NOP - заполняет пустоту в исполняемых файлах
Auxiliary - модули для сканирование сети анализа трафика

—- systemctl start pstgresql start database

Open in command:
sudo msfdb init && msfconsole
msfconsole

sudo msfdb init check database

Update:
msfupdate

Конфиг (там где пароли)
/usr/share/metasploit-framework/config

db_status show what DB (DataBase) is turn on
db_disconect disconnect DB
db_connect -y <path> </usr/share/metasploit-framework/config/database.yml> connect DB with path

help workspace show list of tabeles (projects)
  workspace -a <name> add new table
  workspace -d <name> delete table
  workspace -D delete all
workspace <name> switch to table

db_import <path> import tables .xml (from nmap scans)
db_export <path>

hosts show all hosts: ip, MAC and type OC
  hosts -S <word> find in hosts
services show all services (from .xls files, show all open ports)
  services -S find in services
notes more info from scaning ports (results)

vulns list of vulnerability (уязвимость)
loot save dump hash memory (I dnt know)
analyze analyze DB for all ip

search type:<exploit> <find> search exploits
  search type:auxiliary ms17
use auxiliary/<exploit-path> use
  use auxiliary/scanner/smb/smb_ms17_010

In Metasploit:
show options
show advanced
info

RPORT - port wich exploit will attack
RHOSTS - target ip (must be set)
set rhosts <ip> - set target ip
U can set rhosts in start, without every time set into exploit

[+] - vulnerable
[*] - No

You can use fitches like this:

Start Metasploit
use auxiliary/gather/search_email_collector open
show options help

help db_nmap help

db_nmap -A <ip> -v (-v see result)
db_nmap -A 192.168.0.106 -v

1. You can type just name of module, you coudn't type all it path.
2. You may not ask command "show options" just write "options"

More about ports:

Port 21: FTP
Port 22: SSH
Port 25: SMTP
Port 53: DNS
Port 80: HTTP
Port 443: HTTPS
Port 110: POP3
Port 143: IMAP
Port 139: NetBIOS
Port 445: SMB
Port 3389: RDP
Port 3306: MySQL
Port 5432: PostgreSQL
Port 1521: Oracle
Port 1433: Microsoft SQL Server
Port 9300: Elasticsearch
Port 6379: Redis
Port 8080: Tomcat
Port 8000: Nginx
Port 7001: Apache



PORT      STATE    SERVICE
21/tcp    open     ftp
25/tcp    open     smtp
42/tcp    filtered nameserver
53/tcp    open     domain
69/tcp    filtered tftp
80/tcp    open     http
110/tcp   open     pop3
135/tcp   filtered msrpc
137/tcp   filtered netbios-ns
138/tcp   filtered netbios-dgm
139/tcp   filtered netbios-ssn
143/tcp   open     imap
161/tcp   filtered snmp
162/tcp   filtered snmptrap
179/tcp   filtered bgp
443/tcp   open     https
445/tcp   filtered microsoft-ds
465/tcp   open     smtps
587/tcp   open     submission
993/tcp   open     imaps
995/tcp   open     pop3s
1028/tcp  filtered unknown
1080/tcp  filtered socks
1214/tcp  filtered fasttrack
1241/tcp  filtered nessus
2077/tcp  open     unknown
2078/tcp  open     unknown
2082/tcp  open     infowave
2083/tcp  open     radsec
2086/tcp  open     gnunet
2087/tcp  open     eli
2095/tcp  open     nbx-ser
2096/tcp  open     nbx-dir
3127/tcp  filtered unknown
3128/tcp  filtered squid-http
3306/tcp  open     mysql
5554/tcp  filtered sgi-esphttp
6666/tcp  filtered irc
6667/tcp  filtered irc
6668/tcp  filtered irc
6777/tcp  filtered unknown
7007/tcp  filtered afs3-bos
9996/tcp  filtered unknown
22816/tcp open     unknown
51180/tcp filtered unknown
42/udp   open|filtered nameserver
53/udp   open          domain?
69/udp   open|filtered tftp
135/udp  open|filtered msrpc
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
|_snmp-hh3c-logins: TIMEOUT
|_snmp-win32-shares: TIMEOUT
162/udp  open|filtered snmptrap
1701/udp open|filtered L2TP

Features of auxiliary:
auxiliary/scanner/portscan/tcp - a tcp port scan (set THREADS 50)

TCP/UDP Port Finder metasploit:

https://www.adminsub.net/tcp-udp-port-finder/

NMAP - scananig all ports and do pings
nmap - опции адрес

Options:

--reason what recive nmap from remote system
-p 0-65535 or -p- scanning all ports
--min-rate if server not answer go next after ...miliseconds
-oX <path> save to file
-A for find OC
-iL scan ports from txt file
-o write output in txt file
-v show more info in live
-Pn for firewall
-sV more information about ports
T0-5 like speed, the higher the more aggressive

