From 22d6750e1f6ff6b9d5e7d023aa57c3591745d4d8 Mon Sep 17 00:00:00 2001 From: Nick Roma Date: Sun, 14 Nov 2021 13:00:19 +0900 Subject: [PATCH] Updates .md syntax and grammar --- README.md | 568 +++++++++++++++++++++++++++--------------------------- 1 file changed, 285 insertions(+), 283 deletions(-) diff --git a/README.md b/README.md index db3aac2..060c19e 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@
-**** +--- ## :notebook_with_decorative_cover:  What is it? @@ -58,7 +58,7 @@ These below rules may be better: - easy to contribute to (Markdown + HTML ...) - easy to find (simple TOC, maybe it's worth extending them?) -Url marked **\*** is temporary unavailable. Please don't delete it without confirming that it has permanently expired. +Url marked **\*** is temporarily unavailable. Please don't delete it without confirming that it has permanently expired. Before adding a pull request, please see the **[contributing guidelines](.github/CONTRIBUTING.md)**. You should also remember about this: @@ -148,7 +148,7 @@ Only main chapters:

  :small_orange_diamond: Midnight Commander - is a visual file manager, licensed under GNU General Public License.
-  :small_orange_diamond: ranger - is a VIM-inspired filemanager for the console.
+  :small_orange_diamond: ranger - is a VIM-inspired file manager for the console.
  :small_orange_diamond: nnn - is a tiny, lightning fast, feature-packed file manager.
  :small_orange_diamond: screen - is a full-screen window manager that multiplexes a physical terminal.
  :small_orange_diamond: tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
@@ -1239,7 +1239,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
  :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
  :small_orange_diamond: AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
-  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
+  :small_orange_diamond: Faraday - an Integrated Multi User Pentest Environment.
  :small_orange_diamond: Photon - incredibly fast crawler designed for OSINT.
  :small_orange_diamond: XSStrike - most advanced XSS detection suite.
  :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
@@ -1323,7 +1323,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
  :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
  :small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
-  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
+  :small_orange_diamond: DEFCON Media Server - great stuff from DEFCON.
  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
@@ -1396,7 +1396,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
  :small_orange_diamond: Google Gruyere - web application exploits and defenses.
  :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
-  :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
+  :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable applications in one environment.
  :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
  :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design" AWS deployment tool.
@@ -1544,49 +1544,49 @@ AWS deployment tool.
###### DNS Servers list (privacy) -| IP | URL | -| :--- | :--- | -| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | -| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | -| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | -| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | -| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) | -| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | +| IP | URL | +| :------------------- | :-------------------------------------------------------------------------------------- | +| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | +| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | +| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | +| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | +| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) | +| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | ###### TOP Browser extensions -| Extension name | Description | -| :--- | :--- | -| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. | -| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. | -| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | -| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | -| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | -| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. | -| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. | -| **`Clear