▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑free penetration testing toolkit :

Information Gathering
Exploitation
Post Exploitation
Bruteforcing
Phishing
Cryptography/Stenography
Information Gathering:
Nmap
IP Info
Tcpdump (In The Works)
Datasploit (In The Works)
Censys Lookup
DNS Lookup
Raccoon
Cloudflare Bypasser
Exploitation:
Searchsploit
ReverseShell Wizard
FTP Buffer Overflow Scan
WPSeku WordPress Vuln Scanner
Post Exploitation:
In The Works
Bruteforcing:
FTP Bruteforcer
WPSeku WordPress Login Bruteforce
Phishing:
BlackEye Python
Crypto/Stegano:
MetaKiller
PDFMeta

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Using Pip

1) sudo apt-get update

2) sudo apt-get upgrade

3) sudo apt-get install exploitdb netcat nmap perl php7.0

# on macOS

1) brew install exploitdb netcat nmap perl

2) pip3 install babysploit

3) babysploit

4) In order to use search command you must follow steps here to install the searchsploit binary!

Building From Source

1) sudo apt-get update

2) sudo apt-get upgrade

3) sudo apt-get install exploitdb netcat nmap perl php7.0

# on macOS

1) brew install exploitdb netcat nmap perl

2) git clone https://github.com/M4cs/BabySploit.git

3) cd BabySploit/

4) python3 setup.py install

5) babysploit

6) Docker Run Command

7) docker run --rm -idt --name babysploit xshuden/babysploit # container is deleted when you're done
OR
docker run -idt --name babysploit xshuden/babysploit

🦑7) BabySploit uses ConfigParser in order to write and read configuration. Your config file is automatically generated and located at ./babysploit/config/config.cfg. You can manually change configuration settings by opening up the file and editing with a text editor or you can use the set command to set a new value for a key. Use the set command like so:

set rhost
>> Enter Value For rhost: 10
>> Config Key Saved!
If before running this command the rhost key had a value of 80, the rhost key after running this command has a value of

8) You can also add configuration variables to the config by using the set command with a new key after it like so:

set newkey
>> Enter Value For newkey: hello
>> Config Key Saved!

9) Before running this there was no key named "newkey". After running this you will have a key named "newkey" in your config until you use the reset command which resets the saved configuration.

U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Instant Email Profits




https://mega.nz/#F!ooREyICT!lp-bgMT6IBjl0DvQDIBrFg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hidden "Notification History" widget on Android
#Fasttips

1) It so happens that you delete an important notification without thinking or having time to read it. Or you click on the "Delete everything" button. Fortunately, there are ways to read these notifications at least partially.

2) Since Android 4.1 Jelly Bean there is a hidden feature that allows you to watch recently received notifications. To access it, long press on an empty spot on the home screen and select "Widgets". Long press on the Settings widget and drag it to your home screen. A page with several options will appear. Select "Notifications".

3) now you can see the history of all notifications. In this case, we managed to see notifications for the last two days, but depending on their number, the period may be longer or shorter. Shows the title of the notification that sent its apps and the time or date it was sent.

4) In Android 11, this list has been redesigned to show the content of the notification along with other information.

For users of Samsung Galaxy devices, this method does not work. They need to download the Good Lock app from the
> Galaxy Store, install the NotiStar extension https://galaxystore.samsung.com/detail/com.samsung.systemui.notilus

and launch Good Lock from the main menu. The function is also not supported on LG smartphones running Android 10.

> https://galaxystore.samsung.com/detail/com.samsung.android.goodlock


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HELPFUL HACKING SPYWARES & TOOLS FOR ANY HACKER :

3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/

3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d

acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/

Spyse OSINT gathering tool that scans the entire web, enrich and collect all the data in its own DB for instant access.

Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more. https://spyse.com/

findsubdomains Complete subdomains sacnning service.(works using OSINT). https://findsubdomains.com

sublist3r subdomains enumeration tool for penetration testers https://github.com/aboul3la/Sublist3r

ASlookup Made for identifying the owner of an IP range(CIDR), ASN, related ASN, registry, etc... http://aslookup.com

ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html

admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html

adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site.
http://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html

admsnmp 0.1 ADM SNMP audit scanner.
aesfix 1.0.1 A tool to find AES key in RAM http://
citp.princeton.edu/memory/code/
aeskeyfind 1.0 A tool to find AES key in RAM http://citp.princeton.edu/memory/code/
aespipe 2.4c Reads data from stdin and outputs encrypted or decrypted results to stdout. http://loop-aes.sourceforge.net/aespipe/

afflib 3.7.3 An extensible open format for the storage of disk images and related forensic information. http://www.afflib.org

afpfs-ng 0.8.1 A client for the Apple Filing Protocol (AFP) http://alexthepuffin.googlepages.com/

against 0.2 A very fast ssh attacking script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks parallel all discovered hosts or given ip addresses from a list. http://nullsecurity.net/tools/cracker.html

aiengine 339.58dfb85 A packet inspection engine with capabilities of learning without any human intervention. https://bitbucket.org/camp0/aiengine/
aimage 3.2.5 A program to create aff-images. http://www.afflib.org

air 2.0.0 A GUI front-end to dd/dc3dd designed for easily creating forensic images. http://air-imager.sourceforge.net/
airflood 0.1 A modification of aireplay that allows for a DOS in in the AP. This program fills the table of clients of the AP with random MACs doing impossible new connections. http://packetstormsecurity.com/files/51127/airflood.1.tar.gz.html

airgraph-ng 2371 Graphing tool for the aircrack suite http://www.aircrack-ng.org

airoscript 45.0a122ee A script to simplify the use of aircrack-ng tools. http://midnightresearch.com/projects/wicrawl/
airpwn 1.4 A tool for generic packet injection on an 802.11 network. http://airpwn.sourceforge.net

allthevhosts 1.0 A vhost discovery tool that scrapes various web applications http://labs.portcullis.co.uk/tools/finding-all-the-vhosts/


U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ND10X – 10X Your Money In 10 Days Trading System

https://mega.nz/folder/XrpyGSzA#C_UVLTepeKRSs6f6qNu31g

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST 2020 FREE & ANONYMOUS VPN WITH 4- 5 RATING :

https://play.google.com/store/apps/details?id=com.tunnelbear.android

https://play.google.com/store/apps/details?id=com.kaspersky.secure.connection

https://play.google.com/store/apps/details?id=hotspotshield.android.vpn

https://play.google.com/store/apps/details?id=com.avira.vpn

https://play.google.com/store/apps/details?id=com.speedify.speedifyandroid&hl=en

https://play.google.com/store/apps/details?id=com.windscribe.vpn

https://play.google.com/store/apps/details?id=ch.protonvpn.android

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE SS7 HACKING 2020 UPDATE :

SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Version 1: SS7
SigPloit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios

A- Location Tracking

B- Call and SMS Interception

C- Fraud
Version 2: GTP
This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.

Version 3: Diameter
This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.

Version 4: SIP
This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks

Version 5: Reporting
This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.

BETA Version of SigPloit will have the Location Tracking attacks of the SS7 phase 1
Installation and requirements
The requirements for this project are:

1) Python 2.7

2) Java version 1.7 +

3) sudo apt-get install lksctp-tools

4) Linux machine

To run use

5) cd SigPloit

6) sudo pip2 install -r requirements.txt

7) python sigploit.py

✅GIT 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

General Trafc Manipulation Intro Previously we used Wireshark to capture network trafc. Passive snifng is usually easy but only useful to a degree. If the application was using TLS, we would have seen garbage after the TLS handshake . In these cases, Man-in-the-Middling (MitM-ing) the trafc with a proxy tool (e.g. Burp) is usually the way to go. But that introduces new challenges.
1. Redirecting the trafc to the proxy.

2. Masquerading as the server (e.g. make client accept our proxy's certicate instead of server).

3. Modifying packets.
I will need a lot of pages to talk about these and document what I have learned through the years. This is not the place for it.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE CC & GIFT CARDS APPS 2020 :
-LIST 4

https://play.google.com/store/apps/details?id=com.shopkick.app

https://play.google.com/store/apps/details?id=com.receiptpalapp.android&hl=en_US

https://apps.apple.com/us/app/receipt-pal-earn-rewards/id732079889

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://www.microsoft.com/en-us/rewards

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://apps.apple.com/us/app/apptrailers/id469489347

https://play.google.com/store/apps/details?id=com.appredeem.apptrailers&hl=en_US

https://play.google.com/store/apps/details?id=com.appkarma.app

https://play.google.com/store/apps/details?id=com.appnana.android.giftcardrewards

https://play.google.com/store/apps/details?id=gift.wojingdaile

https://play.google.com/store/apps/details?id=com.appnana.android.giftcardrewards

https://play.google.com/store/apps/details?id=app.fortunebox

https://play.google.com/store/apps/details?id=gift.wallet.orion

U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

LEARNING CRACKING WI-FI PASSWORD KEYS [ WEP/WPAWPA2)

https://mega.nz/folder/gRk1jQhR#spPFYVsQkWn2SjLKVxMlVw

SOME GOOD PENTESTING COURSE >

https://mygavilan-my.sharepoint.com/:f:/g/personal/kali_masi_my_gavilan_edu/EpnjkaMNMRdJvQQNQOOEt60BMX2XzvhotZ1Uy3ZXPRsteQ?e=PdnUeY

