.co.uk/
7.Hack This Site
Is a legal and safe website for testing hacking skills, and contains hacking information, articles, forums and tutorials, designed to help you learn hacking techniques.
Address: https://www. hackthissite.org/
8. Hellbound Hackers
Provides a variety of security practice methods and challenges, the purpose is to teach you how to identify attacks and code patch suggestions. Topics include application encryption and cracking, social work and rooting. The community has nearly 100,000 registered members and is one of the largest hacker communities.
Address: https://www. hellboundhackers.org/
9.McAfee HacMe Sites
Various hacking and security testing tools provided by McAfee
Address: http://www. mcafee.com/us/downloads /free-tools/index.aspx
10.Mutillidae
mutillidaemutillidae is a free, open source web application that provides specifically allowed security testing and intrusion web applications. It contains a wealth of penetration testing projects, such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.
Address: https:// sourceforge.net/project s/mutillidae/
11.OverTheWire
Game-based hacker website that lets you learn security techniques and concepts
Address: http:// overthewire.org/wargame s/
12.Peruggia
A hacker website that provides safe and legal attacks
Address: https:// sourceforge.net/project s/peruggia/
13.Root Me
A website that improves your hacking skills and cybersecurity knowledge with over 200 hacker challenges and 50 virtual environments
Address: https://www. root-me.org/
14.Try2Hack
One of the oldest hacking websites, providing multiple security challenges.
Address: http://www. try2hack.nl/
15.Vicnum
One of the OWASP projects, a simple framework, for different needs, and to guide security developers to learn security technology based on games.
Address: http:// vicnum.ciphertechs.com/
16.WebGoat
The most popular OWASP project provides a real security teaching environment and guides users to design complex application security issues
Address: http:// webappsecmovies.sourceforge.net /webgoat/
Public number: Security Rhino, officially designated by the CSA Cyber Security Conference from the media.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦WEBSITES FOR PRACTICE HACKING 2020 :
1.bWAPP
Free and open source web application security project. It helps security enthusiasts and researchers to discover and prevent web vulnerabilities.
Address: http://www. itsecgames.com/
2.Damn Vulnerable iOS App (DVIA)
DVIA is an iOS security application. Its main goal is to provide a legal platform for mobile security enthusiasts to learn iOS penetration testing skills. The APP covers all common iOS security vulnerabilities. It is free and open source, and vulnerability testing and solutions cover the iOS 10 version.
Address: http:// damnvulnerableiosapp.com /
3.Damn Vulnerable Web Application (DVWA)
Virtual web applications based on php and mysql, "built-in" common web vulnerabilities, such as SQL injection, xss, etc., can be built on their own computers.
Address: http://www. dvwa.co.uk/
4.Game of Hacks
To test your security technology based on the game, each task topic provides a lot of code, which may or may not have security holes!
Address: http://www. gameofhacks.com/
5. Google Gruyere
A low-looking URL, but full of loopholes, is intended to help those who are just beginning to learn application security.
Address: http:// google-gruyere.appspot.com /
6.HackThis!!
Designed to teach you how to crack, dump and alter, as well as hacking skills to protect your website, it offers over 50 different levels of difficulty.
Address: https://www. hackthis.co.uk/
7.Hack This Site
Is a legal and safe website for testing hacking skills, and contains hacking information, articles, forums and tutorials, designed to help you learn hacking techniques.
Address: https://www. hackthissite.org/
8. Hellbound Hackers
Provides a variety of security practice methods and challenges, the purpose is to teach you how to identify attacks and code patch suggestions. Topics include application encryption and cracking, social work and rooting. The community has nearly 100,000 registered members and is one of the largest hacker communities.
Address: https://www. hellboundhackers.org/
9.McAfee HacMe Sites
Various hacking and security testing tools provided by McAfee
Address: http://www. mcafee.com/us/downloads /free-tools/index.aspx
10.Mutillidae
mutillidaemutillidae is a free, open source web application that provides specifically allowed security testing and intrusion web applications. It contains a wealth of penetration testing projects, such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.