Cache`** | Clear your cache and browsing data. | -| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. | -| **`Web Developer`** | Adds a toolbar button with various web developer tools. | -| **`ThreatPinch Lookup`** | Add threat intelligence hover tool tips. | +| Extension name | Description | +| :--------------------------- | :---------------------------------------------------------------------------- | +| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. | +| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. | +| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | +| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | +| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | +| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. | +| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. | +| **`Clear Cache`** | Clear your cache and browsing data. | +| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. | +| **`Web Developer`** | Adds a toolbar button with various web developer tools. | +| **`ThreatPinch Lookup`** | Add threat intelligence hover tooltips. | ###### TOP Burp extensions -| Extension name | Description | -| :--- | :--- | -| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | -| **`Autorize`** | Automatically detects authorization enforcement. | -| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. | -| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. | -| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. | -| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | -| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | -| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | -| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. | -| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | -| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | -| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. | -| **`Turbo Intruder`** | Is a powerful bruteforcing tool. | -| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. | +| Extension name | Description | +| :----------------------------------- | :------------------------------------------------------------------------------ | +| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | +| **`Autorize`** | Automatically detects authorization enforcement. | +| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. | +| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. | +| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. | +| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | +| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | +| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | +| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. | +| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | +| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | +| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. | +| **`Turbo Intruder`** | Is a powerful bruteforcing tool. | +| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. | ###### Hack Mozilla Firefox address bar @@ -1626,7 +1626,7 @@ http://192.168.257 → 192.168.1.1 http://192.168.516 → 192.168.2.4 ``` - > This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. +> This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. For more information please see [How to Obscure Any URL](http://www.pc-help.org/obscure.htm) and [Magic IP Address Shortcuts](https://stuff-things.net/2014/09/25/magic-ip-address-shortcuts/). @@ -1658,60 +1658,60 @@ text :arrow_left: encoded ##### Table of Contents - * [terminal](#tool-terminal) - * [busybox](#tool-busybox) - * [mount](#tool-mount) - * [fuser](#tool-fuser) - * [lsof](#tool-lsof) - * [ps](#tool-ps) - * [top](#tool-top) - * [vmstat](#tool-vmstat) - * [iostat](#tool-iostat) - * [strace](#tool-strace) - * [kill](#tool-kill) - * [find](#tool-find) - * [diff](#tool-diff) - * [vimdiff](#tool-vimdiff) - * [tail](#tool-tail) - * [cpulimit](#tool-cpulimit) - * [pwdx](#tool-pwdx) - * [tr](#tool-tr) - * [chmod](#tool-chmod) - * [who](#tool-who) - * [last](#tool-last) - * [screen](#tool-screen) - * [script](#tool-script) - * [du](#tool-du) - * [inotifywait](#tool-inotifywait) - * [openssl](#tool-openssl) - * [secure-delete](#tool-secure-delete) - * [dd](#tool-dd) - * [gpg](#tool-gpg) - * [system-other](#tool-system-other) - * [curl](#tool-curl) - * [httpie](#tool-httpie) - * [ssh](#tool-ssh) - * [linux-dev](#tool-linux-dev) - * [tcpdump](#tool-tcpdump) - * [tcpick](#tool-tcpick) - * [ngrep](#tool-ngrep) - * [hping3](#tool-hping3) - * [nmap](#tool-nmap) - * [netcat](#tool-netcat) - * [socat](#tool-socat) - * [p0f](#tool-p0f) - * [gnutls-cli](#tool-gnutls-cli) - * [netstat](#tool-netstat) - * [rsync](#tool-rsync) - * [host](#tool-host) - * [dig](#tool-dig) - * [certbot](#tool-certbot) - * [network-other](#tool-network-other) - * [git](#tool-git) - * [awk](#tool-awk) - * [sed](#tool-sed) - * [grep](#tool-grep) - * [perl](#tool-perl) +- [terminal](#tool-terminal) +- [busybox](#tool-busybox) +- [mount](#tool-mount) +- [fuser](#tool-fuser) +- [lsof](#tool-lsof) +- [ps](#tool-ps) +- [top](#tool-top) +- [vmstat](#tool-vmstat) +- [iostat](#tool-iostat) +- [strace](#tool-strace) +- [kill](#tool-kill) +- [find](#tool-find) +- [diff](#tool-diff) +- [vimdiff](#tool-vimdiff) +- [tail](#tool-tail) +- [cpulimit](#tool-cpulimit) +- [pwdx](#tool-pwdx) +- [tr](#tool-tr) +- [chmod](#tool-chmod) +- [who](#tool-who) +- [last](#tool-last) +- [screen](#tool-screen) +- [script](#tool-script) +- [du](#tool-du) +- [inotifywait](#tool-inotifywait) +- [openssl](#tool-openssl) +- [secure-delete](#tool-secure-delete) +- [dd](#tool-dd) +- [gpg](#tool-gpg) +- [system-other](#tool-system-other) +- [curl](#tool-curl) +- [httpie](#tool-httpie) +- [ssh](#tool-ssh) +- [linux-dev](#tool-linux-dev) +- [tcpdump](#tool-tcpdump) +- [tcpick](#tool-tcpick) +- [ngrep](#tool-ngrep) +- [hping3](#tool-hping3) +- [nmap](#tool-nmap) +- [netcat](#tool-netcat) +- [socat](#tool-socat) +- [p0f](#tool-p0f) +- [gnutls-cli](#tool-gnutls-cli) +- [netstat](#tool-netstat) +- [rsync](#tool-rsync) +- [host](#tool-host) +- [dig](#tool-dig) +- [certbot](#tool-certbot) +- [network-other](#tool-network-other) +- [git](#tool-git) +- [awk](#tool-awk) +- [sed](#tool-sed) +- [grep](#tool-grep) +- [perl](#tool-perl) ##### Tool: [terminal](https://en.wikipedia.org/wiki/Linux_console) @@ -1783,7 +1783,7 @@ http.?://.+:.+@.*\ export PROMPT_COMMAND="sterile" ``` - > Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go). +> Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go). ###### Quickly backup a file @@ -1891,9 +1891,9 @@ unset MAIL; export MAILCHECK=1; export MAILPATH='$FILE_TO_WATCH?$MESSAGE' busybox httpd -p $PORT -h $HOME [-c httpd.conf] ``` -___ +--- -##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix)) +##### Tool: [mount]() ###### Mount a temporary ram partition @@ -1901,8 +1901,8 @@ ___ mount -t tmpfs tmpfs /mnt -o size=64M ``` - * `-t` - filesystem type - * `-o` - mount options +- `-t` - filesystem type +- `-o` - mount options ###### Remount a filesystem as read/write @@ -1910,9 +1910,9 @@ mount -t tmpfs tmpfs /mnt -o size=64M mount -o remount,rw / ``` -___ +--- -##### Tool: [fuser](https://en.wikipedia.org/wiki/Fuser_(Unix)) +##### Tool: [fuser]() ###### Show which processes use the files/directories @@ -1927,7 +1927,7 @@ fuser -v /home/supervisor fuser -ki filename ``` - * `-i` - interactive option +- `-i` - interactive option ###### Kills a process that is locking a file with specific signal @@ -1935,7 +1935,7 @@ fuser -ki filename fuser -k -HUP filename ``` - * `--list-signals` - list available signal names +- `--list-signals` - list available signal names ###### Show what PID is listening on specific port @@ -1949,7 +1949,7 @@ fuser -v 53/udp fuser -mv /var/www ``` -___ +--- ##### Tool: [lsof](https://en.wikipedia.org/wiki/Lsof) @@ -2015,9 +2015,9 @@ sort -n -u | tail | column -t lsof -p | grep cwd ``` -___ +--- -##### Tool: [ps](https://en.wikipedia.org/wiki/Ps_(Unix)) +##### Tool: [ps]() ###### Show a 4-way scrollable process tree with full details @@ -2037,9 +2037,9 @@ ps hax -o user | sort | uniq -c | sort -r ps -lfC nginx ``` -___ +--- -##### Tool: [find](https://en.wikipedia.org/wiki/Find_(Unix)) +##### Tool: [find]() ###### Find files that have been modified on your system in the past 60 minutes @@ -2148,9 +2148,9 @@ find . -depth -name '*test*' -execdir bash -c 'mv -v "$1" "${1//foo/bar}"' _ {} find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \; ``` -___ +--- -##### Tool: [top](https://en.wikipedia.org/wiki/Top_(software)) +##### Tool: [top]() ###### Use top to monitor only all processes with the specific string @@ -2158,9 +2158,9 @@ ___ top -p $(pgrep -d , ) ``` - * `` - process containing string (eg. nginx, worker) +- `` - process containing