diff --git a/README.md b/README.md index 2c1b9e4..ec5383d 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@
-**** +--- ## :notebook_with_decorative_cover:  What is it? @@ -46,7 +46,7 @@ These below rules may be better: - easy to contribute to (Markdown + HTML ...) - easy to find (simple TOC, maybe it's worth extending them?) -Url marked **\*** is temporary unavailable. Please don't delete it without confirming that it has permanently expired. +Url marked **\*** is temporarily unavailable. Please don't delete it without confirming that it has permanently expired. Before adding a pull request, please see the **[contributing guidelines](.github/CONTRIBUTING.md)**. You should also remember about this: @@ -136,12 +136,12 @@ Only main chapters: ##### :black_small_square: Managers

-   Midnight Commander - is a visual file manager, licensed under GNU General Public License.
-   ranger - is a VIM-inspired filemanager for the console.
-   nnn - is a tiny, lightning fast, feature-packed file manager.
-   screen - is a full-screen window manager that multiplexes a physical terminal.
-   tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
-   tmux-cssh - is a tool to set comfortable and easy to use functionality tmux-sessions.
+  :small_orange_diamond: Midnight Commander - is a visual file manager, licensed under GNU General Public License.
+  :small_orange_diamond: ranger - is a VIM-inspired file manager for the console.
+  :small_orange_diamond: nnn - is a tiny, lightning fast, feature-packed file manager.
+  :small_orange_diamond: screen - is a full-screen window manager that multiplexes a physical terminal.
+  :small_orange_diamond: tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
+  :small_orange_diamond: tmux-cssh - is a tool to set comfortable and easy to use functionality, tmux-sessions.

##### :black_small_square: Text editors @@ -1233,122 +1233,122 @@ CyberTalks - talks, interviews, and article about cybersecurity.
##### :black_small_square: Pentesters arsenal tools

-   Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
-   Metasploit - tool and framework for pentesting system, web and many more.
-   Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
-   OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
-   w3af - is a Web Application Attack and Audit Framework.
-   mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
-   Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
-   sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
-   Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
-   AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
-   Faraday - an Integrated Multiuser Pentest Environment.
-   Photon - incredibly fast crawler designed for OSINT.
-   XSStrike - most advanced XSS detection suite.
-   Sn1per - automated pentest framework for offensive security experts.
-   vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
-   tsunami - is a general purpose network security scanner with an extensible plugin system.
-   aquatone - a tool for domain flyovers.
-   BillCipher - information gathering tool for a website or IP address.
-   WhatWaf - detect and bypass web application firewalls and protection systems.
-   Corsy - CORS misconfiguration scanner.
-   Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
-   dirhunt - find web directories without bruteforce.
-   John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
-   hashcat - world's fastest and most advanced password recovery utility.
-   p0f - is a tool to identify the players behind any incidental TCP/IP communications.
-   ssh_scan - a prototype SSH configuration and policy scanner.
-   LeakLooker - find open databases - powered by Binaryedge.io
-   exploitdb - searchable archive from The Exploit Database.
-   getsploit - is a command line utility for searching and downloading exploits.
-   ctf-tools - some setup scripts for security research tools.
-   pwntools - CTF framework and exploit development library.
-   security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
-   pentestpackage - is a package of Pentest scripts.
-   python-pentest-tools - python tools for penetration testers.
-   fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
-   AFL - is a free software fuzzer maintained by Google.
-   AFL++ - is AFL with community patches.
-   syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
-   pwndbg - exploit development and reverse engineering with GDB made easy.
-   GDB PEDA - Python Exploit Development Assistance for GDB.
-   IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
-   radare2 - framework for reverse-engineering and analyzing binaries.
-   routersploit - exploitation framework for embedded devices.
-   Ghidra - is a software reverse engineering (SRE) framework.
-   Cutter - is an SRE platform integrating Ghidra's decompiler.
-   Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
-   Mentalist - is a graphical tool for custom wordlist generation.
-   archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
-   Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
-   beef - the browser exploitation framework project.
-   AutoSploit - automated mass exploiter.
-   SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
-   yara - the pattern matching swiss knife.
-   mimikatz - a little tool to play with Windows security.
-   sherlock - hunt down social media accounts by username across social networks.
-   OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.
+  :small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
+  :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more.
+  :small_orange_diamond: Burp Suite - tool for testing web app security, intercepting proxy to replay, inject, scan and fuzz.
+  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+  :small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
+  :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers.
+  :small_orange_diamond: Nikto2 - web server scanner which performs comprehensive tests against web servers for multiple items.
+  :small_orange_diamond: sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws.
+  :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
+  :small_orange_diamond: AutoRecon - is a network reconnaissance tool which performs automated enumeration of services.
+  :small_orange_diamond: Faraday - an Integrated Multiuser Pentest Environment.
+  :small_orange_diamond: Photon - incredibly fast crawler designed for OSINT.
+  :small_orange_diamond: XSStrike - most advanced XSS detection suite.
+  :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
+  :small_orange_diamond: vuls - is an agent-less vulnerability scanner for Linux, FreeBSD, and other.
+  :small_orange_diamond: tsunami - is a general purpose network security scanner with an extensible plugin system.
+  :small_orange_diamond: aquatone - a tool for domain flyovers.
+  :small_orange_diamond: BillCipher - information gathering tool for a website or IP address.
+  :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
+  :small_orange_diamond: Corsy - CORS misconfiguration scanner.
+  :small_orange_diamond: Raccoon - is a high performance offensive security tool for reconnaissance and vulnerability scanning.
+  :small_orange_diamond: dirhunt - find web directories without bruteforce.
+  :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
+  :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
+  :small_orange_diamond: p0f - is a tool to identify the players behind any incidental TCP/IP communications.
+  :small_orange_diamond: ssh_scan - a prototype SSH configuration and policy scanner.
+  :small_orange_diamond: LeakLooker - find open databases - powered by Binaryedge.io
+  :small_orange_diamond: exploitdb - searchable archive from The Exploit Database.
+  :small_orange_diamond: getsploit - is a command line utility for searching and downloading exploits.
+  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
+  :small_orange_diamond: pwntools - CTF framework and exploit development library.
+  :small_orange_diamond: security-tools - collection of small security tools created mostly in Python. CTFs, pentests and so on.
+  :small_orange_diamond: pentestpackage - is a package of Pentest scripts.
+  :small_orange_diamond: python-pentest-tools - python tools for penetration testers.
+  :small_orange_diamond: fuzzdb - dictionary of attack patterns and primitives for black-box application fault injection.
+  :small_orange_diamond: AFL - is a free software fuzzer maintained by Google.
