🦑Smtp server and mail list system for sending unlimited emails and text messages:

Mail Demon is a robust and efficient tool for sending bulk emails and text messages. Its design focuses on high performance, simplicity, and secure delivery, leveraging .NET 6.0+ and integration with frameworks like MimeKit and MailKit. It includes built-in security features such as SPF validation and integrates seamlessly with IPBan for added protection against brute force attacks.

>> Features
- High Performance: Optimized for low memory and CPU usage, capable of sending thousands of messages per second.
- Security: Supports SPF, DKIM, and DMARC records for secure email delivery.
- SMTP Features: Includes support for extensions like STARTTLS, AUTH PLAIN, and SMTPUTF8.
- Mail List Management: Integrated website for managing mailing lists, templates, and subscriber interactions.
- Database Support: SQLite by default, with SQL Server support as an option.
- Cross-platform Compatibility: Runs on Linux and Windows servers.

>> Setup Instructions

>> General Prerequisites
1. Install .NET 6.0+ runtime or publish as a self-contained executable.
2. Update `appsettings.json` with your configurations:
- SMTP settings.
- User credentials (avoid default settings).
- SSL certificates (recommended: Let’s Encrypt).

>># Building Mail Demon
1. Download and open the project in Visual Studio/VS Code.
2. Set the release configuration.
3. Publish the project.
4. Transfer the binaries to your server.

>> Linux Service Configuration
1. Place binaries in /opt/MailDemon.
2. Create a service file (/lib/systemd/system/MailDemon.service):

   [Unit]
   Description=Mail Demon Service
   After=network.target

   [Service]
   WorkingDirectory=/opt/MailDemon
   ExecStart=/usr/bin/dotnet /opt/MailDemon/MailDemon.dll
   Restart=on-failure

   [Install]
   WantedBy=multi-user.target
   

3. Enable and start the service:

   sudo systemctl daemon-reload
   sudo systemctl enable MailDemon
   sudo systemctl start MailDemon
   systemctl status MailDemon
   

>># DNS Configuration
1. SPF Record: v=spf1 mx -all
2. MX Record: Point to your domain's email server.
3. A/AAAA Record: Map to your server's IP address.
4. DMARC Record: Refer to [DMARC wiki](https://en.wikipedia.org/wiki/DMARC).
5. DKIM: Set up DKIM keys for email authentication.
6. Reverse DNS: Ensure your IP address resolves to your mail server domain.

>> Mail List Management
1. Enable Web Interface:
- Set enableWeb to true in appsettings.json.
- Configure authority, admin credentials, and reCAPTCHA keys.
2. Create and Manage Lists:
- Log in at /MailDemonLogin.
- Define lists and templates.
- Customize templates using Razor syntax.

3. Sending Emails:
- Assign a subject using <!-- Subject: ... --> in templates.
- Send bulk emails using the integrated mail list interface.

4. Magic Templates for Default Behaviors:
- SubscribeInitial: Sign-up form.
- SubscribeConfirm: Confirmation email.
- SubscribeWelcome: Welcome email.

>> Database Management
- Default: SQLite (MailDemon.db).
- Optional: SQL Server (configure in appsettings.json).

>> Known Issues
- Hotmail and Outlook Certificates: Add problematic domains to appsettings.json if invalid SSL certificates are encountered.

This streamlined tool is ideal for managing notifications, announcements, and bulk messaging tasks with ease.

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑is your windows slow ?
Free Optimizer apps:

https://github.com/hellzerg/optimizer

https://github.com/Threelon/Windows-Optimizer

https://github.com/azurejoga/Aurora-Windows-Optimizer

https://www.iolo.com

https://www.glarysoft.com

https://www.ccleaner.com

https://www.tweaking.com/content/page/windows_repair_all_in_one.html

https://www.defencebyte.com

https://macpaw.com/cleanmypc

🦑Exploit: index : ghostpdl.git
CVE-2024-46951

See bug report for details.

Diffstat
-rw-r--r--  psi/zcolor.c  3  
1 files changed, 3 insertions, 0 deletions
diff --git a/psi/zcolor.c b/psi/zcolor.c
index d4e7a4438..d3384d75d 100644
--- a/psi/zcolor.c
+++ b/psi/zcolor.c
@@ -5276,6 +5276,9 @@ static int patterncomponent(i_ctx_t * i_ctx_p, ref *space, int *n)
             code = array_get(imemory, pImpl, 0, &pPatInst);
             if (code < 0)
                 return code;
+
+            if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
+                return_error(gs_error_typecheck);
             cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
             if (pattern_instance_uses_base_space(cc.pattern))
                 *n = n_comps;

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Simulate Attack with Atomic Red Team:

What is Atomic Red Teams?
According to their Github pages, Atomic Red Team is a library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.

Prerequisites

>Virtual Machine with NAT Connection (Dont Use your Real Own PC).

>Windows Operating System (in this tutorial we are using Win10 Pro).

>Disabled Antivirus and Exclusion The

>EDR Script Onboarding
(If you want to deploy with local script deployment)

🦑Powershell to execute the command
Step-By-Step:

Login to your VM. Prepare the Environment first with disabling the Antivirus. Right Click Windows PowerShell > Run As Admin PowerShell

1️⃣

Set-ExecutionPolicy Bypass -Scope CurrentUser

ExecutionPolicy Bypass

3️⃣ Disable Microsoft Defender Antivirus

Open Windows Defender > Disable Real-Time Protection, Tamper Protection, Auto Sample Submission, and Cloud Delivered Protection

4️⃣Create an Empty Folder at “C:\AtomicRedTeam\”.

You can Choose 2 Method for Exclude folder.