string (eg. nginx, worker) -___ +--- ##### Tool: [vmstat](https://en.wikipedia.org/wiki/Vmstat) @@ -2170,11 +2170,11 @@ ___ vmstat 2 20 -t -w ``` - * `2` - number of times with a defined time interval (delay) - * `20` - each execution of the command (count) - * `-t` - show timestamp - * `-w` - wide output - * `-S M` - output of the fields in megabytes instead of kilobytes +- `2` - number of times with a defined time interval (delay) +- `20` - each execution of the command (count) +- `-t` - show timestamp +- `-w` - wide output +- `-S M` - output of the fields in megabytes instead of kilobytes ###### Show current system utilization will get refreshed every 5 seconds @@ -2208,10 +2208,10 @@ vmstat -m iostat 2 10 -t -m ``` - * `2` - number of times with a defined time interval (delay) - * `10` - each execution of the command (count) - * `-t` - show timestamp - * `-m` - fields in megabytes (`-k` - in kilobytes, default) +- `2` - number of times with a defined time interval (delay) +- `10` - each execution of the command (count) +- `-t` - show timestamp +- `-m` - fields in megabytes (`-k` - in kilobytes, default) ###### Show information only about the CPU utilization @@ -2231,7 +2231,7 @@ iostat 2 10 -t -m -d iostat -N ``` -___ +--- ##### Tool: [strace](https://en.wikipedia.org/wiki/Strace) @@ -2277,9 +2277,9 @@ strace -f -e trace=bind nc -l 80 strace -f -e trace=network nc -lu 80 ``` -___ +--- -##### Tool: [kill](https://en.wikipedia.org/wiki/Kill_(command)) +##### Tool: [kill]() ###### Kill a process running on port @@ -2287,7 +2287,7 @@ ___ kill -9 $(lsof -i : | awk '{l=$2} END {print l}') ``` -___ +--- ##### Tool: [diff](https://en.wikipedia.org/wiki/Diff) @@ -2303,7 +2303,7 @@ diff <(cd directory1 && find | sort) <(cd directory2 && find | sort) diff <(cat /etc/passwd) <(cut -f2 /etc/passwd) ``` -___ +--- ##### Tool: [vimdiff](http://vimdoc.sourceforge.net/htmldoc/diff.html) @@ -2312,6 +2312,7 @@ ___ ```bash vimdiff file1 file2 ``` + ###### Compare two JSON files ```bash @@ -2319,6 +2320,7 @@ vimdiff <(jq -S . A.json) <(jq -S . B.json) ``` ###### Compare Hex dump + ```bash d(){ vimdiff <(f $1) <(f $2);};f(){ hexdump -C $1|cut -d' ' -f3-|tr -s ' ';}; d ~/bin1 ~/bin2 ``` @@ -2329,15 +2331,15 @@ Save [diffchar](https://raw.githubusercontent.com/vim-scripts/diffchar.vim/maste Click `F7` to switch between diff modes -Usefull `vimdiff` commands: +Useful `vimdiff` commands: -* `qa` to exit all windows -* `:vertical resize 70` to resize window -* set window width `Ctrl+W [N columns]+(Shift+)<\>` +- `qa` to exit all windows +- `:vertical resize 70` to resize window +- set window width `Ctrl+W [N columns]+(Shift+)<\>` -___ +--- -##### Tool: [tail](https://en.wikipedia.org/wiki/Tail_(Unix)) +##### Tool: [tail]() ###### Annotate tail -f with timestamps @@ -2357,9 +2359,9 @@ tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail tail -n 100 -f /path/to/logfile | grep "HTTP/[1-2].[0-1]\" [5]" ``` -___ +--- -##### Tool: [tar](https://en.wikipedia.org/wiki/Tar_(computing)) +##### Tool: [tar]() ###### System backup with exclude specific directories @@ -2378,9 +2380,9 @@ tar cvpf /backup/snapshot-$(date +%d%m%Y%s).tgz --directory=/ \ --exclude=mnt/* --exclude=tmp/* --use-compress-program=pigz . ``` -___ +--- -##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program)) +##### Tool: [dump]() ###### System backup to file @@ -2395,7 +2397,7 @@ cd / restore -rf /backup/system$(date +%d%m%Y%s).lzo ``` -___ +--- ##### Tool: [cpulimit](http://cpulimit.sourceforge.net/) @@ -2405,7 +2407,7 @@ ___ cpulimit -p pid -l 50 ``` -___ +--- ##### Tool: [pwdx](https://www.cyberciti.biz/faq/unix-linux-pwdx-command-examples-usage-syntax/) @@ -2415,7 +2417,7 @@ ___ pwdx ``` -___ +--- ##### Tool: [taskset](https://www.cyberciti.biz/faq/taskset-cpu-affinity-command/) @@ -2425,9 +2427,9 @@ ___ taskset -c 0 ``` -___ +--- -##### Tool: [tr](https://en.wikipedia.org/wiki/Tr_(Unix)) +##### Tool: [tr]() ###### Show directories in the PATH, one per line @@ -2435,7 +2437,7 @@ ___ tr : '\n' <<<$PATH ``` -___ +--- ##### Tool: [chmod](https://en.wikipedia.org/wiki/Chmod) @@ -2460,9 +2462,9 @@ cp /bin/chmod chmod.01 setfacl --set u::rwx,g::---,o::--- /bin/chmod ``` -___ +--- -##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix)) +##### Tool: [who]() ###### Find last reboot time @@ -2476,7 +2478,7 @@ who -b [[ $(who -m | awk '{ print $1 }') == $(whoami) ]] || echo "You are