▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Amazon Alexa vulnerability: may expose user personal information and voice history :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/esmog/nodexp.git

2) cd nodexp

3) To get a list of all options run:

python2.7 nodexp -h

4) Setting up and Use Testbeds
In order get familiar with NodeXP you might need to set the Node.js testing services provided (/testbeds) and start using the tool. A local machine running Node.js server will be necessary.

5) Firstly, you should install 'body-parser' and 'express' packages, in the GET and POST directories.

6) Go to 'testbeds/GET' directory on your local machine and paste the command below in terminal:

npm install express --save

7) Go to 'testbeds/POST' directory and paste the commands below in terminal:

npm install body-parser --save
nmp install express --save

8) After the correct installment of the packages you could run each service by running the command 'node' and the desirable js file (ex. node eval.js).

9) After you server is up and running, you are ready to run NodeXP and test it upon those services!

🦑Example for GET case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/?name=[INJECT_HERE]
Example for POST case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/post.js --pdata=username=[INJECT_HERE]

E N J O Y ❤️👍🏻
written @undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑YouTube bans videos containing hacker information, fearing that it may interfere with the US election :
#news

-As the Democrats and Republicans prepare to hold the National Convention starting next week, YouTube announced on Thursday that it will update its policies on deceptive videos and other content aimed at disrupting the election. The world’s largest video platform with more than 2 billion users per month will ban videos containing hacked videos that may interfere with elections or the census. This will include materials like campaign emails obtained by hackers with details about candidates.

> After the update, Google, which owns YouTube, announced similar rules earlier this month to prohibit ads containing hacker information. Google will begin to implement this policy on September 1. YouTube also said it will remove videos that encourage people to interfere in voting and other democratic processes. For example, videos that tell people to line up at a polling place to stifle voting will not be allowed.

> The new policy was introduced before the Democratic National Convention, which began on Monday, followed by Republican events later this month. These conventions marked the beginning of the US presidential election season. As the election climaxed and former Vice President Joe Biden appointed California Senator Kamala Harris as his running mate earlier this week, Silicon Valley companies have been eager to prove that they can avoid the traps they encountered in 2016. That election was interfered by Russia, which used the platforms of Google, Facebook and Twitter to try to influence the election results.

Earlier this week, several large technology companies including Google, Facebook, Twitter, Reddit and Microsoft announced the formation of an alliance to work with US government agencies to protect the integrity of the election. YouTube said that it will broadcast the two conferences live, in order to curb the spread of the coronavirus, the broadcast of the two conferences will be conducted in a virtual way. The video platform also said that when people search for president and federal candidates on YouTube, it will add new information panels. These panels will include the person’s name, party affiliation, and a link to the candidate’s official video channel.

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Netflix GiftCard Method✅

1) Go to : https://www.randomcodegenerator.com/en/generate-codes

2) Click Generate Using Pattern

3) Put this Pattern : LEQ9X999999

4) Untick the Exclude Characters Box

5) Generate Some Codes You can generate in the site [ but max is 1k ] , Or export to .txt File

6)choose the netflix checker :

https://t.me/UnderCodeTesting/9401

E N J O Y ❤️👍🏻
(not by us)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB VULNERABILITIES SCANN & ANALYSE FREE CODES :

https://github.com/neuroo/grabber

https://subgraph.com/vega/

https://github.com/zaproxy/zaproxy

http://wapiti.sourceforge.net/

http://w3af.org/

https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

http://code.google.com/p/skipfish/

https://github.com/sqlmapproject/sqlmap

http://sourceforge.net/projects/grendel/

http://code.google.com/p/wfuzz/

http://xss.codeplex.com/

http://www.arachni-scanner.com/

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating a Helpers File :
#protips

1) Problem
You have common functions you want available for every request.

But you don’t want to dirty up app\start\global.php with a bunch of functions.

2) Solution
Create a helpers.php file.


> First create the file app/helpers.php.

<?php
// My common functions
function somethingOrOther()
{
return (mtrand(1,2) == 1) ? 'something' : 'other';
}
?>

🦑 Then either load it at the bottom of app\start\global.php as follows :

// at the bottom of the file
require apppath().'/helpers.php';
Or change your composer.json file and dump the autoloader.

{
"autoload": {
"files":
"app/helpers.php"

}
}

3) $ composer dump-auto

4) some suggestions.

>app/helpers.php – For general purpose functions.
>app/composers.php – To initialize all your View composers in one place.
>app/listeners.php – To set up all your event listeners in one place.
>app/observers.php – Or, if you like observers better than listeners use this filename for event listeners.

> It’s really up to you and the demands of your application

#protips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->

R E Q U I R E M E N T S :

1) sudo apt-get install php5-curl

2) INSTALLING LIB CLI: sudo apt-get install php5-cli

3) INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/googleinurl/SCANNER-INURLBR.git

2) cd SCANNER-INURLBR

3) $chmod +x inurlbr.php

4) Executar: ./inurlbr.php

5) to get a list of basic options and switches use:

php inurlbr.php -h

6) To get a list of all options and switches use:

php inurlbr.php --help

E N J O Y ❤️👍🏻
U S E F O R L E A R N
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SIMCARD CLONING TOOLS :

 http://mister-sim.software.informer.com/

> https://www.dekart.com/products/card_management/sim_explorer/

> https://www.amazon.com/Cellphone-Reader-Cloner-Writer-Backup/dp/B00ZWNGPX6/

> https://ssl-download.cnet.com/MagicSIM/3000-2094_4-10601728.html

>  http://www.mobiledit.com/sim-cloning/

—MUCH MORE SIM CARD CLONING TOOLS BUT THOSE VERIFIED BEST TOOLS _

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NSA and FBI jointly expose the Linux malicious program Drvorub developed in Russia
#News

> The US National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) recently issued a press release that jointly disclosed the malicious software used by Russian military hackers in cyber espionage. In the detailed report disclosed on Thursday, hackers working for the Special Service Center of the 85th Army of the General Intelligence Service of the Russian General Staff (Unit 26165) used a malicious program called "Drovorub" to launch attacks specifically against Linux systems.