Detailed fresh Proxies List


https://pastebin.com/D7tvx0YB

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VIRUS/MALWARES /PAYLOADS FREE CREATING TOOLS :

- [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)

- [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)

- [Cloud - AWS Pentest.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md)

- [Cloud - Azure Pentest.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md)

- [Cobalt Strike - Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cobalt%20Strike%20-%20Cheatsheet.md)

- [Linux - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Persistence.md)

- [Linux - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md)

- [Metasploit - Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Metasploit%20-%20Cheatsheet.md)

- [Methodology and enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology%20and%20enumeration.md)

- [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)

- [Network Discovery.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Discovery.md)

- [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)

- [Subdomains Enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md)

- [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)

- [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)

- [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)

- [Windows - Post Exploitation Koadic.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Post%20Exploitation%20Koadic.md)

- [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)

- [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)

- [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)


U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What to do if Magisk shows passing SafetyNet test, but problems persist ?
#requested

1) Google recently launched a new SafetyNet test, which may cause problems with rooted Android devices. A safetyNet status check is performed using Google servers, which cannot be tricked by conventional means. If Magisk shows that you have passed the SafetyNet test, but you still have problems, this change may be to blame.

Most users run the SafetyNet test through Magisk Manager, but this is no longer recommended. This option only shows local status using old spoofing methods. It may seem like you passed the test, but you are not.

If you want to know what is happening in reality, you need to download a separate application to check the SafetyNet status. It's called SafetyNet Test and is available on the Play Store.

2) The process is very simple. When you have launched the application, you need to click on the "Test" button. In a few seconds, you will see if you passed the Google SafetyNet test or not. When Magisk shows you passed SafetyNet but SafetyNet Test fails, Google's innovation has affected your device.

3)(2) this means the SafetyNet status is checked remotely. (3) if the device passes the SafetyNet test, you should see a Pass message. This is a good sign that your device is not affected by the change.

If you see a “Failed” message, problems may arise in the future. You may lose access to certain apps like Google Pay and Pokémon GO. Google has been working on this for several years and now the result is closer than ever. However, you can still use your modified mods.

4) As more applications can start using the new SafetyNet check, it doesn't hurt to have a second device. This will allow you to work with one of them with root and with the other without. You can find good-quality, affordable Android smartphones and bypass the SafetyNet check.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑bypass GFW trojan 2020 :
An unidentifiable mechanism that helps you bypass GFW.

Trojan features multiple protocols over TLS to avoid both active/passive detections and ISP QoS limitations.

Trojan is not a fixed program or protocol. It's an idea, an idea that imitating the most common service, to an extent that it behaves identically, could help you get across the Great FireWall permanently, without being identified ever. We are the GreatER Fire; we ship Trojan Horses.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

A) sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
or

sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"


B) AOSC OS
sudo apt-get install trojan

C) Arch Linux
sudo pacman -S trojan

D) AUR
$(AURHelper) -S trojan-git

E) Debian 10 :

1) sudo apt install trojan
<= 9
TROJAN_DEBIAN_VERSION="1.10.0-3"

2) sudo apt update

3) sudo apt install build-essential devscripts debhelper

4) cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev python3 curl openssl

5) dget http://ftp.us.debian.org/debian/pool/main/t/trojan/trojan_${TROJAN_DEBIAN_VERSION}.dsc

6) dpkg-source -x trojan_${TROJAN_DEBIAN_VERSION}.dsc trojan-${TROJAN_DEBIAN_VERSION}

7) cd trojan-${TROJAN_DEBIAN_VERSION}/dpkg-buildpackage -us -uc -d

8) sudo dpkg -i ../trojan_${TROJAN_DEBIAN_VERSION}_$(dpkg-architecture -q DEB_BUILD_ARCH).deb

9) sudo apt purge devscripts debhelper cmake # you can remove it now

f)Ubuntu

1) sudo add-apt-repository ppa:greaterfire/trojan

2) sudo apt-get update

3) sudo apt-get install trojan


🦑how to byppass free full tutorial https://trojan-gfw.github.io/trojan/config

U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