su-ed to $(whoami)" ``` -___ +--- ##### Tool: [last](https://www.howtoforge.com/linux-last-command/) @@ -2487,7 +2489,7 @@ ___ grep -A1 reboot | head -2 | grep -q shutdown && echo "Expected reboot" || echo "Panic reboot" ``` -___ +--- ##### Tool: [screen](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2503,9 +2505,9 @@ screen -d -m screen -r -d ``` -___ +--- -##### Tool: [script](https://en.wikipedia.org/wiki/Script_(Unix)) +##### Tool: [script]() ###### Record and replay terminal session @@ -2521,7 +2523,7 @@ script --timing=session.time session.log scriptreplay --timing=session.time session.log ``` -___ +--- ##### Tool: [du](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2534,7 +2536,7 @@ awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]" head -n 20 ``` -___ +--- ##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2544,7 +2546,7 @@ ___ while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done; ``` -___ +--- ##### Tool: [openssl](https://www.openssl.org/) @@ -2655,7 +2657,7 @@ openssl req -out ${_fd_csr} -new -key ${_fd} ) ###### Generate CSR (metadata from existing certificate) - > Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. +> Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ @@ -2939,7 +2941,7 @@ openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq openssl req -noout -modulus -in request.csr | openssl md5) | uniq ``` -___ +--- ##### Tool: [secure-delete](https://wiki.archlinux.org/index.php/Securely_wipe_disk) @@ -2973,9 +2975,9 @@ sdmem -v swapoff /dev/sda5 && sswap -vz /dev/sda5 ``` -___ +--- -##### Tool: [dd](https://en.wikipedia.org/wiki/Dd_(Unix)) +##### Tool: [dd]() ###### Show dd status every so often @@ -2990,7 +2992,7 @@ watch --interval 5 killall -USR1 dd echo "string" | dd of=filename ``` -___ +--- ##### Tool: [gpg](https://www.gnupg.org/) @@ -3000,8 +3002,8 @@ ___ gpg --export --armor "" > username.pkey ``` - * `--export` - export all keys from all keyrings or specific key - * `-a|--armor` - create ASCII armored output +- `--export` - export all keys from all keyrings or specific key +- `-a|--armor` - create ASCII armored output ###### Encrypt file @@ -3009,8 +3011,8 @@ gpg --export --armor "" > username.pkey gpg -e -r "" dump.sql ``` - * `-e|--encrypt` - encrypt data - * `-r|--recipient` - encrypt for specific +- `-e|--encrypt` - encrypt data +- `-r|--recipient` - encrypt for specific ###### Decrypt file @@ -3018,8 +3020,8 @@ gpg -e -r "" dump.sql gpg -o dump.sql -d dump.sql.gpg ``` - * `-o|--output` - use as output file - * `-d|--decrypt` - decrypt data (default) +- `-o|--output` - use as output file +- `-d|--decrypt` - decrypt data (default) ###### Search recipient @@ -3027,8 +3029,8 @@ gpg -o dump.sql -d dump.sql.gpg gpg --keyserver hkp://keyserver.ubuntu.com --search-keys "" ``` - * `--keyserver` - set specific key server - * `--search-keys` - search for keys on a key server +- `--keyserver` - set specific key server +- `--search-keys` - search for keys on a key server ###### List all of the packets in an encrypted file @@ -3037,7 +3039,7 @@ gpg --batch --list-packets archive.gpg gpg2 --batch --list-packets archive.gpg ``` -___ +--- ##### Tool: [system-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-system-other) @@ -3071,30 +3073,30 @@ readlink -f /proc//exe curl -Iks https://www.google.com ``` - * `-I` - show response headers only - * `-k` - insecure connection when using ssl - * `-s` - silent mode (not display body) +- `-I` - show response headers only +- `-k` - insecure connection when using ssl +- `-s` - silent mode (not display body) ```bash curl -Iks --location -X GET -A "x-agent" https://www.google.com ``` - * `--location` - follow redirects - * `-X` - set method - * `-A` - set user-agent +- `--location` - follow redirects +- `-X` - set method +- `-A` - set user-agent ```bash curl -Iks --location -X GET -A "x-agent" --proxy http://127.0.0.1:16379 https://www.google.com ``` - * `--proxy [socks5://|http://]` - set proxy server +- `--proxy [socks5://|http://]` - set proxy server ```bash curl -o file.pdf -C - https://example.com/Aiju2goo0Ja2.pdf ``` - * `-o` - write output to file - * `-C` - resume the transfer +- `-o` - write output to file +- `-C` - resume the transfer ###### Find your external IP address (external services) @@ -3154,7 +3156,7 @@ done unset _domain_list _dns_list ``` -___ +--- ##### Tool: [httpie](https://httpie.org/) @@ -3162,25 +3164,25 @@ ___ http -p Hh https://www.google.com ``` - * `-p` - print request and response headers - * `H` - request headers - * `B` - request body - * `h` - response headers - * `b` - response body +- `-p` - print request and response headers + - `H` - request headers + - `B` - request body + - `h` - response headers + - `b` - response body ```bash http -p Hh https://www.google.com --follow --verify no ``` - * `-F, --follow` - follow redirects - * `--verify no` - skip SSL verification +- `-F, --follow` - follow redirects +- `--verify no` - skip SSL verification ```bash http -p Hh https://www.google.com --follow --verify no \ --proxy http:http://127.0.0.1:16379 ``` - * `--proxy [http:]` - set proxy server +- `--proxy [http:]` - set proxy server ##### Tool: [ssh](https://www.openssh.com/) @@ -3308,9 +3310,9 @@ host1> ssh -nNT -L 9051:db.d.x:5432 node.d.y host1> psql -U db_user -d db_dev -p 9051 -h localhost ``` - * `-n` - redirects stdin from `/dev/null` - * `-N` - do not execute a remote command - * `-T` - disable pseudo-terminal allocation +- `-n` - redirects stdin from `/dev/null` +- `-N` - do not execute a remote command +- `-T` - disable pseudo-terminal allocation ###### SSH remote port forwarding @@ -3322,7 +3324,7 @@ host1> ssh -nNT -R 9051:db.d.x:5432 node.d.y host2> psql -U postgres -d postgres -p 8000 -h localhost ``` -___ +--- ##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html) @@ -3332,9 +3334,9 @@ ___ timeout 1 bash -c "//" >/dev/null 2>&1 ; echo $? ``` - * `` - set remote host - * `` - set destination port +- `` - set remote host +- `` - set destination port ###### Read and write to TCP or UDP sockets with common bash tools @@ -3342,7 +3344,7 @@ timeout 1 bash -c "//" >/dev/null 2>&1 ; echo $? exec 5<>/dev/tcp//; cat <&5 & cat >&5; exec 5>&- ``` -___ +--- ##### Tool: [tcpdump](http://www.tcpdump.org/) @@ -3352,13 +3354,13 @@ ___ tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 ``` - * `-n` - don't convert addresses (`-nn` will not resolve hostnames or ports) - * `-e` - print the link-level headers - * `-i [iface|any]` - set interface - * `-Q|-D [in|out|inout]` - choose send/receive direction (`-D` - for old tcpdump versions) - * `host [ip|hostname]` - set host, also `[host not]` - * `[and|or]` - set logic - * `port [1-65535]` - set port number, also `[port not]` +- `-n` - don't convert addresses (`-nn` will not resolve hostnames or ports) +- `-e` - print the link-level headers +- `-i [iface|any]` - set interface +- `-Q|-D [in|out|inout]` - choose send/receive direction (`-D` - for old tcpdump versions) +- `host [ip|hostname]` - set host, also `[host not]` +- `[and|or]` - set logic +- `port [1-65535]` - set port number, also `[port not]` ###### Filter incoming (on interface) traffic (specific ) and write to a file @@ -3366,8 +3368,8 @@ tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 -c 5 -w tcpdump.pcap ``` - * `-c [num]` - capture only num number of packets - * `-w [filename]` - write packets to file, `-r [filename]` - reading from file +- `-c [num]` - capture only num number of packets +- `-w [filename]` - write packets to file, `-r [filename]` - reading from file ###### Capture all ICMP packets @@ -3426,8 +3428,8 @@ tcpdump -ei eth0 -s 0 -v -n -l | egrep -i "POST /|GET /|Host:" tcpdump -ei eth0 -w /tmp/capture-%H.pcap -G 3600 -C 200 ``` - * `-G ` - pcap will be created every `` seconds - * `-C ` - close the current pcap and open a new one if is larger than `` +- `-G ` - pcap will be created every `` seconds +- `-C ` - close the current pcap and open a new one if is larger than `` ###### Top hosts by packets @@ -3441,7 +3443,7 @@ tcpdump -ei enp0s25 -nnn -t -c 200 | cut -f 1,2,3,4 -d '.' | sort | uniq -c | so tcpdump -nei eth0 'not (src net (10 or 172.16/12 or 192.168/16) and dst net (10 or 172.16/12 or 192.168/16))' ``` -___ +--- ##### Tool: [tcpick](http://tcpick.sourceforge.net/) @@ -3451,7 +3453,7 @@ ___ while true ; do tcpick -a -C -r dump.pcap ; sleep 2 ; clear ; done ``` -___ +--- ##### Tool: [ngrep](http://ngrep.sourceforge.net/usage.html) @@ -3459,41 +3461,41 @@ ___ ngrep -d eth0 "www.domain.com" port 443 ``` - * `-d [iface|any]` - set interface - * `[domain]` - set hostname - * `port [1-65535]` - set port number +- `-d [iface|any]` - set interface +- `[domain]` - set hostname +- `port [1-65535]` - set port number ```bash ngrep -d eth0 "www.domain.com" src host 10.240.20.2 and port 443 ``` - * `(host [ip|hostname])` - filter by ip or hostname - * `(port [1-65535])` - filter by port number +- `(host [ip|hostname])` - filter by ip or hostname +- `(port [1-65535])` - filter by port number ```bash ngrep -d eth0 -qt -O ngrep.pcap "www.domain.com" port 443 ``` - * `-q` - quiet mode (only payloads) - * `-t` - added timestamps - * `-O [filename]` - save output to file, `-I [filename]` - reading from file +- `-q` - quiet mode (only payloads) +- `-t` - added timestamps +- `-O [filename]` - save output to file, `-I [filename]` - reading from file ```bash ngrep -d eth0 -qt 'HTTP' 'tcp' ``` - * `HTTP` - show http headers - * `tcp|udp` - set protocol - * `[src|dst] host [ip|hostname]` - set direction for specific node +- `HTTP` - show http headers +- `tcp|udp` - set protocol +- `[src|dst] host [ip|hostname]` - set direction for specific node ```bash ngrep -l -q -d eth0 -i "User-Agent: curl*" ``` - * `-l` - stdout line buffered - * `-i` - case-insensitive search +- `-l` - stdout line buffered +- `-i` - case-insensitive search -___ +--- ##### Tool: [hping3](http://www.hping.org/) @@ -3501,36 +3503,36 @@ ___ hping3 -V -p 80 -s 5050 www.google.com ``` - * `-V|--verbose` - verbose mode - * `-p|--destport` - set destination port - * `-s|--baseport` - set source port - * `` - set scan type - * `-F|--fin` - set FIN flag, port open if no reply - * `-S|--syn` - set SYN flag - * `-P|--push` - set PUSH flag - * `-A|--ack` - set ACK flag (use when ping is blocked, RST response back if the port is open) - * `-U|--urg` - set URG flag - * `-Y|--ymas` - set Y unused flag (0x80 - nullscan), port open if no reply - * `-M 0 -UPF` - set TCP sequence number and scan type (URG+PUSH+FIN), port open if no reply +- `-V|--verbose` - verbose mode +- `-p|--destport` - set destination port +- `-s|--baseport` - set source port +- `` - set scan type + - `-F|--fin` - set FIN flag, port open if no reply + - `-S|--syn` - set SYN flag + - `-P|--push` - set PUSH flag + - `-A|--ack` - set ACK flag (use when ping is blocked, RST response back if the port is open) + - `-U|--urg` - set URG flag + - `-Y|--ymas` - set Y unused flag (0x80 - nullscan), port open if no reply + - `-M 0 -UPF` - set TCP sequence number and scan type (URG+PUSH+FIN), port open if no reply ```bash hping3 -V -c 1 -1 -C 8 www.google.com ``` - * `-c [num]` - packet count - * `-1` - set ICMP mode - * `-C|--icmptype [icmp-num]` - set icmp type (default icmp-echo = 8) +- `-c [num]` - packet count +- `-1` - set ICMP mode +- `-C|--icmptype [icmp-num]` - set icmp type (default icmp-echo = 8) ```bash hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 --flood --rand-source ``` - * `--flood` - sent packets as fast as possible (don't show replies) - * `--rand-source` - random source address mode - * `-d --data` - data size - * `-w|--win` - winsize (default 64) +- `--flood` - sent packets as fast as possible (don't show replies) +- `--rand-source` - random source address mode +- `-d --data` - data size +- `-w|--win` - winsize (default 64) -___ +--- ##### Tool: [nmap](https://nmap.org/) @@ -3610,7 +3612,7 @@ _nmap_nse_scripts_args+="http-waf-fingerprint.intensive=1" nmap --script="$_nmap_nse_scripts" --script-args="$_nmap_nse_scripts_args" -p "$_ports" "$_hosts" ``` -___ +--- ##### Tool: [netcat](http://netcat.sourceforge.net/) @@ -3618,28 +3620,28 @@ ___ nc -kl 5000 ``` - * `-l` - listen for an incoming connection - * `-k` - listening after client has disconnected - * `>filename.out` - save receive data to file (optional) +- `-l` - listen for an incoming connection +- `-k` - listening after client has disconnected +- `>filename.out` - save receive data to file (optional) ```bash nc 192.168.0.1 5051 < filename.in ``` - * `< filename.in` - send data to remote host +- `< filename.in` - send data to remote host ```bash nc -vz 10.240.30.3 5000 ``` - * `-v` - verbose output - * `-z` - scan for listening daemons +- `-v` - verbose output +- `-z` - scan for listening daemons ```bash nc -vzu 10.240.30.3 1-65535 ``` - * `-u` - scan only udp ports +- `-u` - scan only udp ports ###### Transfer data file (archive) @@ -3675,7 +3677,7 @@ while true ; do nc -l -p 1500 -c 'echo -e "HTTP/1.1 200 OK\n\n $(date)"' ; done ###### Simple HTTP Server - > Restarts web server after each request - remove `while` condition for only single connection. +> Restarts web server after each request - remove `while` condition for only single