> These hackers are also known as APT28 or Fancy Bear. They invaded the Democratic National Committee in 2016 and often attacked defense, government, aerospace and other fields.

Although the alert did not contain specific details about the victims of "Drovorub", US officials said that they had issued alerts to multiple agencies this Thursday to raise awareness of hacking and vulnerabilities in the defense sector.

The National Security Agency and the FBI stated in the report: "The malware has posed a threat because Linux systems are widely used in the US national security system, the Department of Defense and the National Defense Industry Base."

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hack.chat is a minimal, distraction-free, accountless, logless, disappearing chat service which is easily deployable as your own service. The current client comes bundled with LaTeX rendering provided by KaTeX and code syntax highlighting provided by highlight.js.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Clone the repository: git clone https://github.com/hack-chat/main.git

2) Change the directory: cd main

Install the dependencies: npm install

3) Launch: npm start

4) If you change the websocketPort option during the config setup then these changes will need to be reflected on line 60 of client.js.

R E Q U I R E M E N T S :

node.js 8.10.0 or higher

npm 5.7.1 or higher


@undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOOLS REQUIRED FOR PENTESTING IN ANY LINUX OS :

pscan examiner ht
flawfinder srm driftnet
rats nwipe binwalk
ddrescue firstaidkit-gui scalpel
gparted xmount pdfcrack
testdisk dc3dd wipe
foremost afftools safecopy
sectool-gui scanmem hfsutils
unhide sleuthkit cmospwd
examiner macchanger secuirty-menus
srm ngrep nc6
nwipe ntfs-3g mc
firstaidkit-gui ntfsprogs screen
net-snmp pcapdiff openvas-scanner
hexedit netsed rkhunter
irssi dnstop labrea
powertop sslstrip nebula
mutt bonesi tripwire
nano proxychains prelude-lml
vim-enhanced prewikka iftop
wget prelude-manager scamper
yum-utils picviz-gui iptraf-ng
mcabber telnet iperf
firstaidkit-plugin-all onenssh nethogs
vnstat dnstracer uperf
aircrack-ng chkrootkit nload
airsnort aide ntop
kismet pads trafshow
weplab cowpatty wavemon

@undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑UTILITIES/TOOLS & CHECKERS & tutorials 2020 :

| Utility/TOOLBOX | [CyberChef](https://github.com/gchq/CyberChef) | The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis | ![]
(https://img.shields.io/github/stars/gchq/CyberChef) |  |

| Utility/URL | [anew](https://github.com/tomnomnom/anew) | A tool for adding new lines to files, skipping duplicates |  |  |

| Utility/URL | [burl](https://github.com/tomnomnom/burl)

| A Broken-URL Checker |  |  |


| Utility/URL | [cf-check](https://github.com/dwisiswant0/cf-check) | Cloudflare Checker written in Go |  |  |


| Utility/URL | [gau](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. |  |  |


| Utility/URL | [hacks](https://github.com/tomnomnom/hacks/tree/master/anti-burl) | remove bad urls |  |  |


| Utility/URL | [qsreplace](https://github.com/tomnomnom/qsreplace) | Accept URLs on stdin, replace all query string values with a user-supplied value |  |  |


| Utility/URL | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin |  |  |


| Utility/URL | [urlprobe](https://github.com/1ndianl33t/urlprobe) | Urls status code & content length checker |  |  |


| Utility/VULN | [Gopherus](https://github.com/tarunkant/Gopherus) | This tool generates gopher link for exploiting SSRF and gaining RCE in various servers |  |  |


| Utility/VULN | [hinject](https://github.com/dwisiswant0/hinject) | Host Header Injection Checker |  |  |


| Utility/VULN | [oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) | A tool for embedding XXE/XML exploits into different filetypes |  |  |


| Utility/VULN | [pentest-tools](https://github.com/gwen001/pentest-tools) | Custom pentesting tools |

E N J O Y ❤️👍🏻
use for learn
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME NEW XSS UTILITIES/TOOLS & TUTORIALS :

| Scanner/XSS | [domdig](https://github.com/fcavallarin/domdig) | DOM XSS scanner for Single Page Applications |  |  |


| Scanner/XSS | [ezXSS](https://github.com/ssl/ezXSS) | ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting. |  |  |


| Scanner/XSS | [findom-xss](https://github.com/dwisiswant0/findom-xss) | A fast DOM based XSS vulnerability scanner with simplicity. |  |  |


| Scanner/XSS | [xsser](https://github.com/epsylon/xsser) | Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. |  |  |


| Utility/BRIDGE | [Atlas](https://github.com/m4ll0k/Atlas) |

@undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