5️⃣ Exclusion Folder with Command :

Add-MpPreference -ExclusionPath C:\AtomicRedTeam\

Or Use GUI : Windows Security > Exclusions > C:\AtomicRedTeam\

6️⃣To disable Microsoft Defender Antivirus permanently on Windows 10, use these steps:

a. Open Start > search gpedit.msc or Edit Group Policy.

b. Browse the following path: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

c. Double-click the “Turn off Microsoft Defender Antivirus” policy.

d. Choose Enable Radio Button > Apply.

7️⃣Start Install The Atomics Simulation Tool

IEX (IWR ‘https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics -Force

9️⃣Check Detail Technique

From a given technique number, you can check the detail with the command below. You can customize “T1003” with another code.

Invoke-AtomicTest T1003 -ShowDetailsBrief

ShowDetailsBrief

🔟 View All Simulation Test

Invoke-AtomicTest All -ShowDetailsBrief

ShowDetailsBrief

1️⃣1️⃣ Check Pre-Requisites

Invoke-AtomicTest T1485 -TestNumbers 1 -CheckPrereqs

> Get Pre-Requisites

Invoke-AtomicTest T1485 -TestNumbers 1 -GetPrereqs

1️⃣2️⃣ Execute The simulation

Invoke-AtomicTest T1027 -TestNumbers 7

🦑Bug bounty tips ✨

Xss 💰 Methodology 💯

1- Pick a target

2- Do Full depth Subdomain enumeration using Subfinder( along API'S ) and use webcopilot or SubDomz and various subdomains finder tools in one liner and also ones perform subdomain bruteforicng and save it in a file.!!

3- subfinder -d example.com -all >> subs.txt

4- cat subs.txt | httpx -o alive-subs.txt



hashtag#Method-1 ( Using Dalfox )

1- katana -u alive-subs.txt -o endpoints-1.txt

2- waybackurls http://example.com | grep = | tee endpoints-2.txt

3- ./gau example.com >> endpoints-3.txt

4- paramspider -d example.com

5 - cat alive-subs.txt | hakrawler | tee -a endpoints-5.txt

6- cat endpoints.txt | uro | tee -a endpoints-uro.txt ( Combine all URLS )

7- cat endpoints-uro.txt | Gxss | dalfox pipe --multicast --skip-mining-all (Accurate also ) ( Here Gxss helps us when payload is injected is reflecting back ?? and I used skip mining because already we got urls nah ! if want remove it )

[ OR ]
8- dalfox url http://example.com --custom-payload payloads.txt ( Simple Scan )

Method-2 ( Using XSS_vibes )
1- katana -u alive-subs.txt -o endpoints-1.txt

2- waybackurls http://example.com | grep = | tee endpoints-2.txt

3- ./gau example.com >> endpoints-3.txt

4- paramspider -d example.com

5 - cat alive-subs.txt | hakrawler | tee -a endpoints-5.txt

6- cat endpoints.txt | uro | tee -a endpoints-uro.txt

7- cat endpoints-uro.txt | ./gf xss | sed 's/=.*/=/' -o output.txt

8- python3 main.py -f input.txt -o <output>

Note :- if u can use Alternative of xss automation Tool For better Result U can Use
Xssorv2 Ibrahim Husić Tool it's effective and 100 Acuracy 💯

Ref: Linkedin_stuffs
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Ai Model for Hackers:


4 Security AI for Pentesting

>>

This model is designed to accurately detect and classify commands associated with four essential security tools used in pentesting: Nmap, Metasploit, John the Ripper, and the Social Engineering Toolkit (SET). It leverages a Naive Bayes classifier trained on a comprehensive dataset of commands for these tools, enhancing the accuracy and effectiveness of recognizing and categorizing such commands.

Tools Included

1️⃣Nmap: A network scanning tool used to discover hosts and services on a computer network.

2️⃣Metasploit (msploit): A penetration testing framework for exploiting known vulnerabilities.

3️⃣John the Ripper (jtr): A password cracking software used to test password strength and recover lost passwords.

4️⃣Social Engineering Toolkit (SET): A collection of tools for conducting social engineering attacks.

>> Structure
The model has been trained to detect commands formatted to specify the tool being used. Each command or query is associated with one of the four tools, allowing for precise classification.

Example:

import pandas as pd
from sklearn.model_selection import train_test_split
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.naive_bayes import MultinomialNB
from sklearn.metrics import classification_report
import joblib

# Load the dataset from the txt file
data_path = 'trainingdata.txt'
data = []

# Read the file and parse the data
with open(data_path, 'r') as file:
    lines = file.readlines()
    for line in lines:
        # Split each line into question and tool by the last comma
        parts = line.rsplit(', "', 1)
        if len(parts) == 2:
            question = parts[0].strip().strip('"')
            tool = parts[1].strip().strip('",')
            data.append((question, tool))

# Create a DataFrame
df = pd.DataFrame(data, columns=['question', 'tool'])

# Split the data
X_train, X_test, y_train, y_test = train_test_split(df['question'], df['tool'], test_size=0.2, random_state=42)

# Vectorize the text data
vectorizer = TfidfVectorizer()
X_train_vectorized = vectorizer.fit_transform(X_train)
X_test_vectorized = vectorizer.transform(X_test)

# Train a Naive Bayes classifier
clf = MultinomialNB()
clf.fit(X_train_vectorized, y_train)

# Make predictions
y_pred = clf.predict(X_test_vectorized)

# Print the classification report
print(classification_report(y_test, y_pred))

# Save the model and vectorizer
joblib.dump(clf, 'findtool_model.pkl')
joblib.dump(vectorizer, 'vectorizer.pkl')

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