About speed
The following example increases the scan speed with the timing template -T5,
which instructs Nmap to execute a fast scan (called “insanely fast”) with
only 0,3 seconds delay to reply. This scan may not return accurate results.
Available templates are template names are
paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5).

if open port:
_http-generator: find port with access in web site
5000/tcp open tcpwrapped syn-ack ttl 64

Good sites:
for searching ip https://www.nslookup.io/domains/
tldr nmap
more about scripts and features https://linuxhint.com/scan-all-ports-nmap/
examples of vulnerabilityes https://linuxhint.com/30-nmap-examples/

You can use scripts like:
sudo nmap --script-args=unsafe=1 -T5 <ip> This show only ports

There are several types of scans classified by categories auth, broadcast, default. Discovery,
dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln.

example:
sudo nmap -sV -A <ip>
sudo nmap -p <port> <ip> --script vuln
nmap -p- -sV <ip>
nmap -p- --min-rate 5000 -sV <ip>
sudo nmap -A --reason <ip> -oX <path>.xml
sudo nmap -A --reason -v 192.168.0.106 -p 0-54535 -oX /home/manifast/Desktop/scan.xml
sudo nmap -A -T4 -v <ip>
sudo nmap -sC -sV <ip>
sudo nmap -A -sV -Pn -v -p- <ip>

DOCS: https://docs.metasploit.com/docs/pentesting/metasploit-guide-smb.html

I dont know how you can be such a pervert to use this piece ...

Scanner web-content
Show hidden paths, files and adresses in url

n go to next directory
a stop scanning (save stage)
r save statistics of scanning

Options:

-X extansion (.php, .html)
-o file where to save

without -X search all extansions

Examples of using DIRB:
dirb http://nwcom.info/ -o ~/Desktop/DIRB_scan.txt
dirb <url>/directory simple test
dirb <url> -X .html testing files with suffics '.html'
dirb <url> /usr/share/dirb/wordlists/vulns/apache.txt testing with list of words from file 'apache.txt'
dirb <url>/secure_url simple test with SSL

openVAS scanner for vulnerability

sudo apt update && sudo apt upgrade -y before

sudo apt-get install gvm* -y install

sudo gvm-setup settle down app, and save password in file
gvm-check-setup check that all download
sudo gv-start start
  sudo gvm-stop stop

sudo runuser -u _gvm -- gvmd --user=<login> --new-password=<password> change password
sudo runuser -u _gvm -- gvmd --create-user=admin2 --new-password=<password create/reset password

Write http from output to browther, with file password

sudo systemctl status redis-server check DB
  sudo systemctl status redis-server@openvas.service

sudo gvm-feed-update - update

sudo greenbone-feed-sync --type GVMD_DATA sudo greenbone-feed-sync --type CERT

Sniffers - тюхать

SCRCPY Framework using for remote controle and emilate touches with output live divese
dont forget turn on usb connection in VBox if u use -d, (USB/Wireless)

site for help find ip https://www.shodan.io/ in search "android debug bridge"

adb devices show all devices

adb connect <ip>:<port> connecting
scrcpy -St cocntroll (Screen hide, touches)
  scrcpy -d (use usb)
  scrcpy -e (use TCP/IP device)

adb kill-server kill port, if failed to connect
adb start-server <port 5555>
adb tcpip <port 9999> create port

adb forward --list serial "" local "" remote "" ?
adb logcat ? View device log

adb get-state
Prints: offline | bootloader | device

GHOST Framework using for fast remote connecting to divece and share files and do screenshots
after ghost if connction successeful better use SCRCPY Framework :D

connect <ip>
help

Install:
git clone https://github.com/EntySec/Ghost.git
cd Ghost
chmod +x setup.py

if u catch an error type:
pip3 install --upgrade pip
pip3 install setuptools
and added this line on top of setup.py "#!/usr/bin/python3"

ghost

MacChanger using for generate fake MAC adress.

sudo macchanger -A <eth0> set random MAC

sudo macchanger -a <eth0> set fake MAC
sudo macchanger -r <eth0> set fully random MAC

The error message "[ERROR] Could not change MAC: interface up or insufficient permissions:
Device or resource bus" means that you are trying to change the MAC address of an interface
that is already up, or that you do not have the necessary permissions to change the MAC address.

To fix this error, you can try the following:

Check to make sure that the interface is not up. You can do this by running the following command:

ifconfig

If the interface is up, you will see a line that starts with "eth0" or "wlan0".
The "UP" flag will be set to "1" if the interface is up.

If the interface is up, you can try to bring it down by running the following command:

ifdown eth0

Replace "eth0" with the name of your interface.