+  :small_orange_diamond: AFL++ - is AFL with community patches.
+  :small_orange_diamond: syzkaller - is an unsupervised, coverage-guided kernel fuzzer.
+  :small_orange_diamond: pwndbg - exploit development and reverse engineering with GDB made easy.
+  :small_orange_diamond: GDB PEDA - Python Exploit Development Assistance for GDB.
+  :small_orange_diamond: IDA - multi-processor disassembler and debugger useful for reverse engineering malware.
+  :small_orange_diamond: radare2 - framework for reverse-engineering and analyzing binaries.
+  :small_orange_diamond: routersploit - exploitation framework for embedded devices.
+  :small_orange_diamond: Ghidra - is a software reverse engineering (SRE) framework.
+  :small_orange_diamond: Cutter - is an SRE platform integrating Ghidra's decompiler.
+  :small_orange_diamond: Vulnreport - open-source pentesting management and automation platform by Salesforce Product Security.
+  :small_orange_diamond: Mentalist - is a graphical tool for custom wordlist generation.
+  :small_orange_diamond: archerysec - vulnerability assessment and management helps to perform scans and manage vulnerabilities.
+  :small_orange_diamond: Osmedeus - fully automated offensive security tool for reconnaissance and vulnerability scanning.
+  :small_orange_diamond: beef - the browser exploitation framework project.
+  :small_orange_diamond: AutoSploit - automated mass exploiter.
+  :small_orange_diamond: SUDO_KILLER - is a tool to identify and exploit sudo rules' misconfigurations and vulnerabilities.
+  :small_orange_diamond: yara - the pattern matching swiss knife.
+  :small_orange_diamond: mimikatz - a little tool to play with Windows security.
+  :small_orange_diamond: sherlock - hunt down social media accounts by username across social networks.
+  :small_orange_diamond: OWASP Threat Dragon - is a tool used to create threat model diagrams and to record possible threats.

##### :black_small_square: Pentests bookmarks collection

-   PTES - the penetration testing execution standard.
-   Pentests MindMap - amazing mind map with vulnerable apps and systems.
-   WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
-   Brute XSS - master the art of Cross Site Scripting.
-   XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
-   Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
-   Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
-   Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
-   Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
-   Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
-   Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
-   Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
-   Hacking Cheat Sheet - author hacking and pentesting notes.
-   blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
-   Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
-   Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
-   Pentest Bookmarks - there are a LOT of pentesting blogs.
-   Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
-   ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
-   Beginner-Network-Pentesting - notes for beginner network pentesting course.
-   OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
-   PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
-   payloads - git all the Payloads! A collection of web attack payloads.
-   command-injection-payload-list - command injection payload list.
-   Awesome Shodan Search Queries - great search queries to plug into Shodan.
-   AwesomeXSS - is a collection of Awesome XSS resources.
-   php-webshells - common php webshells.
-   Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
-   OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
-   OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
-   OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
-   PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
-   pentest-wiki - is a free online security knowledge library for pentesters/researchers.
-   DEF CON Media Server - great stuff from DEFCON.
-   Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
-   SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
-   Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
-   HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
-   XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
-   GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
-   Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
-   SSRF Tips - a collection of SSRF Tips.
-   shell-storm repo CTF - great archive of CTFs.
-   ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
-   My-CTF-Web-Challenges - collection of CTF Web challenges.
-   MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
-   Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
-   KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
-   securitum/research - various Proof of Concepts of security research performed by Securitum.
-   public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
-   awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
-   bug-bounty-reference - is a list of bug bounty write-ups.
-   Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
-   Bug bounty writeups - list of bug bounty writeups (2012-2020).
-   hackso.me - a great journey into security.
+  :small_orange_diamond: PTES - the penetration testing execution standard.
+  :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
+  :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
+  :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
+  :small_orange_diamond: XSS cheat sheet - contains many vectors that can help you bypass WAFs and filters.
+  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all things that author need to pass OSCP.
+  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
+  :small_orange_diamond: Awesome Hacking by HackWithGithub - awesome lists for hackers, pentesters and security researchers.
+  :small_orange_diamond: Awesome Hacking by carpedm20 - a curated list of awesome hacking tutorials, tools and resources.
+  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
+  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
+  :small_orange_diamond: Awesome-Hacking-Tools - is a curated list of awesome Hacking Tools.
+  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
+  :small_orange_diamond: blackhat-arsenal-tools - official Black Hat arsenal security tools repository.
+  :small_orange_diamond: Penetration Testing and WebApp Cheat Sheets - the complete list of Infosec related cheat sheets.
+  :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
+  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
+  :small_orange_diamond: Cheatsheet-God - Penetration Testing Reference Bank - OSCP/PTP & PTX Cheatsheet.
+  :small_orange_diamond: ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
+  :small_orange_diamond: Beginner-Network-Pentesting - notes for beginner network pentesting course.
+  :small_orange_diamond: OSCPRepo - is a list of resources that author have been gathering in preparation for the OSCP.
+  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
+  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
+  :small_orange_diamond: command-injection-payload-list - command injection payload list.
+  :small_orange_diamond: Awesome Shodan Search Queries - great search queries to plug into Shodan.
+  :small_orange_diamond: AwesomeXSS - is a collection of Awesome XSS resources.
+  :small_orange_diamond: php-webshells - common php webshells.
+  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing.
+  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
+  :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
+  :small_orange_diamond: OWASP ProActive Controls - OWASP Top 10 Proactive Controls 2018.
+  :small_orange_diamond: PENTESTING-BIBLE - hacking & penetration testing & red team & cyber security resources.
+  :small_orange_diamond: pentest-wiki - is a free online security knowledge library for pentesters/researchers.
+  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
+  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
+  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical stuff about the many different variants of the SQL Injection.
+  :small_orange_diamond: Entersoft Knowledge Base - great and detailed reference about vulnerabilities.
+  :small_orange_diamond: HTML5 Security Cheatsheet - a collection of HTML5 related XSS attack vectors.
+  :small_orange_diamond: XSS String Encoder - for generating XSS code to check your input validation filters against XSS.
+  :small_orange_diamond: GTFOBins - list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
+  :small_orange_diamond: Guifre Ruiz Notes - collection of security, system, network and pentest cheatsheets.
+  :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
+  :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.
+  :small_orange_diamond: ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
+  :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
+  :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
+  :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
+  :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.
+  :small_orange_diamond: securitum/research - various Proof of Concepts of security research performed by Securitum.
+  :small_orange_diamond: public-pentesting-reports - is a list of public pentest reports released by several consulting security groups.
+  :small_orange_diamond: awesome-bug-bounty - is a comprehensive curated list of available Bug Bounty.
