THE OFFICIAL CHANNEL :
T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Bug Bounty Tips and Information

Getting Started :

- Bug Bounties 101

- The life of a bug bounty hunter

- Awesome list of bugbounty cheatsheets

- Getting Started - Bug Bounty Hunter Methodology

- How to Become a Successful Bug Bounty Hunter

- Researcher Resources - How to become a Bug Bounty Hunter

🦑 Write Ups and Walkthroughs
- Awesome Bug Bounty Writeups



> git sources
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Game Hacking

- The Ultimate Game Hacking Resource: A curated list of tools, tutorials, and much more for reverse engineering video games!
https://github.com/dsasmblr/game-hacking

- The Ultimate Online Game Hacking Resource: https://github.com/dsasmblr/hacking-online-games


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Domain #Analysis- #gathering information

[badips.com](https://www.badips.com/) - Community based IP blacklist service.

boomerang - A tool designed
for consistent and safe capture of off network web resources.

[Cymon](https://cymon.io/) - Threat intelligence tracker, with IP/domain/hash
search.

Desenmascara.me - One click tool to retrieve as
much metadata as possible for a website and to assess its good standing.

[Dig](https://networking.ringofsaturn.com/) - Free online dig and other
network tools.

dnstwist - Domain name permutation
engine for detecting typo squatting, phishing and corporate espionage.

[IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information
about an IP or domain by searching online resources.

Machinae - OSINT tool for
gathering information about URLs, IPs, or hashes. Similar to Automator.

[mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
temporary email detection library.

MaltegoVT - Maltego transform
for the VirusTotal API. Allows domain/IP research, and searching for file
hashes and scan reports.

[Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
confirmed reverse DNS lookup over more than 300 RBLs.

NormShield Services - Free API Services
for detecting possible phishing domains, blacklisted ip addresses and breached
accounts.

[SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.

SpamHaus - Block list based on
domains and IPs.

[Sucuri SiteCheck](https://sitecheck.sucuri.net/) - Free Website Malware
and Security Scanner.

Talos Intelligence - Search for IP, domain
or network owner. (Previously SenderBase.)

[TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
for gathering information about URLs, IPs, or hashes.

URLQuery - Free URL Scanner.

[urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information.

Whois - DomainTools free online whois
search.

[Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - Free
online tools for researching malicious websites, compiled by Lenny Zeltser.

ZScalar Zulu - Zulu URL Risk Analyzer.

> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new termux hack tool for Hack Patten :
> in a way- generating pattern phishing tool which can hack victim pattern :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽

$ apt-get update -y
$ apt-get upgrade -y
$ pkg install python -y
$ pkg install python2 -y
$ pkg install git -y
$ pip install lolcat
$ git clone https://github.com/noob-hackers/hacklock
$ ls
$ cd hacklock
$ ls
$ bash hacklock.sh

🦑How it Works ?


1) Now you need internet connection to continue further process and Turn on your device hotspot to get link...

2) You will recieve patter pin in below image you can see pattern with numbers

3)You can select any option by clicking on your keyboard

Note:- Don't delete any of the scripts included in core files

4) From this option you can create phishing pattern link which get keys of victim pattern after he used this link


✅

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Documents and #Shellcode

* [AnalyzePDF](https://github.com/hiddenillusion/AnalyzePDF) - A tool for
analyzing PDFs and attempting to determine whether they are malicious.

* [box-js](https://github.com/CapacitorSet/box-js) - A tool for studying JavaScript
malware, featuring JScript/WScript support and ActiveX emulation.

* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
malicious shellcode.

* [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation.

* [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) -
Deobfuscate simple Javascript that use eval or document.write to conceal
its code.

* [libemu](http://libemu.carnivore.it/) - Library and tools for x86 shellcode
emulation.

* [malpdfobj](https://github.com/9b/malpdfobj) - Deconstruct malicious PDFs
into a JSON representation.

* [OfficeMalScanner](http://www.reconstructer.org/code.html) - Scan for
malicious traces in MS Office documents.

* [olevba](http://www.decalage.info/python/olevba) - A script for parsing OLE
and OpenXML documents and extracting useful information.

* [Origami PDF](https://code.google.com/archive/p/origami-pdf) - A tool for
analyzing malicious PDFs, and more.

* [PDF Tools](https://blog.didierstevens.com/programs/pdf-tools/) - pdfid,
pdf-parser, and more from Didier Stevens.

* [PDF X-Ray Lite](https://github.com/9b/pdfxray_lite) - A PDF analysis tool,
the backend-free version of PDF X-RAY.

* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
tool for exploring possibly malicious PDFs.

* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
to analyze suspected malware documents to identify exploits in streams of different
encodings and to locate and extract embedded executables.

* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
Mozilla's JavaScript engine, for debugging malicious JS.


> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bitcoin Hacking :

Private Key Harvesters

> Electrum cracker

> Brainflayer

> Bruteforce Wallet

> Large Bitcoin Collider Pool Script

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽

Download: https://github.com/SMH17/bitcoin-hacking-tools

🦑brainflayer :

1️⃣Precompute the bloom filter:

> hex2blf example.hex example.blf

2️⃣Run Brainflayer against it:

brainflayer -v -b example.blf -i phraselist.txt

or

your_generator | brainflayer -v -b example.blf

3️⃣Building

Should compile on Linux with make provided you have the required devel libs installed (at least openssl and gpm are required along with libsecp256k1's build dependencies). I really need to learn autotools. If you file an issue about a build failure in libsecp256k1 I will close it.

4️⃣While not strictly required, it is highly recommended to use the following options:

-m FILE Load the ecmult table from FILE (generated with ecmtabgen) rather than computing it on startup. This will allow multiple brainflayer processes to share the same table in memory, and signifigantly reduce startup time when using a large table.

-f FILE Verify check bloom filter matches against FILE, a list of all hash160s generated with sort -u example.hex | xxd -r -p > example.bin Enough addresses exist on the Bitcoin network to cause false positives in the bloom filter, this option will suppress them.

Brainflayer supports a few other types of input via the -t option:

-t keccak passphrases to be hashed with keccak256 (some ethereum tools)

-t priv raw private keys - this can be used to support arbitrary deterministic wallet schemes via an external program. Any trailing data after the hex encoded private key will be included in brainflayer's output as well, for reference. See also the -I option if you want to crack a bunch of sequential keys, which has special speed optimizations.

-t warp salts or passwords/passphrases for WarpWallet

-t bwio salts or passwords/passphrases for brainwallet.io

-t bv2 salts or passwords/passphrases for brainv2 - this one is very slow on CPU, however the parameter choices make it a great target for GPUs and FPGAs.

-t rush passwords for password-protected rushwallets - pass the fragment (the part of the url after the #) using -r. Almost all wrong passwords will be rejected even without a bloom filter.

Address types can be specified with the -c option:

-c u uncompressed addresses

-c c compressed addresses

-c e ethereum addresses

-c x most signifigant bits of public point's x coordinate

It's possible to combine two or more of these, e.g. the default is -c uc.

An incremental private key brute force mode is available for fans of directory.io, try

brainflayer -v -I 0000000000000000000000000000000000000000000000000000000000000001 -b example.blf

See the output of brainflayer -h for more detailed usage info.

🦑Also included is blfchk - you can pipe it hex encoded hash160 to check a bloom filter file for. It's very fast - it can easily check millions of hash160s per second. Not entirely sure what this is good for but I'm sure you'll come up with something.

✅
and about the other cracking bitcoin tools in this same download link - building manual- using cmake -

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 File #Carving :

* [bulk_extractor](https://github.com/simsong/bulk_extractor) - Fast file
carving tool.

* [EVTXtract](https://github.com/williballenthin/EVTXtract) - Carve Windows
Event Log files from raw binary data.

* [Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force⭐️🧜‍♂️

* [hachoir3](https://github.com/vstinner/hachoir3) - Hachoir is a Python library
to view and edit a binary stream field by field.

* [Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool.

* [SFlock](https://github.com/jbremer/sflock) - Nested archive
extraction/unpacking (used in Cuckoo Sandbox).

✅
>git sources..
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reverse XOR and other code obfuscation methods :
> This like a drog for some hackers😃


[Balbuzard](https://bitbucket.org/decalage/balbuzard/wiki/Home) - A malware
analysis tool for reversing obfuscation (XOR, ROL, etc) and
more.

de4dot - .NET deobfuscator and
unpacker.

[ex_pe_xor](http://hooked-on-mnemonics.blogspot.com/2014/04/expexorpy.html)
& [iheartxor](http://hooked-on-mnemonics.blogspot.com/p/iheartxor.html) -
Two tools from Alexander Hanel for working with single-byte XOR encoded
files.

FLOSS - The FireEye Labs Obfuscated
String Solver uses advanced static analysis techniques to automatically
deobfuscate strings from malware binaries.

[NoMoreXOR](https://github.com/hiddenillusion/NoMoreXOR) - Guess a 256 byte
XOR key using frequency analysis.

PackerAttacker - A generic
hidden code extractor for Windows malware.

[unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
unpacker for Windows malware based on WinAppDbg.

unxor - Guess XOR keys using
known-plaintext attacks.

[VirtualDeobfuscator](https://github.com/jnraber/VirtualDeobfuscator) -
Reverse engineering tool for virtualization wrappers.

XORBruteForcer -
A Python script for brute forcing single-byte XOR keys.

[XORSearch & XORStrings](https://blog.didierstevens.com/programs/xorsearch/) -
A couple programs from Didier Stevens for finding XORed data.

xortool - Guess XOR key length, as
well as the key itself.

✅
>git sources..
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 #Reverse Engineering Tools

The following are some of the most popular reverse engineering tools:

HOWEVER! GO TO THE REVERSE ENGINEERING SECTION for more references.

[Ghidra](https://ghidra-sre.org/) - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate

Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.

[WDK/WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.

OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.

[Radare2](http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.

x64dbg - Open source x64/x32 debugger for windows.

[Immunity Debugger](http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.

Evan's Debugger - OllyDbg-like debugger for GNU/Linux.

[Medusa](https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.

plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

[peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.

dnSpy - Tool to reverse engineer .NET assemblies.

[binwalk](https://github.com/devttys0/binwalk) - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.

[Voltron](https://github.com/snare/voltron) - Extensible debugger UI toolkit written in Python.

Capstone - Lightweight multi-platform, multi-architecture disassembly framework.

[rVMI](https://github.com/fireeye/rVMI) - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.

Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.


> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Disk Image Creation Tools 2020

* [AccessData FTK Imager](http://accessdata.com/product-download/?/support/adownloads#FTKImager) - AccessData FTK Imager is a forensics tool whose main purpose is to preview recoverable data from a disk of any kind. FTK Imager can also acquire live memory and paging file on 32bit and 64bit systems

* [Bitscout](https://github.com/vitaly-kamluk/bitscout) - Bitscout by Vitaly Kamluk helps you build your fully-trusted customizable LiveCD/LiveUSB image to be used for remote digital forensics (or perhaps any other task of your choice). It is meant to be transparent and monitorable by the owner of the system, forensically sound, customizable and compact.

* [GetData Forensic Imager](http://www.forensicimager.com/) - GetData Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats

* [Guymager](http://guymager.sourceforge.net) - Guymager is a free forensic imager for media acquisition on Linux

* [Magnet ACQUIRE](https://www.magnetforensics.com/magnet-acquire/) - ACQUIRE by Magnet Forensics allows various types of disk acquisitions to be performed on Windows, Linux, and OS X as well as mobile operating systems.

> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#SUPPORT & SHARE :

T.me/UndercodeSecurity

▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID HACKING APPS 2020 :



1) DroidBox

https://downloadapks.net/app/droidbox-apk/

2) Kali Net Hunter

https://www.kali.org/kali-linux-nethunter/

3) Zanti

https://zanti.en.softonic.com/android

4) CSploit

http://www.csploit.org/downloads/

5) Hackod

https://apkpure.com/hackode/com.techfond.hackode

6) Network mapper

https://www.malavida.com/en/soft/network-mapper/android/#gref

7)androrat

https://www.apkfirm.com/androrat/

8) DroidSheep - Wi-Fi Kill -


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Alexa Skills Fundamentals (New 2019-2020) —2.16 GB

https://www.udemy.com/course/alexa-skills-fundamentals/

https://mega.nz/folder/YdAz1SqJ#8EtGtN2j_WX7DZNd4w31Hg

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#BUG BOUNTIES :

- [Awesome Bug Bounty Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups)

## Bug Bounty Platforms

- [AntiHACK](https://www.antihack.me/)

- [Bounty Factory](https://bountyfactory.io/)

- [Bountysource](https://www.bountysource.com/)

- [BugbountyHQ](https://www.bugbountyhq.com/)

- [Bugbountyjp](https://bugbounty.jp/)

- [Bugcrowd](https://bugcrowd.com/)

- [CESPPA](https://www.cesppa.com/)

- [Cobalt](https://cobalt.io/)

- [Coder Bounty](http://www.coderbounty.com/)

- [Detectify](https://cs.detectify.com/)

- [FOSS Factory](http://www.fossfactory.org/)

- [FreedomSponsors](https://freedomsponsors.org/)

- [HackenProof](https://hackenproof.com/)

- [Hackerhive](https://hackerhive.io/)

- [HackerOne](https://hackerone.com/)

- [intigriti](https://intigriti.com/)

- [Safehats](https://safehats.com/)

- [Synack](https://www.synack.com/)

- [YesWeHack](https://yeswehack.com/)

@UndercodeTesting
> git sources
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