π° Setoolkit π°
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
The Social Engineering Toolkit also includes a website tool that turns your Kali box into a webserver with a bunch of exploits that can compromise almost any browser. The idea is that we would send our target a link which routes them through to our website which automatically downloads and executes the exploit on the target system. You can even clone a valid website so the target is less suspicious. This becomes even more effective if you study your victims browser habits and clone one of their most frequently accessed sites.
π° Trity π°
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
ββ @HackWormAdmin ββ
Trity is an advanced pentesting framework dedicated to everything from vulnerability testing to cryptography.
Script : https://github.com/samyoyo/Trity-1
ββ @HackWormAdmin ββ
GitHub
GitHub - samyoyo/Trity-1: My most advanced framework yet!!
My most advanced framework yet!! . Contribute to samyoyo/Trity-1 development by creating an account on GitHub.
π theHarvester π
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
ββ @HackWormAdmin ββ
is a very simple, yet effective tool designed to be used in the early
stages of a penetration test. Use it for open source intelligence gathering and
helping to determine a company's external threat landscape on the internet. The
tool gathers emails, names, subdomains, IPs, and URLs using multiple public data
sources that include: all web pages
Command : root@kali:~# theharvester
ββ @HackWormAdmin ββ
π°ARP Poisoningπ°
πARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.π
β@HackWormAdminβ
πARP is the acronym for Address Resolution Protocol. It is used to convert IP address to physical addresses [MAC address] on a switch. The host sends an ARP broadcast on the network, and the recipient computer responds with its physical address [MAC Address]. The resolved IP/MAC address is then used to communicate. ARP poisoning is sending fake MAC addresses to the switch so that it can associate the fake MAC addresses with the IP address of a genuine computer on a network and hijack the traffic.π
β@HackWormAdminβ
π° Brute-Force Nearly Any Website Login with Hatch π°
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.
Full Tutorial : https://www.hackworm.ml/2019/03/brute-force-nearly-any-website-login.html
π°Web Vulnerability Scannersπ°
πΊNetsparker Application Security Scanner β Application security scanner to automatically find security flaws.
πΊNikto β Noisybut fast black box web server and web application vulnerability scanner.
πΊArachni β Scriptableframework for evaluating the security of web applications.
πΊw3af β Webapplication attack and audit framework.
πΊWapiti β Blackbox web application vulnerability scanner with built-in fuzzer.
πΊSecApps β In-browserweb application security testing suite.
πΊWebReaver β Commercial,graphical web application vulnerability scanner designed for macOS.
πΊWPScan β Blackbox WordPress vulnerability scanner.
πΊZoom β Powerfulwordpress username enumerator with infinite scanning.
πΊcms-explorer β Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
πΊjoomscan β Joomlavulnerability scanner.
πΊACSTIS β Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
πΊSQLmate β Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
β @HackWormAdmin β
πΊNetsparker Application Security Scanner β Application security scanner to automatically find security flaws.
πΊNikto β Noisybut fast black box web server and web application vulnerability scanner.
πΊArachni β Scriptableframework for evaluating the security of web applications.
πΊw3af β Webapplication attack and audit framework.
πΊWapiti β Blackbox web application vulnerability scanner with built-in fuzzer.
πΊSecApps β In-browserweb application security testing suite.
πΊWebReaver β Commercial,graphical web application vulnerability scanner designed for macOS.
πΊWPScan β Blackbox WordPress vulnerability scanner.
πΊZoom β Powerfulwordpress username enumerator with infinite scanning.
πΊcms-explorer β Revealthe specific modules,plugins,components and themes that various websites powered by content management systems are running.
πΊjoomscan β Joomlavulnerability scanner.
πΊACSTIS β Automatedclient-side template injection (sandboxescape/bypass)detection for AngularJS.
πΊSQLmate β Afriend of sqlmap that identifies sqli vulnerabilities based on a given dork and website (optional).
β @HackWormAdmin β
π° Bug Bounty Hunting π°
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs,especially those pertaining to exploits and vulnerabilities.
Areward offered to a perform who identifies an error or vulnerability in a computer program or system.
βThecompany boosts security by offering a bug bountyβ
β @HackWormAdmin β
A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs,especially those pertaining to exploits and vulnerabilities.
Areward offered to a perform who identifies an error or vulnerability in a computer program or system.
βThecompany boosts security by offering a bug bountyβ
β @HackWormAdmin β
π°Proxy Trojanπ°
A proxy Trojan is a virus which hijacks and turns the host computer into a proxy server,part of a botnet,from which an attacker can stage anonymous activities and attacks.
Thewhole point of a proxy Trojan is to hide the attacker,making it harder to trace the true origin of an attack since the attacks will look like they are coming from random and multiple directions because of the proxy bots.
β@HackWormAdmin β
A proxy Trojan is a virus which hijacks and turns the host computer into a proxy server,part of a botnet,from which an attacker can stage anonymous activities and attacks.
Thewhole point of a proxy Trojan is to hide the attacker,making it harder to trace the true origin of an attack since the attacks will look like they are coming from random and multiple directions because of the proxy bots.