Address: https:// sourceforge.net/project s/mutillidae/
11.OverTheWire
Game-based hacker website that lets you learn security techniques and concepts
Address: http:// overthewire.org/wargame s/
12.Peruggia
A hacker website that provides safe and legal attacks
Address: https:// sourceforge.net/project s/peruggia/
13.Root Me
A website that improves your hacking skills and cybersecurity knowledge with over 200 hacker challenges and 50 virtual environments
Address: https://www. root-me.org/
14.Try2Hack
One of the oldest hacking websites, providing multiple security challenges.
Address: http://www. try2hack.nl/
15.Vicnum
One of the OWASP projects, a simple framework, for different needs, and to guide security developers to learn security technology based on games.
Address: http:// vicnum.ciphertechs.com/
16.WebGoat
The most popular OWASP project provides a real security teaching environment and guides users to design complex application security issues
Address: http:// webappsecmovies.sourceforge.net /webgoat/
Public number: Security Rhino, officially designated by the CSA Cyber Security Conference from the media.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦another Termux commands related dir and network :
cd = change directory
cd / = change to root directory
cd - = move one directory back from where you are now
cd ~ = move to users home directory from anywhere
cd .. = change current directory to parent directory
cd -- = show last working directory from where we moved.
pwd = it shows your current working directory
π¦Basic Networking Commands
ifconfig = shows configuration a network interface.
ifconfig = for check your local ip,mac, or display the current network interface information
ifconfig -a = display the configuration of all interfaces,both active and inactive
ifconfig eth0 = used to view the network settings on the interface eth0
ifconfig wlan0 = used to view the network settings on wlan0
ifconfig eth1 up = used to active the network interface eth1
ifconfig eth1 down =used to Deactive the network interface eth1
ifconfig wlan0 down = Deactive the network interface wlan0
ifconfig wlan0 up = active the network interface wlan0
ifconfig wlan0 netmask 225.225.225.0 = to use the network mask 225.225.225.0 in wlan0 network interface
powered by #WIKI SOURCES
β β β Uππ»βΊπ«6π¬πβ β β β
π¦another Termux commands related dir and network :
cd = change directory
cd / = change to root directory
cd - = move one directory back from where you are now
cd ~ = move to users home directory from anywhere
cd .. = change current directory to parent directory
cd -- = show last working directory from where we moved.
pwd = it shows your current working directory
π¦Basic Networking Commands
ifconfig = shows configuration a network interface.
ifconfig = for check your local ip,mac, or display the current network interface information
ifconfig -a = display the configuration of all interfaces,both active and inactive
ifconfig eth0 = used to view the network settings on the interface eth0
ifconfig wlan0 = used to view the network settings on wlan0
ifconfig eth1 up = used to active the network interface eth1
ifconfig eth1 down =used to Deactive the network interface eth1
ifconfig wlan0 down = Deactive the network interface wlan0
ifconfig wlan0 up = active the network interface wlan0
ifconfig wlan0 netmask 225.225.225.0 = to use the network mask 225.225.225.0 in wlan0 network interface
powered by #WIKI SOURCES
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Obfuscated JavaScript is slower!
#FastTips
>Minimized code: it downloads faster from the server, as it has a smaller size, the runtime (performance) is the same as the code in the original version.
>Obfuscated code: it usually has a larger size and is almost always slower (by tens of percent), because in addition to the main function, the related actions are performed to run the code.
>So, minimized code: itβs easy to restore to its original form, performance does not drop.
> Obfuscated code: (very) difficult to restore to its original form, code performance drops. You can add self-defense and debugging protection to obfuscated code, as well as meaningless pieces of code that will greatly complicate its analysis.
Conclusion: obfuscate only the code that you want to protect. That is, it makes sense to obfuscate your code, but it makes no sense to obfuscate the code of popular JavaScript libraries, which are already publicly available in their original form.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Obfuscated JavaScript is slower!
#FastTips
>Minimized code: it downloads faster from the server, as it has a smaller size, the runtime (performance) is the same as the code in the original version.
>Obfuscated code: it usually has a larger size and is almost always slower (by tens of percent), because in addition to the main function, the related actions are performed to run the code.
>So, minimized code: itβs easy to restore to its original form, performance does not drop.
