Avi's blog

  https://gist.github.com/mndambuki/bf3b6a1de33dd84dc4f59dcf8e111618 From the above link you will get below codes .bat version.  Run the below commands as per instructions.  1. Open powershell ise with admin privilege and paste the below powershell script commands: Write-Host "Activating Microsoft Office 2019..." # Office installation path detection if (Test-Path "C:\Program Files\Microsoft Office\Office16\ospp.vbs") {     cd "C:\Program Files\Microsoft Office\Office16" } elseif (Test-Path "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs") {     cd "C:\Program Files (x86)\Microsoft Office\Office16" } else {     Write-Host "Office installation not found."     exit } # Remove previous KMS configuration cmd.exe /c "cscript //nologo slmgr.vbs /ckms" cmd.exe /c "cscript //nologo ospp.vbs /setprt:1688" cmd.exe /c "cscript //nologo ospp.vbs /unpkey:6MWKP" # Enter new product key cmd.exe /c ...

 Wapiti3 web application scanner installation.... The below is wapiti's github link. Please update your kali packages before using this tool. https://github.com/wapiti-scanner/wapiti git clone https://github.com/wapiti-scanner/wapiti cd wapiti cd bin wapiti -h wapiti -u https://domain.com Avi

 Follow the commands to install and configure API hacking lab: 1. Install kali linux and update all the packages.  apt update -y apt upgrade -y or apt dist-upgrade -y or apt full-upgrade -y If you face any problem regarding update, install cloud flare warp in the host machine, then again start updating packages in your kali vm.  2. Install and configure burpsuite professional.  Open burpsuite and go to Extender tab. Click on BAppStore. Search for Autorize extension, It will help us to automate authorization testing. Click on Download Jython. From Jython website click on Jython standalone and save it. Go to Extender > Options and under python environment select the jython jar file that you just downloaded. Now again go to BAppStore and re-search for Autorize extension. You will see Install option this time after selecting Autorize extension. Install it. You will see all the installed extensions under Extender > Extensions tab.  3. Install foxy proxy to prox...

  Activating windows 11 Pro....Commands are given without quotes. Step 1.1: Open command prompt with admin privilege.  Step 1.2: Install KMS client key. Use the command “ slmgr /ipk kmsclientkeys ” to install a license key (kmsclientkey is the activation key that corresponds to your Windows edition). Command syntax : " slmgr /ipk  W269N-WFGWX-YVC9B-4J6C9-T83GX" The following are the list of  kmsclientkeys  for Windows 11 Volume license keys. Home: TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 Home N: 3KHY7-WNT83-DGQKR-F7HPR-844BM Home Single Language: 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH Home Country Specific: PVMJN-6DFY6-9CCP6-7BKTT-D3WVR Pro: W269N-WFGWX-YVC9B-4J6C9-T83GX Pro N: MH37W-N47XK-V7XM9-C7227-GCQG9 Education: NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 Education N: 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ Enterprise: NPPR9-FWDCX-D2C8J-H872K-2YT43 Enterprise N: DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 Step 1.3: Set KMS server. Use the command “ slmgr /skms kms8.msguides.com ” to connect to my KMS server. Step...

  https://github.com/c0dejump/HExHTTP Found that manually installing this tool will give you some pain in kali. So I choose docker option.  apt install docker.io -y git clone https://github.com/c0dejump/HExHTTP.git cd HExHTTP docker build -t hexhttp:latest . docker run --rm -it --net=host -v "$PWD:/hexhttp/" hexhttp:latest -u 'https://target.tld/' Avi

 Installation guide: https://github.com/owasp-amass/amass/blob/master/doc/install.md Usage: https://github.com/owasp-amass/amass/blob/master/doc/tutorial.md External Attack surface monitoring using Owasp Amass project. This is also called reconnaissance or information gathering phase to more than 80 sources. It an wonderful tool to use. Results are almost accurate. But you should check if you see a result that is not familiar to you. Because amass taking data from the third party db. So there is a possibility that, that of db giving amass fake data. Though amass apply dns enumeration for better result but still it is worth checking for weird informations.  Comes with 3 subcommands. amass intel|enum|db amass intel -- Discover target namespaces for enumerations i.e. target is associated with how many domains!!!! amass enum -- Perform enumerations and network mapping of those domains and sub-domains. amass db -- Manipulate the Amass graph database Amass Intel amass intel ...