+  :small_orange_diamond: bug-bounty-reference - is a list of bug bounty write-ups.
+  :small_orange_diamond: Awesome-Bugbounty-Writeups - is a curated list of bugbounty writeups.
+  :small_orange_diamond: Bug bounty writeups - list of bug bounty writeups (2012-2020).
+  :small_orange_diamond: hackso.me - a great journey into security.

##### :black_small_square: Backdoors/exploits @@ -1384,25 +1384,25 @@ CyberTalks - talks, interviews, and article about cybersecurity.
##### :black_small_square: Web Training Apps (local installation)

-   OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
-   DVWA - PHP/MySQL web application that is damn vulnerable.
-   metasploitable2 - vulnerable web application amongst security researchers.
-   metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
-   DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
-   OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
-   OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
-   OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
-   juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
-   SecurityShepherd - web and mobile application security training platform.
-   Security Ninjas - open source application security training program.
-   hackazon - a modern vulnerable web app.
-   dvna - damn vulnerable NodeJS application.
-   django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
-   Google Gruyere - web application exploits and defenses.
-   Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
-   Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
-   vulhub - pre-built Vulnerable Environments based on docker-compose.
-   CloudGoat 2 - the new & improved "Vulnerable by Design" +  :small_orange_diamond: OWASP-VWAD - comprehensive and well maintained registry of all known vulnerable web applications.
+  :small_orange_diamond: DVWA - PHP/MySQL web application that is damn vulnerable.
+  :small_orange_diamond: metasploitable2 - vulnerable web application amongst security researchers.
+  :small_orange_diamond: metasploitable3 - is a VM that is built from the ground up with a large amount of security vulnerabilities.
+  :small_orange_diamond: DSVW - is a deliberately vulnerable web application written in under 100 lines of code.
+  :small_orange_diamond: OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
+  :small_orange_diamond: OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
+  :small_orange_diamond: OWASP Node js Goat Project - OWASP Top 10 security risks apply to web apps developed using Node.js.
+  :small_orange_diamond: juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
+  :small_orange_diamond: SecurityShepherd - web and mobile application security training platform.
+  :small_orange_diamond: Security Ninjas - open source application security training program.
+  :small_orange_diamond: hackazon - a modern vulnerable web app.
+  :small_orange_diamond: dvna - damn vulnerable NodeJS application.
+  :small_orange_diamond: django-DefectDojo - is an open-source application vulnerability correlation and security orchestration tool.
+  :small_orange_diamond: Google Gruyere - web application exploits and defenses.
+  :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
+  :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
+  :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
+  :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design" AWS deployment tool.
   secDevLabs - is a laboratory for learning secure web development in a practical manner.
   CORS-vulnerable-Lab - sample vulnerable code and its exploit code.
@@ -1548,49 +1548,49 @@ AWS deployment tool.
###### DNS Servers list (privacy) -| IP | URL | -| :--- | :--- | -| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | -| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | -| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | -| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | -| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) | -| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | +| IP | URL | +| :------------------- | :-------------------------------------------------------------------------------------- | +| **`84.200.69.80`** | [dns.watch](https://dns.watch/) | +| **`94.247.43.254`** | [opennic.org](https://www.opennic.org/) | +| **`64.6.64.6`** | [verisign.com](https://www.verisign.com/en_US/security-services/public-dns/index.xhtml) | +| **`89.233.43.71`** | [censurfridns.dk](https://blog.uncensoreddns.org/) | +| **`1.1.1.1`** | [cloudflare.com](https://1.1.1.1/) | +| **`94.130.110.185`** | [dnsprivacy.at](https://dnsprivacy.at/) | ###### TOP Browser extensions -| Extension name | Description | -| :--- | :--- | -| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. | -| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. | -| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | -| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | -| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | -| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. | -| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. | -| **`Clear Cache`** | Clear your cache and browsing data. | -| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. | -| **`Web Developer`** | Adds a toolbar button with various web developer tools. | -| **`ThreatPinch Lookup`** | Add threat intelligence hover tool tips. | +| Extension name | Description | +| :--------------------------- | :---------------------------------------------------------------------------- | +| **`IPvFoo`** | Display the server IP address and HTTPS information across all page elements. | +| **`FoxyProxy`** | Simplifies configuring browsers to access proxy-servers. | +| **`HTTPS Everywhere`** | Automatically use HTTPS security on many sites. | +| **`uMatrix`** | Point & click to forbid/allow any class of requests made by your browser. | +| **`uBlock Origin`** | An efficient blocker: easy on memory and CPU footprint. | +| **`Session Buddy`** | Manage browser tabs and bookmarks with