Once the interface is down, you can try to change the MAC address with macchanger:

sudo macchanger -A wlan0

And check:

sudo macchanger -s wlan0

path locate proxychains
sudo vim /etc/proxychains4.conf

Dont run as root, can catch errors with firefox

If doesnt working try:
sign as root or non root
Reboot tor services
service tor start/restart/status
Or check solution in other book " > LAN > config of interfaces"

Change IP

git clone https://github.com/FDX100/Auto_Tor_IP_changer.git

python3 install.py
python3 autoTOR.py
60
100

sudo apt install koadic install

info info what port and what ip
run run script and copy link to paste in cmd in Windows promt

wifite basic version

cd wifite2/
python3 Wifite.py

--kill kill conflickted proceses
-mac automatic change mac adress

python3 Wifite.py --kill -mac

Usuing for scan wifi and overload users from wlan

airmon-ng check kill kill not using proccess

airmon-ng start wlan0 enable monitor mode

airodump-ng wlan0 monitoring

airodump-ng --bssid <MAC> --channel <CH> -w <path> <LAN type> listen certain LAN
  airodump-ng --bssid 84:D8:1B:61:C1:2C --channel 11 -w /home/manifast/Desktop/wifi wlan0
  airodump-ng --bssid 84:D8:1B:61:C1:2C --channel 11 wlan0
airodump-ng -c 3 -w amaliya --bssid 04:95:E6:57:DC:91 wlan0
You can press Tab for highlight points

aireplay-ng --deauth <count 0 - all time or 1-100 > -a [rounters's MAC] -c <STATION> <LAN type> set down
  aireplay-ng --deauth 30 -a 84:D8:1B:61:C1:2C -c 70:BB:E9:E2:D3:53 wlan0
  aireplay-ng --deauth 0 -a 84:D8:1B:61:C1:2C wlan0
aireplay-ng -0 0 -a wlan0<MAC>
  use --help for more !

Calculate hendshake:
aircrack-ng <> -w <path>
  aircrack-ng QWERTY-01.cap -w /usr/share/wordlists/wifi_rockyou.txt

Sort only words > 8:
cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > wifi_rockyou.txt

You remain invisible on the web

Quite a good tool for searching by nickname. Therefore, to work with it, we will need to enter only one command.

pip3 install maigret

App for scanning ip addresses in your ethernet bridge (сетевой мост).
Active/passive ARP reconnaissance tool

Pre-installed

sudo netdiscover -i eth0
sudo netdiscover -r 192.168.0.0/16

Using for find right password from list of passwords and hash of zip's password

john --wordlist=<path of passwords> <hash of password>

Using for hashinging zip password, f.x from zip give file hash of password

zip2john <path> > <file.txt>

Using like alternative for command nmap -p <port> <ip> --script vuln

nikto -h <ip>

enum4linux -n $IP
nmblookup -A $IP
ngrep -i -d tap0 's.?a.?m.?b.?a.*[[:digit:]]'

Analyze compiled code.

Ghidra is a software reverse engineering (SRE) framework, includes a suite of full-featured, analysis tools that enable users to analyze compiled code.

sudo apt install ghidra

Using for showing all info of file (meta). For ex. find name of creator.

sudo apt-get install exiftool - install

exiftool <file path> start

Using for download all file from site.

sudo apt-get install metagoofil - install

metagoofil -d <site> -l 10 -n 10 -t <.type> -o <save path> start, -l limit, download files limit, -t type of file, -s where save.

example:
metagoofil -d it-black.ru -l 10 -n 10 -t pdf,dox,xml,xls,docx -o /home/manifast/Desktop/

tipes:
pdf,dox,xml,xls,docx,php,png,jpg,zip,rar,7z,wav,psd

Find info about nickname in sites

sudo apt install sherlock install

Find emails in domen.
theHarvester is used to gather open source intelligence (OSINT) on a company or domain.

theHarvester -d <domain> -l <count> -b <search> -f <save path>
  theHarvester -d mail.ru -l 500 -b google -f /home/manifast/Desktop/file example

-d domain (source)
anubis, baidu, bing, binaryedge, bingapi, bufferoverun,
censys, certspotter, crtsh, dnsdumpster, duckduckgo,
fullhunt, github-code, google, hackertarget, hunter, intelx,
linkedin, linkedin_links, n45ht, omnisint, otx, pentesttools,
projectdiscovery, qwant, rapiddns, rocketreach,
securityTrails, spyse, sublist3r, threatcrowd, threatminer,
trello, twitter, urlscan, virustotal, yahoo, zoomeye

-l limit
-b searching site
-f file name

Start Metasploit
use auxiliary/gather/search_email_collector open
show options help
set domain <dns> <search> set domain mipt.ru search_google

Use for find login page or enother info

Pentest-tools site

(SQL) Structured Query Language
is a standardized programming language that is used to manage
relational databases and perform various operations on the data in them.

(PII) Highlighting Personally Identifiable Information, across SQL Server.

What is the 2021 OWASP Top 10 classification for this vulnerability?

Beautiful:

Thx:
https://null-byte.wonderhowto.com/how-to/
All blogers who explain it.

Do u like it ? Star repo and share it with your friends!)