> Obfuscated code: (very) difficult to restore to its original form, code performance drops. You can add self-defense and debugging protection to obfuscated code, as well as meaningless pieces of code that will greatly complicate its analysis.
Conclusion: obfuscate only the code that you want to protect. That is, it makes sense to obfuscate your code, but it makes no sense to obfuscate the code of popular JavaScript libraries, which are already publicly available in their original form.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How to install Obfuscator JavaScript GUI ?
Installing Obfuscator JavaScript web interface on Kali Linux
sudo apt remove cmdtest
sudo apt install npm
sudo npm install -g yarn
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
After that, the web interface will be available at http: // localhost: 3000 /
π¦Installing the Obfuscator JavaScript Web Interface on BlackArch
sudo pacman -S npm yarn
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How to install Obfuscator JavaScript GUI ?
Installing Obfuscator JavaScript web interface on Kali Linux
sudo apt remove cmdtest
sudo apt install npm
sudo npm install -g yarn
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
After that, the web interface will be available at http: // localhost: 3000 /
π¦Installing the Obfuscator JavaScript Web Interface on BlackArch
sudo pacman -S npm yarn
git clone https://github.com/javascript-obfuscator/javascript-obfuscator-ui
cd javascript-obfuscator-ui/
yarn
npm run updatesemantic
npm run webpack:dev
node server.js
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - javascript-obfuscator/javascript-obfuscator-ui: A web UI to the JavaScript Obfuscator node.js package.
A web UI to the JavaScript Obfuscator node.js package. - javascript-obfuscator/javascript-obfuscator-ui
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Creating Backdoors on Android APK: backdoor-apk
1οΈβ£download apk
2οΈβ£apk-a backdoor - is a shell script that simplifies the process of adding a backdoor in any file APK for All Android . Users of this shell script must have a working knowledge of Linux , Bash , Metasploit , Apktool , Android SDK , smali, etc. This shell script is provided as is without any warranty and is intended for educational purposes only.
3οΈβ£A recompiled APK will be found in the original / dist directory. Install the APK on a compatible Android device, launch it and process the meterpreter connection through the generated resource script: msfconsole -r backdoor-apk.rc
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Creating Backdoors on Android APK: backdoor-apk
1οΈβ£download apk
2οΈβ£apk-a backdoor - is a shell script that simplifies the process of adding a backdoor in any file APK for All Android . Users of this shell script must have a working knowledge of Linux , Bash , Metasploit , Apktool , Android SDK , smali, etc. This shell script is provided as is without any warranty and is intended for educational purposes only.
3οΈβ£A recompiled APK will be found in the original / dist directory. Install the APK on a compatible Android device, launch it and process the meterpreter connection through the generated resource script: msfconsole -r backdoor-apk.rc
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Phishing Assistant Hemingway
#FastTips
1οΈβ£This tool was created to simplify phishing campaigns. He is not trying to solve problems with relaying or SMTP reputation, but rather, to allow a pentester or a red team member to create a phishing campaign with a ready-made server for phishing. We also assume that if you are dealing with anti-phishing components, you have already converted your rules.
2οΈβ£ download https://github.com/ytisf/hemingway
3οΈβ£Using Hemingway
At the moment, Hemingway will not receive configuration files from the user; rather, it will work with the template. For example, the example.conf file in confs is available. However, the configuration file is not only the required files, but also the sampleconf folder.
[server]
address: 192.168.10.80
port: 25
maxconnections: 3
phish
addressescsv: sampleconf / addresses.csv
htmlbody: sampleconf / body.html
txtbody: sampleconf / body.txt
subject: What are you doing here?
attachments: sampleconf / body.html, sampleconf / body.txt
4οΈβ£This file is pretty straight forward and advanced. This gives Hemingway all the necessary information for a phishing campaign. Which files you need to attach (separated by the ',' symbol which means as many files as you want), email subject and body HTML and TXT.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Phishing Assistant Hemingway
#FastTips
1οΈβ£This tool was created to simplify phishing campaigns. He is not trying to solve problems with relaying or SMTP reputation, but rather, to allow a pentester or a red team member to create a phishing campaign with a ready-made server for phishing. We also assume that if you are dealing with anti-phishing components, you have already converted your rules.