ease. | +| **`SuperSorter`** | Sort bookmarks recursively, delete duplicates, merge folders, and more. | +| **`Clear Cache`** | Clear your cache and browsing data. | +| **`d3coder`** | Encoding/Decoding plugin for various types of encoding. | +| **`Web Developer`** | Adds a toolbar button with various web developer tools. | +| **`ThreatPinch Lookup`** | Add threat intelligence hover tooltips. | ###### TOP Burp extensions -| Extension name | Description | -| :--- | :--- | -| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | -| **`Autorize`** | Automatically detects authorization enforcement. | -| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. | -| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. | -| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. | -| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | -| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | -| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | -| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. | -| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | -| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | -| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. | -| **`Turbo Intruder`** | Is a powerful bruteforcing tool. | -| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. | +| Extension name | Description | +| :----------------------------------- | :------------------------------------------------------------------------------ | +| **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | +| **`Autorize`** | Automatically detects authorization enforcement. | +| **`AuthMatrix`** | A simple matrix grid to define the desired levels of access privilege. | +| **`Logger++`** | Logs requests and responses for all Burp tools in a sortable table. | +| **`Bypass WAF`** | Adds headers useful for bypassing some WAF devices. | +| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | +| **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | +| **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | +| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. | +| **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | +| **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | +| **`Software Vulnerability Scanner`** | Vulnerability scanner based on vulners.com audit API. | +| **`Turbo Intruder`** | Is a powerful bruteforcing tool. | +| **`Upload Scanner`** | Upload a number of different file types, laced with different forms of payload. | ###### Hack Mozilla Firefox address bar @@ -1630,7 +1630,7 @@ http://192.168.257 → 192.168.1.1 http://192.168.516 → 192.168.2.4 ``` - > This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. +> This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. For more information please see [How to Obscure Any URL](http://www.pc-help.org/obscure.htm) and [Magic IP Address Shortcuts](https://stuff-things.net/2014/09/25/magic-ip-address-shortcuts/). @@ -1662,60 +1662,60 @@ text :arrow_left: encoded ##### Table of Contents - * [terminal](#tool-terminal) - * [busybox](#tool-busybox) - * [mount](#tool-mount) - * [fuser](#tool-fuser) - * [lsof](#tool-lsof) - * [ps](#tool-ps) - * [top](#tool-top) - * [vmstat](#tool-vmstat) - * [iostat](#tool-iostat) - * [strace](#tool-strace) - * [kill](#tool-kill) - * [find](#tool-find) - * [diff](#tool-diff) - * [vimdiff](#tool-vimdiff) - * [tail](#tool-tail) - * [cpulimit](#tool-cpulimit) - * [pwdx](#tool-pwdx) - * [tr](#tool-tr) - * [chmod](#tool-chmod) - * [who](#tool-who) - * [last](#tool-last) - * [screen](#tool-screen) - * [script](#tool-script) - * [du](#tool-du) - * [inotifywait](#tool-inotifywait) - * [openssl](#tool-openssl) - * [secure-delete](#tool-secure-delete) - * [dd](#tool-dd) - * [gpg](#tool-gpg) - * [system-other](#tool-system-other) - * [curl](#tool-curl) - * [httpie](#tool-httpie) - * [ssh](#tool-ssh) - * [linux-dev](#tool-linux-dev) - * [tcpdump](#tool-tcpdump) - * [tcpick](#tool-tcpick) - * [ngrep](#tool-ngrep) - * [hping3](#tool-hping3) - * [nmap](#tool-nmap) - * [netcat](#tool-netcat) - * [socat](#tool-socat) - * [p0f](#tool-p0f) - * [gnutls-cli](#tool-gnutls-cli) - * [netstat](#tool-netstat) - * [rsync](#tool-rsync) - * [host](#tool-host) - * [dig](#tool-dig) - * [certbot](#tool-certbot) - * [network-other](#tool-network-other) - * [git](#tool-git) - * [awk](#tool-awk) - * [sed](#tool-sed) - * [grep](#tool-grep) - * [perl](#tool-perl) +- [terminal](#tool-terminal) +- [busybox](#tool-busybox) +- [mount](#tool-mount) +- [fuser](#tool-fuser) +- [lsof](#tool-lsof) +- [ps](#tool-ps) +- [top](#tool-top) +- [vmstat](#tool-vmstat) +- [iostat](#tool-iostat) +- [strace](#tool-strace) +- [kill](#tool-kill) +- [find](#tool-find) +- [diff](#tool-diff) +- [vimdiff](#tool-vimdiff) +- [tail](#tool-tail) +- [cpulimit](#tool-cpulimit) +- [pwdx](#tool-pwdx) +- [tr](#tool-tr) +- [chmod](#tool-chmod) +- [who](#tool-who) +- [last](#tool-last) +- [screen](#tool-screen) +- [script](#tool-script) +- [du](#tool-du) +- [inotifywait](#tool-inotifywait) +- [openssl](#tool-openssl) +- [secure-delete](#tool-secure-delete) +- [dd](#tool-dd) +- [gpg](#tool-gpg) +- [system-other](#tool-system-other) +- [curl](#tool-curl) +- [httpie](#tool-httpie) +- [ssh](#tool-ssh) +- [linux-dev](#tool-linux-dev) +- [tcpdump](#tool-tcpdump) +- [tcpick](#tool-tcpick) +- [ngrep](#tool-ngrep) +- [hping3](#tool-hping3) +- [nmap](#tool-nmap) +- [netcat](#tool-netcat) +- [socat](#tool-socat) +- [p0f](#tool-p0f) +- [gnutls-cli](#tool-gnutls-cli) +- [netstat](#tool-netstat) +- [rsync](#tool-rsync) +- [host](#tool-host) +- [dig](#tool-dig) +- [certbot](#tool-certbot) +- [network-other](#tool-network-other) +- [git](#tool-git) +- [awk](#tool-awk) +- [sed](#tool-sed) +- [grep](#tool-grep) +- [perl](#tool-perl) ##### Tool: [terminal](https://en.wikipedia.org/wiki/Linux_console) @@ -1787,7 +1787,7 @@ http.?://.+:.+@.*\ export PROMPT_COMMAND="sterile" ``` - > Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go). +> Look also: [A naive utility to censor credentials in command history](https://github.com/lbonanomi/go/blob/master/revisionist.go). ###### Quickly backup a file @@ -1895,9 +1895,9 @@ unset MAIL; export MAILCHECK=1; export MAILPATH='$FILE_TO_WATCH?