🔰 Social Engineering 🔰
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not contain the divulging of confidential information.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not contain the divulging of confidential information.
Media is too big
VIEW IN TELEGRAM
Introduction to Social Engineering
Website Cloning Using SEToolkit.mkv
40.9 MB
Website Cloning Using SEToolkit
Media is too big
VIEW IN TELEGRAM
Social Engineering Demonstrate
[@HackWorm] Social Engineering.pdf
15.6 MB
🔰 Kali Linux Social Engineering 🔰
Media is too big
VIEW IN TELEGRAM
🔰 Introduction to SQL Injections 🔰
Part 1 SQL Injection
Part 1 SQL Injection
🔰 WHAT IS SQL INJECTION 🔰
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
Media is too big
VIEW IN TELEGRAM
MySQL Database Setup
Part 2 SQL injection
Part 2 SQL injection
🔰 Knowledge 🔰
Bypass 2-factor authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
Bypass 2-factor authentication
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
🔰 Setoolkit 🔰
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
🔰 Trity 🔰
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
➖➖ @HackWormAdmin ➖➖
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
➖➖ @HackWormAdmin ➖➖
GitHub
GitHub - samyoyo/Trity-1: My most advanced framework yet!!
My most advanced framework yet!! . Contribute to samyoyo/Trity-1 development by creating an account on GitHub.
😈 theHarvester 😈
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
➖➖ @HackWormAdmin ➖➖
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
➖➖ @HackWormAdmin ➖➖
🔰ARP Poisoning🔰
🌀ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.🌀
➖@HackWormAdmin➖
🌀ARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.🌀
➖@HackWormAdmin➖
🔰 Brute-Force Nearly Any Website Login with Hatch 🔰
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
🔰Web Vulnerability Scanners🔰
🔺Netsparker Application Security Scanner — Application security scanner to automatically find security flaws.
🔺Nikto — Noisybut fast black box web server and web application vulnerability scanner.
🔺Arachni — Scriptableframework for evaluating the security of web applications.
🔺w3af — Webapplication attack and audit framework.
🔺Wapiti — Blackbox web application vulnerability scanner with built-in fuzzer.
🔺SecApps — In-browserweb application security testing suite.
🔺WebReaver — Commercial,graphical web application vulnerability scanner designed for macOS.
🔺WPScan — Blackbox WordPress vulnerability scanner.
🔺Zoom — Powerfulwordpress username enumerator with infinite scanning.
🔺cms-explorer — Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
🔺joomscan — Joomlavulnerability scanner.
🔺ACSTIS — Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
🔺SQLmate — Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
➖ @HackWormAdmin ➖
🔺Netsparker Application Security Scanner — Application security scanner to automatically find security flaws.
🔺Nikto — Noisybut fast black box web server and web application vulnerability scanner.
🔺Arachni — Scriptableframework for evaluating the security of web applications.
🔺w3af — Webapplication attack and audit framework.
🔺Wapiti — Blackbox web application vulnerability scanner with built-in fuzzer.
🔺SecApps — In-browserweb application security testing suite.
🔺WebReaver — Commercial,graphical web application vulnerability scanner designed for macOS.
🔺WPScan — Blackbox WordPress vulnerability scanner.
🔺Zoom — Powerfulwordpress username enumerator with infinite scanning.
🔺cms-explorer — Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
🔺joomscan — Joomlavulnerability scanner.
🔺ACSTIS — Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
🔺SQLmate — Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
➖ @HackWormAdmin ➖