2οΈβ£ download https://github.com/ytisf/hemingway
3οΈβ£Using Hemingway
At the moment, Hemingway will not receive configuration files from the user; rather, it will work with the template. For example, the example.conf file in confs is available. However, the configuration file is not only the required files, but also the sampleconf folder.
[server]
address: 192.168.10.80
port: 25
maxconnections: 3
phish
addressescsv: sampleconf / addresses.csv
htmlbody: sampleconf / body.html
txtbody: sampleconf / body.txt
subject: What are you doing here?
attachments: sampleconf / body.html, sampleconf / body.txt
4οΈβ£This file is pretty straight forward and advanced. This gives Hemingway all the necessary information for a phishing campaign. Which files you need to attach (separated by the ',' symbol which means as many files as you want), email subject and body HTML and TXT.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - ytisf/hemingway: hemingway is a simple and easy to use spear phishing helper.
hemingway is a simple and easy to use spear phishing helper. - ytisf/hemingway
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malicious file intelligence: fileintel
#FastTips
1οΈβ£ This is a tool used to collect various intelligence sources for a specific file. Fileintel is written in a modular way, so new intelligence sources can be easily added. Files are identified by the hash of the file (MD5, SHA1, SHA256).
2οΈβ£The output is in CSV format and sent to STDOUT, so the data can be saved or transferred to another program. Because the output is in CSV format, spreadsheets such as Excel systems or databases can easily import data. This works with Python v2, but it should also work with Python v3. If you find that this does not work with Python v3, send an error message.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Malicious file intelligence: fileintel
#FastTips
1οΈβ£ This is a tool used to collect various intelligence sources for a specific file. Fileintel is written in a modular way, so new intelligence sources can be easily added. Files are identified by the hash of the file (MD5, SHA1, SHA256).
2οΈβ£The output is in CSV format and sent to STDOUT, so the data can be saved or transferred to another program. Because the output is in CSV format, spreadsheets such as Excel systems or databases can easily import data. This works with Python v2, but it should also work with Python v3. If you find that this does not work with Python v3, send an error message.
3οΈβ£download https://github.com/keithjjones/fileintel
4οΈβ£$ pip install -r requirements.txt
>Some issues were discovered with the stock version of Python on Mac OSX ( http://stackoverflow.com/questions/31649390/python-requests-ssl-handshake-failure ). You may need to install the query library security part using the following command:
$ pip install requests [security]
5οΈβ£$ python fileintel.py myconfigfile.conf myhashes.txt -a> myoutput.csv
enjoyβ€οΈππ»@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNERS & SECURITY
> top malware scanners :
#fAStTips
VirusTotal (Requires network I / O and a public API key, throttled when necessary) http://www.virustotal.com
NSRL database http://www.nsrl.nist.gov/Downloads.htm
ThreatCrowd (Requires network I / O, throttled when necessary) http://www.threatcrowd.org
OTX by AlienVault (Requires network I / O and API key) https://otx.alienvault.com
ThreatExpert (Requires Network I / O) http://www.threatexpert.com/
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOST YOUR OWN VIRUSTOTAL
> FREE OPEN SOURCES. API FOR EACH ONE :
>VirusTotal Python Library https://github.com/blacktop/virustotal-api
>The NSRL Database http://www.nsrl.nist.gov/Downloads.htmhttps://blog.didierstevens.com/2015/09/01/nsrl-py-using-the-reference-data-set-of- the-national-software-reference-library /
>ThreatCrowd Python Library https://github.com/threatcrowd/ApiV2https://github.com/jheise/threatcrowd_api
> Python OTX Library https://github.com/AlienVault-Labs/OTX-Python-SDKhttps://otx.alienvault.com/api/
>ThreatExpertScrape using BeautifulSoup https://www.crummy.com/software/BeautifulSoup/bs4/doc Web requests using the request library http://docs.python-requests.org/en/master/http://www.threatexpert .com /
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦HOST YOUR OWN VIRUSTOTAL
> FREE OPEN SOURCES. API FOR EACH ONE :
>VirusTotal Python Library https://github.com/blacktop/virustotal-api
>The NSRL Database http://www.nsrl.nist.gov/Downloads.htmhttps://blog.didierstevens.com/2015/09/01/nsrl-py-using-the-reference-data-set-of- the-national-software-reference-library /