connection. ```bash cat > index.html << __EOF__ @@ -3707,7 +3709,7 @@ nc -l -p 5000 \ ; done ``` - * `-p` - port number +- `-p` - port number ###### Simple HTTP Proxy (single connection) @@ -3776,7 +3778,7 @@ nc -l -u -p 2000 -c "nc -u [ip|hostname] 3000" nc -l -u -p 2000 -c "nc [ip|hostname] 3000" ``` -___ +--- ##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html) @@ -3792,7 +3794,7 @@ gnutls-cli -p 443 google.com gnutls-cli --disable-sni -p 443 google.com ``` -___ +--- ##### Tool: [socat](http://www.dest-unreach.org/socat/doc/socat.html) @@ -3802,10 +3804,10 @@ ___ socat - TCP4:10.240.30.3:22 ``` - * `-` - standard input (STDIO) - * `TCP4:` - set tcp4 connection with specific params - * `[hostname|ip]` - set hostname/ip - * `[1-65535]` - set port number +- `-` - standard input (STDIO) +- `TCP4:` - set tcp4 connection with specific params + - `[hostname|ip]` - set hostname/ip + - `[1-65535]` - set port number ###### Redirecting TCP-traffic to a UNIX domain socket under Linux @@ -3813,17 +3815,17 @@ socat - TCP4:10.240.30.3:22 socat TCP-LISTEN:1234,bind=127.0.0.1,reuseaddr,fork,su=nobody,range=127.0.0.0/8 UNIX-CLIENT:/tmp/foo ``` - * `TCP-LISTEN:` - set tcp listen with specific params - * `[1-65535]` - set port number - * `bind=[hostname|ip]` - set bind hostname/ip - * `reuseaddr` - allows other sockets to bind to an address - * `fork` - keeps the parent process attempting to produce more connections - * `su=nobody` - set user - * `range=[ip-range]` - ip range - * `UNIX-CLIENT:` - communicates with the specified peer socket - * `filename` - define socket +- `TCP-LISTEN:` - set tcp listen with specific params + - `[1-65535]` - set port number + - `bind=[hostname|ip]` - set bind hostname/ip + - `reuseaddr` - allows other sockets to bind to an address + - `fork` - keeps the parent process attempting to produce more connections + - `su=nobody` - set user + - `range=[ip-range]` - ip range +- `UNIX-CLIENT:` - communicates with the specified peer socket + - `filename` - define socket -___ +--- ##### Tool: [p0f](http://lcamtuf.coredump.cx/p0f3/) @@ -3833,12 +3835,12 @@ ___ p0f -i enp0s25 -p -d -o /dump/enp0s25.log ``` - * `-i` - listen on the specified interface - * `-p` - set interface in promiscuous mode - * `-d` - fork into background - * `-o` - output file +- `-i` - listen on the specified interface +- `-p` - set interface in promiscuous mode +- `-d` - fork into background +- `-o` - output file -___ +--- ##### Tool: [netstat](https://en.wikipedia.org/wiki/Netstat) @@ -3861,7 +3863,7 @@ watch "netstat -plan | grep :443 | awk {'print \$5'} | cut -d: -f 1 | sort | uni netstat -nlt | grep 'tcp ' | grep -Eo "[1-9][0-9]*" | xargs -I {} sh -c "echo "" | nc -v -n -w1 127.0.0.1 {}" ``` -___ +--- ##### Tool: [rsync](https://en.wikipedia.org/wiki/Rsync) @@ -3871,9 +3873,9 @@ ___ rsync --rsync-path 'sudo rsync' username@hostname:/path/to/dir/ /local/ ``` -___ +--- -##### Tool: [host](https://en.wikipedia.org/wiki/Host_(Unix)) +##### Tool: [host]() ###### Resolves the domain name (using external dns server) @@ -3887,9 +3889,9 @@ host google.com 9.9.9.9 host -t soa google.com 9.9.9.9 ``` -___ +--- -##### Tool: [dig](https://en.wikipedia.org/wiki/Dig_(command)) +##### Tool: [dig]() ###### Resolves the domain name (short output) @@ -3921,7 +3923,7 @@ dig google.com ANY +noall +answer dig -x 172.217.16.14 +short ``` -___ +--- ##### Tool: [certbot](https://certbot.eff.org/) @@ -3943,7 +3945,7 @@ certbot certonly --manual --preferred-challenges=dns -d example.com -d *.example certbot certonly -d example.com -d www.example.com --rsa-key-size 4096 ``` -___ +--- ##### Tool: [network-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-network-other) @@ -3982,7 +3984,7 @@ git log --graph \ --abbrev-commit ``` -___ +--- ##### Tool: [python](https://www.python.org/) @@ -4078,7 +4080,7 @@ awk 'length($0)>80{print FNR,$0}' filename awk 'length < 80' filename ``` -###### Print double new lines a file +###### Print double newlines in a file ```bash awk '1; { print "" }' filename @@ -4174,7 +4176,7 @@ awk '/'$(date -d "1 hours ago" "+%d\\/%b\\/%Y:%H:%M")'/,/'$(date "+%d\\/%b\\/%Y: /var/log/httpd/access_log ``` -___ +--- ##### Tool: [sed](http://www.grymoire.com/Unix/Sed.html) @@ -4227,7 +4229,7 @@ while read line ; do printf "%s" "$line " ; done < file sed '/start/,+4d' /path/to/file ``` -___ +--- ##### Tool: [grep](http://www.grymoire.com/Unix/Grep.html)