Avi's blog

 Installation guide: https://github.com/owasp-amass/amass/blob/master/doc/install.md Usage: https://github.com/owasp-amass/amass/blob/master/doc/tutorial.md External Attack surface monitoring using Owasp Amass project. This is also called reconnaissance or information gathering phase to more than 80 sources. It an wonderful tool to use. Results are almost accurate. But you should check if you see a result that is not familiar to you. Because amass taking data from the third party db. So there is a possibility that, that of db giving amass fake data. Though amass apply dns enumeration for better result but still it is worth checking for weird informations.  Comes with 3 subcommands. amass intel|enum|db amass intel -- Discover target namespaces for enumerations i.e. target is associated with how many domains!!!! amass enum -- Perform enumerations and network mapping of those domains and sub-domains. amass db -- Manipulate the Amass graph database Amass Intel amass intel ...

Link to the repo:  https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen?tab=readme-ov-file git clone https://github.com/Cybersecurity-Ethical-Hacker/xssdynagen.git cd xssdynagen The following 4 packages are needed for this tool to work and are already installed in kali.  pipx install aiohttp  pipx install colorama pipx install tqdm pipx install "uvloop>=0.17.0" You can always check the package existence: dpkg -l | grep packagename If not installed then use this command: pip/pip3 install -r requirements.txt If that also does not work then: apt install python3-aiohttp apt install python3-colorama apt install python3-tqdm apt install python3-uvloop In kali you need to install paramspider: apt install paramspider -y paramspider -d example.com   (Though this command in kali does not work) For ubuntu: git clone https://github.com/0xKayala/ParamSpider cd ParamSpider pip/pip3 install -r requirements.txt (If giving error then install the packages in above mentioned w...

This tool is perfectly works on ubuntu 24 system. And I found it is not working properly in kali linux 24 version.   https://github.com/blackhatethicalhacking/SQLMutant/tree/main This tool need to use along with sqlmap tool. Showing this cheat sheet for kali or debian based system.  This tool actually analyze everything and give you the vulnerable url where sql injection is possible. You just need to use then sqlmap to exploit that.   Prerequisite: apt install pipx -y (for ubuntu) pip3 install uro or pipx install uro pipx ensurepath pipx completions  (not needed)  source ~/.bashrc   or restart system If go tool is not installed then run the below two commands first ( golang-go ) or follow this link to install go (https://mahimfiroj.blogspot.com/2024/12/installing-nuclei-in-kali.html) otherwise skip this step.   dpkg -l | grep packagename (Using this command you can check package is installed or not) apt install gccgo-go -y or apt install gol...

  Cracking burpsuite in kali: https://drive.google.com/drive/folders/13WQeT99kyyeWOmKGRKnjTKzCJmkrKdUa (This is not shared link. Log in to ovi.it88 gmail id and then click on the link) Follow step by step procedure...... Download the tool from the above link. Place the tool in /tmp folder or in any folder where you have permission in kali. The tool is under this folder  burpsuite_pro_v2024.5 for linux. Go to that /tmp/burpsuite_pro_v2024.5 for linux folder Open command prompt meaning terminal there and run this command: java -jar burploader.jar A pop-up window will appear. Another pop up window called license agreement will appear. Uncheck the condition and click I Accept . From the loader window, copy the License key  and click on Run. Now you have two window. Paste that on the Enter license key window and click Next.  Check the "Use proxy server to connect" and click on Manual activation .  Now click Copy request under Manual Activation window.  ...