>ThreatCrowd Python Library https://github.com/threatcrowd/ApiV2https://github.com/jheise/threatcrowd_api
> Python OTX Library https://github.com/AlienVault-Labs/OTX-Python-SDKhttps://otx.alienvault.com/api/
>ThreatExpertScrape using BeautifulSoup https://www.crummy.com/software/BeautifulSoup/bs4/doc Web requests using the request library http://docs.python-requests.org/en/master/http://www.threatexpert .com /
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - blacktop/virustotal-api: Virus Total Public/Private/Intel API
Virus Total Public/Private/Intel API. Contribute to blacktop/virustotal-api development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack fcb/insta/ssh/ftp
> Bruteforce Server Module: brut3k1t
β οΈbrut3k1t is a bruteforce server module that supports dictionary lookup attacks for multiple protocols. Current and completed protocols that are already supported:
>ssh
>ftp
>smtp
>Xmpp
>instagram
>facebook
In the future, it is planned to implement various protocols and services (including Twitter, Facebook, Instagram).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/ex0dus-0x/brute.git
2οΈβ£DEPENCIES :
argparse - Used to parse command line arguments
paramiko - Used to work with SSH connections and authentication
ftplib - Used for working with FTP connections and authentication
smtplib - Used to work with SMTP (email) connections and authentication
fbchat - Used to connect to Facebook
selenium - Used for web bonding that is used with Instagram (and later on Twitter)
xmppy - used for XMPP connections ... and much more in the future
3οΈβ£cd / path / to / brut3k1t
4οΈβ£Enter python brut3k1t -h and this will bring up a help menu..
π¦Examples of using:
Hacking an SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt
The program will automatically set the port to 22, but if it is different, specify -p mark.
Hacking test@gmail.com email with wordlist.txt on port 25 with a 3 second delay. For email, you must use the SMTP server address. For example, for Gmail = smtp.gmail.com. You can research this question with Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3
Hacking Facebook is a real challenge as you will need a target user ID, not a username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Hacking Instagram with the username test with wordlist wordlist.txt, as well as with a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦hack fcb/insta/ssh/ftp
> Bruteforce Server Module: brut3k1t
β οΈbrut3k1t is a bruteforce server module that supports dictionary lookup attacks for multiple protocols. Current and completed protocols that are already supported:
>ssh
>ftp
>smtp
>Xmpp
In the future, it is planned to implement various protocols and services (including Twitter, Facebook, Instagram).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/ex0dus-0x/brute.git
2οΈβ£DEPENCIES :
argparse - Used to parse command line arguments
paramiko - Used to work with SSH connections and authentication
ftplib - Used for working with FTP connections and authentication
smtplib - Used to work with SMTP (email) connections and authentication
fbchat - Used to connect to Facebook
selenium - Used for web bonding that is used with Instagram (and later on Twitter)
xmppy - used for XMPP connections ... and much more in the future
3οΈβ£cd / path / to / brut3k1t
4οΈβ£Enter python brut3k1t -h and this will bring up a help menu..
π¦Examples of using:
Hacking an SSH server running on 192.168.1.3 using root and wordlist.txt as a wordlist.
python brut3k1t.py -s ssh -a 192.168.1.3 -u root -w wordlist.txt
The program will automatically set the port to 22, but if it is different, specify -p mark.
Hacking test@gmail.com email with wordlist.txt on port 25 with a 3 second delay. For email, you must use the SMTP server address. For example, for Gmail = smtp.gmail.com. You can research this question with Google.
python brut3k1t.py -s smtp -a smtp.gmail.com -u test@gmail.com -w wordlist.txt -p 25 -d 3
Hacking Facebook is a real challenge as you will need a target user ID, not a username.
python brut3k1t.py -s facebook -u 1234567890 -w wordlist.txt
Hacking Instagram with the username test with wordlist wordlist.txt, as well as with a 5 second delay
python brut3k1t.py -s instagram -u test -w wordlist.txt -d 5
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
ex0dus-0x/brute
Crowd-sourced bruteforce / credential stuffing engine built for security professionals - ex0dus-0x/brute