$MESSAGE' busybox httpd -p $PORT -h $HOME [-c httpd.conf] ``` -___ +--- -##### Tool: [mount](https://en.wikipedia.org/wiki/Mount_(Unix)) +##### Tool: [mount]() ###### Mount a temporary ram partition @@ -1905,8 +1905,8 @@ ___ mount -t tmpfs tmpfs /mnt -o size=64M ``` - * `-t` - filesystem type - * `-o` - mount options +- `-t` - filesystem type +- `-o` - mount options ###### Remount a filesystem as read/write @@ -1914,9 +1914,9 @@ mount -t tmpfs tmpfs /mnt -o size=64M mount -o remount,rw / ``` -___ +--- -##### Tool: [fuser](https://en.wikipedia.org/wiki/Fuser_(Unix)) +##### Tool: [fuser]() ###### Show which processes use the files/directories @@ -1931,7 +1931,7 @@ fuser -v /home/supervisor fuser -ki filename ``` - * `-i` - interactive option +- `-i` - interactive option ###### Kills a process that is locking a file with specific signal @@ -1939,7 +1939,7 @@ fuser -ki filename fuser -k -HUP filename ``` - * `--list-signals` - list available signal names +- `--list-signals` - list available signal names ###### Show what PID is listening on specific port @@ -1953,7 +1953,7 @@ fuser -v 53/udp fuser -mv /var/www ``` -___ +--- ##### Tool: [lsof](https://en.wikipedia.org/wiki/Lsof) @@ -2019,9 +2019,9 @@ sort -n -u | tail | column -t lsof -p | grep cwd ``` -___ +--- -##### Tool: [ps](https://en.wikipedia.org/wiki/Ps_(Unix)) +##### Tool: [ps]() ###### Show a 4-way scrollable process tree with full details @@ -2041,9 +2041,9 @@ ps hax -o user | sort | uniq -c | sort -r ps -lfC nginx ``` -___ +--- -##### Tool: [find](https://en.wikipedia.org/wiki/Find_(Unix)) +##### Tool: [find]() ###### Find files that have been modified on your system in the past 60 minutes @@ -2152,9 +2152,9 @@ find . -depth -name '*test*' -execdir bash -c 'mv -v "$1" "${1//foo/bar}"' _ {} find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -la {} \; ``` -___ +--- -##### Tool: [top](https://en.wikipedia.org/wiki/Top_(software)) +##### Tool: [top]() ###### Use top to monitor only all processes with the specific string @@ -2162,9 +2162,9 @@ ___ top -p $(pgrep -d , ) ``` - * `` - process containing string (eg. nginx, worker) +- `` - process containing string (eg. nginx, worker) -___ +--- ##### Tool: [vmstat](https://en.wikipedia.org/wiki/Vmstat) @@ -2174,11 +2174,11 @@ ___ vmstat 2 20 -t -w ``` - * `2` - number of times with a defined time interval (delay) - * `20` - each execution of the command (count) - * `-t` - show timestamp - * `-w` - wide output - * `-S M` - output of the fields in megabytes instead of kilobytes +- `2` - number of times with a defined time interval (delay) +- `20` - each execution of the command (count) +- `-t` - show timestamp +- `-w` - wide output +- `-S M` - output of the fields in megabytes instead of kilobytes ###### Show current system utilization will get refreshed every 5 seconds @@ -2212,10 +2212,10 @@ vmstat -m iostat 2 10 -t -m ``` - * `2` - number of times with a defined time interval (delay) - * `10` - each execution of the command (count) - * `-t` - show timestamp - * `-m` - fields in megabytes (`-k` - in kilobytes, default) +- `2` - number of times with a defined time interval (delay) +- `10` - each execution of the command (count) +- `-t` - show timestamp +- `-m` - fields in megabytes (`-k` - in kilobytes, default) ###### Show information only about the CPU utilization @@ -2235,7 +2235,7 @@ iostat 2 10 -t -m -d iostat -N ``` -___ +--- ##### Tool: [strace](https://en.wikipedia.org/wiki/Strace) @@ -2281,9 +2281,9 @@ strace -f -e trace=bind nc -l 80 strace -f -e trace=network nc -lu 80 ``` -___ +--- -##### Tool: [kill](https://en.wikipedia.org/wiki/Kill_(command)) +##### Tool: [kill]() ###### Kill a process running on port @@ -2291,7 +2291,7 @@ ___ kill -9 $(lsof -i : | awk '{l=$2} END {print l}') ``` -___ +--- ##### Tool: [diff](https://en.wikipedia.org/wiki/Diff) @@ -2307,7 +2307,7 @@ diff <(cd directory1 && find | sort) <(cd directory2 && find | sort) diff <(cat /etc/passwd) <(cut -f2 /etc/passwd) ``` -___ +--- ##### Tool: [vimdiff](http://vimdoc.sourceforge.net/htmldoc/diff.html) @@ -2335,15 +2335,15 @@ Save [diffchar](https://raw.githubusercontent.com/vim-scripts/diffchar.vim/maste Click `F7` to switch between diff modes -Usefull `vimdiff` commands: +Useful `vimdiff` commands: -* `qa` to exit all windows -* `:vertical resize 70` to resize window -* set window width `Ctrl+W [N columns]+(Shift+)<\>` +- `qa` to exit all windows +- `:vertical resize 70` to resize window +- set window width `Ctrl+W [N columns]+(Shift+)<\>` -___ +--- -##### Tool: [tail](https://en.wikipedia.org/wiki/Tail_(Unix)) +##### Tool: [tail]() ###### Annotate tail -f with timestamps @@ -2363,9 +2363,9 @@ tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail tail -n 100 -f /path/to/logfile | grep "HTTP/[1-2].[0-1]\" [5]" ``` -___ +--- -##### Tool: [tar](https://en.wikipedia.org/wiki/Tar_(computing)) +##### Tool: [tar]() ###### System backup with exclude specific directories @@ -2384,9 +2384,9 @@ tar cvpf /backup/snapshot-$(date +%d%m%Y%s).tgz --directory=/ \ --exclude=mnt/* --exclude=tmp/* --use-compress-program=pigz . ``` -___ +--- -##### Tool: [dump](https://en.wikipedia.org/wiki/Dump_(program)) +##### Tool: [dump]() ###### System backup to file @@ -2401,7 +2401,7 @@ cd / restore -rf /backup/system$(date +%d%m%Y%s).lzo ``` -___ +--- ##### Tool: [cpulimit](http://cpulimit.sourceforge.net/) @@ -2411,7 +2411,7 @@ ___ cpulimit -p pid -l 50 ``` -___ +--- ##### Tool: [pwdx](https://www.cyberciti.biz/faq/unix-linux-pwdx-command-examples-usage-syntax/) @@ -2421,7 +2421,7 @@ ___ pwdx ``` -___ +--- ##### Tool: [taskset](https://www.cyberciti.biz/faq/taskset-cpu-affinity-command/) @@ -2431,9 +2431,9 @@ ___ taskset -c 0 ``` -___ +--- -##### Tool: [tr](https://en.wikipedia.org/wiki/Tr_(Unix)) +##### Tool: [tr]() ###### Show directories in the PATH, one per line @@ -2441,7 +2441,7 @@ ___ tr : '\n' <<<$PATH ``` -___ +--- ##### Tool: [chmod](https://en.wikipedia.org/wiki/Chmod) @@ -2466,9 +2466,9 @@ cp /bin/chmod chmod.01 setfacl --set u::rwx,g::---,o::--- /bin/chmod ``` -___ +--- -##### Tool: [who](https://en.wikipedia.org/wiki/Who_(Unix)) +##### Tool: [who]() ###### Find last reboot time @@ -2482,7 +2482,7 @@ who -b [[ $(who -m | awk '{ print $1 }') == $(whoami) ]] || echo "You are su-ed to $(whoami)" ``` -___ +--- ##### Tool: [last](https://www.howtoforge.com/linux-last-command/) @@ -2493,7 +2493,7 @@ ___ grep -A1 reboot | head -2 | grep -q shutdown && echo "Expected reboot" || echo "Panic reboot" ``` -___ +--- ##### Tool: [screen](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2509,9 +2509,9 @@ screen -d -m screen -r -d ``` -___ +--- -##### Tool: [script](https://en.wikipedia.org/wiki/Script_(Unix)) +##### Tool: [script]() ###### Record and replay terminal session @@ -2527,7 +2527,7 @@ script --timing=session.time session.log scriptreplay --timing=session.time session.log ``` -___ +--- ##### Tool: [du](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2540,7 +2540,7 @@ awk '{split("K M G",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]" head -n 20 ``` -___ +--- ##### Tool: [inotifywait](https://en.wikipedia.org/wiki/GNU_Screen) @@ -2550,7 +2550,7 @@ ___ while true ; do inotifywait -r -e MODIFY dir/ && ls dir/ ; done; ``` -___ +--- ##### Tool: [openssl](https://www.openssl.org/) @@ -2661,7 +2661,7 @@ openssl req -out ${_fd_csr} -new -key ${_fd} ) ###### Generate CSR (metadata from existing certificate) - > Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. +> Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ @@ -2945,7 +2945,7 @@ openssl x509 -noout -modulus -in certificate.crt | openssl md5) | uniq openssl req -noout -modulus -in request.csr | openssl md5) | uniq ``` -___ +--- ##### Tool: [secure-delete](https://wiki.archlinux.org/index.php/Securely_wipe_disk) @@ -2979,9 +2979,9 @@ sdmem -v swapoff /dev/sda5 && sswap -vz /dev/sda5 ``` -___ +--- -##### Tool: [dd](https://en.wikipedia.org/wiki/Dd_(Unix)) +##### Tool: [dd]() ###### Show dd status every so often @@ -2996,7 +2996,7 @@ watch --interval 5 killall -USR1 dd echo "string" | dd of=filename ``` -___ +--- ##### Tool: [gpg](https://www.gnupg.org/) @@ -3006,8 +3006,8 @@ ___ gpg --export --armor "" > username.pkey ``` - * `--export` - export all keys from all keyrings or specific key - * `-a|--armor` - create ASCII armored output +- `--export` - export all keys from all keyrings or specific key +- `-a|--armor` - create ASCII armored output ###### Encrypt file @@ -3015,8 +3015,8 @@ gpg --export --armor "" > username.pkey gpg -e -r "" dump.sql ``` - * `-e|--encrypt` - encrypt data - * `-r|--recipient` - encrypt for specific +- `-e|--encrypt` - encrypt data +- `-r|--recipient` - encrypt for specific ###### Decrypt file @@ -3024,8 +3024,8 @@ gpg -e -r "" dump.sql gpg -o dump.sql -d dump.sql.gpg ``` - * `-o|--output` - use as output file - * `-d|--decrypt` - decrypt data (default) +- `-o|--output` - use as output file +- `-d|--decrypt` - decrypt data (default) ###### Search recipient @@ -3033,8 +3033,8 @@ gpg -o dump.sql -d dump.sql.gpg gpg --keyserver hkp://keyserver.ubuntu.com --search-keys "" ``` - * `--keyserver` - set specific key server - * `--search-keys` - search for keys on a key server +- `--keyserver` - set specific key server +- `--search-keys` - search for keys on a key server ###### List all of the packets in an encrypted file @@ -3043,7 +3043,7 @@ gpg --batch --list-packets archive.gpg gpg2 --batch --list-packets archive.gpg ``` -___ +--- ##### Tool: [system-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-system-other) @@ -3077,30 +3077,30 @@ readlink -f /proc//exe curl -Iks https://www.google.com ``` - * `-I` - show response headers only - * `-k` - insecure connection when using ssl - * `-s` - silent mode (not display body) +- `-I` - show response headers only +- `-k` - insecure connection when using ssl +- `-s` - silent mode (not display body) ```bash curl -Iks --location -X GET -A "x-agent" https://www.google.com ``` - * `--location` - follow redirects - * `-X` - set method - * `-A` - set user-agent +- `--location` - follow redirects +- `-X` - set method +- `-A` - set user-agent ```bash curl -Iks --location -X GET -A "x-agent" --proxy http://127.0.0.1:16379 https://www.google.com ``` - * `--proxy [socks5://|http://]` - set proxy server +- `--proxy [socks5://|http://]` - set proxy server ```bash curl -o file.pdf -C - https://example.com/Aiju2goo0Ja2.pdf ``` - * `-o` - write output to file - * `-C` - resume the transfer +- `-o` - write output to file +- `-C` - resume the transfer ###### Find your external IP address (external services) @@ -3160,7 +3160,7 @@ done unset _domain_list _dns_list ``` -___ +--- ##### Tool: [httpie](https://httpie.org/) @@ -3168,25 +3168,25 @@ ___ http -p Hh https://www.google.com ``` - * `-p` - print request and response headers - * `H` - request headers - * `B` - request body - * `h` - response headers - * `b` - response body +- `-p` - print request and response headers + - `H` - request headers + - `B` - request body + - `h` - response headers + - `b` - response body ```bash http -p Hh https://www.google.com --follow --verify no ``` - * `-F, --follow` - follow redirects - * `--verify no` - skip SSL verification +- `-F, --follow` - follow redirects +- `--verify no` - skip SSL verification ```bash http -p Hh https://www.google.com --follow --verify no \ --proxy http:http://127.0.0.1:16379 ``` - * `--proxy [http:]` - set proxy server +- `--proxy [http:]` - set proxy server ##### Tool: [ssh](https://www.openssh.com/) @@ -3314,9 +3314,9 @@ host1> ssh -nNT -L 9051:db.d.x:5432 node.d.y host1> psql -U db_user -d db_dev -p 9051 -h localhost ``` - * `-n` - redirects stdin from `/dev/null` - * `-N` - do not execute a remote command - * `-T` - disable pseudo-terminal allocation +- `-n` - redirects stdin from `/dev/null` +- `-N` - do not execute a remote command +- `-T` - disable pseudo-terminal allocation ###### SSH remote port forwarding @@ -3328,7 +3328,7 @@ host1> ssh -nNT -R 9051:db.d.x:5432 node.d.y host2> psql -U postgres -d postgres -p 8000 -h localhost ``` -___ +--- ##### Tool: [linux-dev](https://www.tldp.org/LDP/abs/html/devref1.html) @@ -3338,9 +3338,9 @@ ___ timeout 1 bash -c "//" >/dev/null 2>&1 ; echo $? ``` - * `` - set remote host - * `` - set destination port +- `` - set remote host +- `` - set destination port ###### Read and write to TCP or UDP sockets with common bash tools @@ -3348,7 +3348,7 @@ timeout 1 bash -c "//" >/dev/null 2>&1 ; echo $? exec 5<>/dev/tcp//; cat <&5 & cat >&5; exec 5>&- ``` -___ +--- ##### Tool: [tcpdump](http://www.tcpdump.org/) @@ -3358,13 +3358,13 @@ ___ tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 ``` - * `-n` - don't convert addresses (`-nn` will not resolve hostnames or ports) - * `-e` - print the link-level headers - * `-i [iface|any]` - set interface - * `-Q|-D [in|out|inout]` - choose send/receive direction (`-D` - for old tcpdump versions) - * `host [ip|hostname]` - set host, also `[host not]` - * `[and|or]` - set logic - * `port [1-65535]` - set port number, also `[port not]` +- `-n` - don't convert addresses (`-nn` will not resolve hostnames or ports) +- `-e` - print the link-level headers +- `-i [iface|any]` - set interface +- `-Q|-D [in|out|inout]` - choose send/receive direction (`-D` - for old tcpdump versions) +- `host [ip|hostname]` - set host, also `[host not]` +- `[and|or]` - set logic +- `port [1-65535]` - set port number, also `[port not]` ###### Filter incoming (on interface) traffic (specific ) and write to a file @@ -3372,8 +3372,8 @@ tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 tcpdump -ne -i eth0 -Q in host 192.168.252.1 and port 443 -c 5 -w tcpdump.pcap ``` - * `-c [num]` - capture only num number of packets - * `-w [filename]` - write packets to file, `-r [filename]` - reading from file +- `-c [num]` - capture only num number of packets +- `-w [filename]` - write packets to file, `-r [filename]` - reading from file ###### Capture all ICMP packets @@ -3432,8 +3432,8 @@ tcpdump -ei eth0 -s 0 -v -n -l | egrep -i "POST /|GET /|Host:" tcpdump -ei eth0 -w /tmp/capture-%H.pcap -G 3600 -C 200 ``` - * `-G ` - pcap will be created every `` seconds - * `-C ` - close the current pcap and open a new one if is larger than `` +- `-G ` - pcap will be created every `` seconds +- `-C ` - close the current pcap and open a new one if is larger than `` ###### Top hosts by packets @@ -3447,7 +3447,7 @@ tcpdump -ei enp0s25 -nnn -t -c 200 | cut -f 1,2,3,4 -d '.' | sort | uniq -c | so tcpdump -nei eth0 'not (src net (10 or 172.16/12 or 192.168/16) and dst net (10 or 172.16/12 or 192.168/16))' ``` -___ +--- ##### Tool: [tcpick](http://tcpick.sourceforge.net/) @@ -3457,7 +3457,7 @@ ___ while true ; do tcpick -a -C -r dump.pcap ; sleep 2 ; clear ; done ``` -___ +--- ##### Tool: [ngrep](http://ngrep.sourceforge.net/usage.html) @@ -3465,41 +3465,41 @@ ___ ngrep -d eth0 "www.domain.com" port 443 ``` - * `-d [iface|any]` - set interface - * `[domain]` - set hostname - * `port [1-65535]` - set port number +- `-d [iface|any]` - set interface +- `[domain]` - set hostname +- `port [1-65535]` - set port number ```bash ngrep -d eth0 "www.domain.com" src host 10.240.20.2 and port 443 ``` - * `(host [ip|hostname])` - filter by ip or hostname - * `(port [1-65535])` - filter by port number +- `(host [ip|hostname])` - filter by ip or hostname +- `(port [1-65535])` - filter by port number ```bash ngrep -d eth0 -qt -O ngrep.pcap "www.domain.com" port 443 ``` - * `-q` - quiet mode (only payloads) - * `-t` - added timestamps - * `-O [filename]` - save output to file, `-I [filename]` - reading from file +- `-q` - quiet mode (only payloads) +- `-t` - added timestamps +- `-O [filename]` - save output to file, `-I [filename]` - reading from file ```bash ngrep -d eth0 -qt 'HTTP' 'tcp' ``` - * `HTTP` - show http headers - * `tcp|udp` - set protocol - * `[src|dst] host [ip|hostname]` - set direction for specific node +- `HTTP` - show http headers +- `tcp|udp` - set protocol +- `[src|dst] host [ip|hostname]` - set direction for specific node ```bash ngrep -l -q -d eth0 -i "User-Agent: curl*" ``` - * `-l` - stdout line buffered - * `-i` - case-insensitive search +- `-l` - stdout line buffered +- `-i` - case-insensitive search -___ +--- ##### Tool: [hping3](http://www.hping.org/) @@ -3507,36 +3507,36 @@ ___ hping3 -V -p 80 -s 5050 www.google.com ``` - * `-V|--verbose` - verbose mode - * `-p|--destport` - set destination port - * `-s|--baseport` - set source port - * `` - set scan type - * `-F|--fin` - set FIN flag, port open if no reply - * `-S|--syn` - set SYN flag - * `-P|--push` - set PUSH flag - * `-A|--ack` - set ACK flag (use when ping is blocked, RST response back if the port is open) - * `-U|--urg` - set URG flag - * `-Y|--ymas` - set Y unused flag (0x80 - nullscan), port open if no reply - * `-M 0 -UPF` - set TCP sequence number and scan type (URG+PUSH+FIN), port open if no reply +- `-V|--verbose` - verbose mode +- `-p|--destport` - set destination port +- `-s|--baseport` - set source port +- `` - set scan type + - `-F|--fin` - set FIN flag, port open if no reply + - `-S|--syn` - set SYN flag + - `-P|--push` - set PUSH flag + - `-A|--ack` - set ACK flag (use when ping is blocked, RST response back if the port is open) + - `-U|--urg` - set URG flag + - `-Y|--ymas` - set Y unused flag (0x80 - nullscan), port open if no reply + - `-M 0 -UPF` - set TCP sequence number and scan type (URG+PUSH+FIN), port open if no reply ```bash hping3 -V -c 1 -1 -C 8 www.google.com ``` - * `-c [num]` - packet count - * `-1` - set ICMP mode - * `-C|--icmptype [icmp-num]` - set icmp type (default icmp-echo = 8) +- `-c [num]` - packet count +- `-1` - set ICMP mode +- `-C|--icmptype [icmp-num]` - set icmp type (default icmp-echo = 8) ```bash hping3 -V -c 1000000 -d 120 -S -w 64 -p 80 --flood --rand-source ``` - * `--flood` - sent packets as fast as possible (don't show replies) - * `--rand-source` - random source address mode - * `-d --data` - data size - * `-w|--win` - winsize (default 64) +- `--flood` - sent packets as fast as possible (don't show replies) +- `--rand-source` - random source address mode +- `-d --data` - data size +- `-w|--win` - winsize (default 64) -___ +--- ##### Tool: [nmap](https://nmap.org/) @@ -3616,7 +3616,7 @@ _nmap_nse_scripts_args+="http-waf-fingerprint.intensive=1" nmap --script="$_nmap_nse_scripts" --script-args="$_nmap_nse_scripts_args" -p "$_ports" "$_hosts" ``` -___ +--- ##### Tool: [netcat](http://netcat.sourceforge.net/) @@ -3624,28 +3624,28 @@ ___ nc -kl 5000 ``` - * `-l` - listen for an incoming connection - * `-k` - listening after client has disconnected - * `>filename.out` - save receive data to file (optional) +- `-l` - listen for an incoming connection +- `-k` - listening after client has disconnected +- `>filename.out` - save receive data to file (optional) ```bash nc 192.168.0.1 5051 < filename.in ``` - * `< filename.in` - send data to remote host +- `< filename.in` - send data to remote host ```bash nc -vz 10.240.30.3 5000 ``` - * `-v` - verbose output - * `-z` - scan for listening daemons +- `-v` - verbose output +- `-z` - scan for listening daemons ```bash nc -vzu 10.240.30.3 1-65535 ``` - * `-u` - scan only udp ports +- `-u` - scan only udp ports ###### Transfer data file (archive) @@ -3681,7 +3681,7 @@ while true ; do nc -l -p 1500 -c 'echo -e "HTTP/1.1 200 OK\n\n $(date)"' ; done ###### Simple HTTP Server - > Restarts web server after each request - remove `while` condition for only single connection. +> Restarts web server after each request - remove `while` condition for only single connection. ```bash cat > index.html << __EOF__ @@ -3713,7 +3713,7 @@ nc -l -p 5000 \ ; done ``` - * `-p` - port number +- `-p` - port number ###### Simple HTTP Proxy (single connection) @@ -3782,7 +3782,7 @@ nc -l -u -p 2000 -c "nc -u [ip|hostname] 3000" nc -l -u -p 2000 -c "nc [ip|hostname] 3000" ``` -___ +--- ##### Tool: [gnutls-cli](https://gnutls.org/manual/html_node/gnutls_002dcli-Invocation.html) @@ -3798,7 +3798,7 @@ gnutls-cli -p 443 google.com gnutls-cli --disable-sni -p 443 google.com ``` -___ +--- ##### Tool: [socat](http://www.dest-unreach.org/socat/doc/socat.html) @@ -3808,10 +3808,10 @@ ___ socat - TCP4:10.240.30.3:22 ``` - * `-` - standard input (STDIO) - * `TCP4:` - set tcp4 connection with specific params - * `[hostname|ip]` - set hostname/ip - * `[1-65535]` - set port number +- `-` - standard input (STDIO) +- `TCP4:` - set tcp4 connection with specific params + - `[hostname|ip]` - set hostname/ip + - `[1-65535]` - set port number ###### Redirecting TCP-traffic to a UNIX domain socket under Linux @@ -3819,17 +3819,17 @@ socat - TCP4:10.240.30.3:22 socat TCP-LISTEN:1234,bind=127.0.0.1,reuseaddr,fork,su=nobody,range=127.0.0.0/8 UNIX-CLIENT:/tmp/foo ``` - * `TCP-LISTEN:` - set tcp listen with specific params - * `[1-65535]` - set port number - * `bind=[hostname|ip]` - set bind hostname/ip - * `reuseaddr` - allows other sockets to bind to an address - * `fork` - keeps the parent process attempting to produce more connections - * `su=nobody` - set user - * `range=[ip-range]` - ip range - * `UNIX-CLIENT:` - communicates with the specified peer socket - * `filename` - define socket +- `TCP-LISTEN:` - set tcp listen with specific params + - `[1-65535]` - set port number + - `bind=[hostname|ip]` - set bind hostname/ip + - `reuseaddr` - allows other sockets to bind to an address + - `fork` - keeps the parent process attempting to produce more connections + - `su=nobody` - set user + - `range=[ip-range]` - ip range +- `UNIX-CLIENT:` - communicates with the specified peer socket + - `filename` - define socket -___ +--- ##### Tool: [p0f](http://lcamtuf.coredump.cx/p0f3/) @@ -3839,12 +3839,12 @@ ___ p0f -i enp0s25 -p -d -o /dump/enp0s25.log ``` - * `-i` - listen on the specified interface - * `-p` - set interface in promiscuous mode - * `-d` - fork into background - * `-o` - output file +- `-i` - listen on the specified interface +- `-p` - set interface in promiscuous mode +- `-d` - fork into background +- `-o` - output file -___ +--- ##### Tool: [netstat](https://en.wikipedia.org/wiki/Netstat) @@ -3867,7 +3867,7 @@ watch "netstat -plan | grep :443 | awk {'print \$5'} | cut -d: -f 1 | sort | uni netstat -nlt | grep 'tcp ' | grep -Eo "[1-9][0-9]*" | xargs -I {} sh -c "echo "" | nc -v -n -w1 127.0.0.1 {}" ``` -___ +--- ##### Tool: [rsync](https://en.wikipedia.org/wiki/Rsync) @@ -3877,9 +3877,9 @@ ___ rsync --rsync-path 'sudo rsync' username@hostname:/path/to/dir/ /local/ ``` -___ +--- -##### Tool: [host](https://en.wikipedia.org/wiki/Host_(Unix)) +##### Tool: [host]() ###### Resolves the domain name (using external dns server) @@ -3893,9 +3893,9 @@ host google.com 9.9.9.9 host -t soa google.com 9.9.9.9 ``` -___ +--- -##### Tool: [dig](https://en.wikipedia.org/wiki/Dig_(command)) +##### Tool: [dig]() ###### Resolves the domain name (short output) @@ -3927,7 +3927,7 @@ dig google.com ANY +noall +answer dig -x 172.217.16.14 +short ``` -___ +--- ##### Tool: [certbot](https://certbot.eff.org/) @@ -3949,7 +3949,7 @@ certbot certonly --manual --preferred-challenges=dns -d example.com -d *.example certbot certonly -d example.com -d www.example.com --rsa-key-size 4096 ``` -___ +--- ##### Tool: [network-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-network-other) @@ -3988,7 +3988,7 @@ git log --graph \ --abbrev-commit ``` -___ +--- ##### Tool: [python](https://www.python.org/) @@ -4084,7 +4084,7 @@ awk 'length($0)>80{print FNR,$0}' filename awk 'length < 80' filename ``` -###### Print double new lines a file +###### Print double newlines in a file ```bash awk '1; { print "" }' filename @@ -4180,7 +4180,7 @@ awk '/'$(date -d "1 hours ago" "+%d\\/%b\\/%Y:%H:%M")'/,/'$(date "+%d\\/%b\\/%Y: /var/log/httpd/access_log ``` -___ +--- ##### Tool: [sed](http://www.grymoire.com/Unix/Sed.html) @@ -4233,7 +4233,7 @@ while read line ; do printf "%s" "$line " ; done < file sed '/start/,+4d' /path/to/file ``` -___ +--- ##### Tool: [grep](http://www.grymoire.com/Unix/Grep.html)