β@HackWormAdmin β
π° Search Engine For Hackers π°
1. Censys.io
2. Shodan.io
3. Viz.Greynoise.io/table
4. Zoomeye.org
5. Fofa.so
6. Onyphe.io
7. App.binaryedge.io
8. Hunter.io
9. Wigle.net
10. Ghostproject.fr
β @HackWormAdmin β
1. Censys.io
2. Shodan.io
3. Viz.Greynoise.io/table
4. Zoomeye.org
5. Fofa.so
6. Onyphe.io
7. App.binaryedge.io
8. Hunter.io
9. Wigle.net
10. Ghostproject.fr
β @HackWormAdmin β
βοΈWAPITIβοΈ
πWapiti is a free open-source command-line based vulnerability scanner written in Python. While itβs not the most popular tool in this field, it does a good job of finding security flaws in many web applications.π
β@HackWormAdminβ
πWapiti is a free open-source command-line based vulnerability scanner written in Python. While itβs not the most popular tool in this field, it does a good job of finding security flaws in many web applications.π
β@HackWormAdminβ
π° STUXNET Source Code π°
Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program.
https://pastebin.com/BeJ6zT7D
Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program.
https://pastebin.com/BeJ6zT7D
Pastebin
Stuxnet Code - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
π° Some Hacking Terminologies π°
βͺ Phishing
βͺ Malware
βͺ Ransomware
βͺ Spoofing
βͺ Encryption
βͺ Adware
βͺ Zero Day threat
βͺ Brute Force Attack
βͺ HTTPS/SSL/TLS
βͺ Bot
βͺ Botnets
βͺ Distributed Denial of Service Attack (DDOS)
βͺ Firewall
βͺ Payload
βͺ White hat
βͺ Rootkit
βͺ RAT
βͺ SPAM
βͺ Worm
βͺ Cloaking
β @HackWormAdmin β
βͺ Phishing
βͺ Malware
βͺ Ransomware
βͺ Spoofing
βͺ Encryption
βͺ Adware
βͺ Zero Day threat
βͺ Brute Force Attack
βͺ HTTPS/SSL/TLS
βͺ Bot
βͺ Botnets
βͺ Distributed Denial of Service Attack (DDOS)
βͺ Firewall
βͺ Payload
βͺ White hat
βͺ Rootkit
βͺ RAT
βͺ SPAM
βͺ Worm
βͺ Cloaking
β @HackWormAdmin β
π° Programming Language For Hacking π°
Since programming is essential for hacking because a hacker is someone who breaks a protocol or an application security which is programmed in a certain programming language and to hack an application a hacker needs to understand the logic of that app, find flaw and the exploit it. So a hacker must learn a couple of programming languages to complete his task. So checkout the important programming languages for hackers and where to apply it.
Programming languages for Web Hacking and Pentesting
If youβre interested in web hacking and pentesting, then you must learn learn below mentioned languages at-least basic and intermediate level.
1]HTML
2] JavaScript
3]SQL (most important)
4] PHP
5] perl
Programming Languages for writing Exploits
Exploit writing is advance part of Hacking, It requires higher level of programming language. Every professional hacker must know Exploit Writing, It can be done in any programming language like C, C++, Ruby, Python etc.
1]c/c++
2] python (most important)
3] ruby
4]java
5]LISP
Programming languages for Reverse Engineering
Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information. Reverse engineering is also beneficial in crime prevention, where suspected malware is reverse engineered to understand what it does, and how to detect and remove it, and to allow computers and devices to work together. Reverse engineering can also be used to βcrackβ software and media to remove their copy protection.
1] Assembly language
Finally one more thing, programming languages for hacking also depends upon what program you want to hack, for example; if a web-app in coded in ASP.NET then you canβt hack it using PHP knowledge, although you can understand logic but it will be harder, so always make sure what you wanna hack and in which programming the app is coded.
Since programming is essential for hacking because a hacker is someone who breaks a protocol or an application security which is programmed in a certain programming language and to hack an application a hacker needs to understand the logic of that app, find flaw and the exploit it. So a hacker must learn a couple of programming languages to complete his task. So checkout the important programming languages for hackers and where to apply it.
Programming languages for Web Hacking and Pentesting
If youβre interested in web hacking and pentesting, then you must learn learn below mentioned languages at-least basic and intermediate level.
1]HTML
2] JavaScript
3]SQL (most important)
4] PHP
5] perl
Programming Languages for writing Exploits
Exploit writing is advance part of Hacking, It requires higher level of programming language. Every professional hacker must know Exploit Writing, It can be done in any programming language like C, C++, Ruby, Python etc.
1]c/c++
2] python (most important)
3] ruby
4]java
5]LISP
Programming languages for Reverse Engineering
Reverse engineering, also called back engineering, is the processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information. Reverse engineering is also beneficial in crime prevention, where suspected malware is reverse engineered to understand what it does, and how to detect and remove it, and to allow computers and devices to work together. Reverse engineering can also be used to βcrackβ software and media to remove their copy protection.
1] Assembly language
Finally one more thing, programming languages for hacking also depends upon what program you want to hack, for example; if a web-app in coded in ASP.NET then you canβt hack it using PHP knowledge, although you can understand logic but it will be harder, so always make sure what you wanna hack and in which programming the app is coded.
π° Limited Time Period Offer π°
Build an Advanced Keylogger using C++ for Ethical Hacking!
Enroll Now For Free:
https://www.udemy.com/how-to-create-an-advanced-keylogger-from-scratch-for-windows/?couponCode=JERRYBANFIELD
Build an Advanced Keylogger using C++ for Ethical Hacking!
Enroll Now For Free:
https://www.udemy.com/how-to-create-an-advanced-keylogger-from-scratch-for-windows/?couponCode=JERRYBANFIELD
π°Wifi Penetration Courseπ°
WiFi Penetration Testing (Ethical Hacking) From Scratch
Enroll Now For Free : https://www.udemy.com/wifi-hacking-from-a-penetration-testers-perspective/?couponCode=FB_WIFI_HACK
WiFi Penetration Testing (Ethical Hacking) From Scratch
Enroll Now For Free : https://www.udemy.com/wifi-hacking-from-a-penetration-testers-perspective/?couponCode=FB_WIFI_HACK