· 6 years ago · Oct 17, 2019, 01:58 PM
1
2kali > apt-get install sparta
3
4kali > apt-get install eyewitness
5
6
7From the bootable USB you may need this signature update.
8
9wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
10
11Now how do we install the package? We use dpkg command and the -i flag to install the package, like so:
12
13dpkg -i kali-archive-keyring_2018.1_all.deb
14
15And now finally do,
16
17apt update && apt upgrade
18
19___________________________________
20
21#IRC CHAT
22
23> useradd -m username
24
25# -m creates a home directory for the user
26
27> passwd username
28
29> usermod -a -G sudo username
30
31> chsh -s /bin/bash username
32
33
34#Search for hexchat in the applications section or
35
36kali > apt-get install hexchat
37
38#IpV4
39
40/server -ssl irc.anonops.com 6697
41
42#or for Ipv6
43
44/server -ssl ipv6.anonops.com 6697
45
46#Change the logging setting to max at 10000 entries, include the URLs, and include the dat/time stamps
47
48#logs are saved in home/.config/hexchat
49
50#you can also veiw the saved folder in the preferences tab -> under logging
51
52_____________________________________
53
54#EyeWitness
55
56git clone https://github.com/ChrisTruncer/EyeWitness.git
57
58cd EyeWitness/
59
60chmod +x setup.sh
61
62./setup/setup.sh
63
64python EyeWitness.py -f YOUR_IPs.txt --timeout 5 --max 0 --web --add-https 443 --results 200
65
66./EyeWitness -f YOUR_IPS.txt --timeout 30 --headless
67
68#When using the installed package
69
70eyewitness -f /root/Downloads/ihmc.txt --timeout 15 --max 0 --web --add-https 443 --results 200
71
72
73
74_____________________________________________
75
76#Transfering files
77
78This will output to the directory you are in. You also need to be in the directory with the file/folder to keep it simple
79
80zip -r ihmc_ew_report.zip usr/share/eyewitness/09262019_063752/
81
82unzip zipfile.zip
83
84Email or download from NoMachine
85
86_____________________________________________
87
88#recon-ng and domain
89
90git clone https://github.com/jhaddix/domain
91
92cd domain
93
94./enumall.py domain1.com
95
96git clone https://github.com/infosec-au/altdns
97
98#navigate to your Desktop and run the following if you want altdns installed as well
99
100git clone https://github.com/infosec-au/altdns
101
102cd altdns
103
104pip install py-altdns
105
106#make a folder called "Desktop/altdnsmaster/"
107
108#For Recon-NG key add
109
110recon-ng
111
112show keys #shows the keys that are added.
113
114keys add [key type from list syntax] [your key]
115
116#Quick links to make yourself keys - https://github.com/Raikia/Recon-NG-API-Key-Creation/blob/master/README-v4.8.3.md
117______________________________________________
118#other uses
119
120./enumall.py domain1.com domain2.com domain3.com -i domainlist.txt -a -p permutationslist.txt -w wordlist.com
121
122Output from recon-ng will be in `.lst` and `.csv` files, output from alt-dns will be in a `.txt` file
123
124______________________________________________
125#Install scheme
126
127git clone https://github.com/nccgroup/Scout2
128
129cd Scout2
130
131pip install -r requirements.txt
132
133python setup.py install
134
135_____________________________________________
136
137#Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking,
138phishing, and corporate espionage.
139
140urlcrazy -k [QWERTY, AZERTY, QWERTZ, DVORAK] -o /Desktop/[filename] -f csv -p example.com
141
142___________________________________________
143
144dnstwist
145
146sudo apt-get install python-dnspython python-geoip python-whois python-requests python-ssdeep python-cffi
147
148git clone https://github.com/elceef/dnstwist
149
150pip install -r requirements.txt
151
152./dnstwist.py -gbagwsm [Yourdomain]
153
154_____________________________________________
155
156LazyS3
157
158git clone https://github.com/nahamsec/lazys3
159
160cd lazys3
161
162ruby lazys3.rb [domain prefix ex. "SAIC"]
163
164_________________________________________________
165
166trackerjacker
167
168git clone https://github.com/calebmadrigal/trackerjacker
169
170cd trackerjacker
171
172pip install -r requirements.txt
173
174python setup.py install
175
176python3 setup.py install
177
178 #run ifconfig to find the name of your network interfaces
179
180trackerjacker --map -i -name of interface"wlan1"] --map-file [filename]
181
182trackerjacker --map -i wlan1 --map-file testnothing.yaml
183
184trackerjacker -i wlan1 --track --trigger-plugin foxhunt
185
186cat wifi_map.yaml
187
188___________________________________________________________
189
190AIRCRACK-NG
191 #when you go into monitor mode you lose wifi. get it back with airmon-ng stop wlan0mon
192 #wordlist.txt on /Desktop
193#Setup
194
195wget https://download.aircrack-ng.org/aircrack-ng-1.5.2.tar.gz
196tar -zxvf aircrack-ng-1.5.2.tar.gz
197sudo apt-get install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libpcre3-dev libhwloc-dev libcmocka-dev
198
199#Setup
200
201git clone https://github.com/aircrack-ng/aircrack-ng
202autoreconf -i
203./configure --with-experimental --with-ext-scripts --with-gcrypt
204
205airmon-ng #checks for the available wlan
206
207airmon-ng start wlan0
208
209airodump-ng wlan0mon #set airdump to the wlan you want to use. This will also grab the info for the SSID you want to target
210
211airodump-ng -c [channel #] --bssid [full mac addr] -w [SSid name] wlan0mon
212
213aireplay-ng -0 0 -a [full mac of target] wlan0mon #can also do -c [client mac] for specific user
214
215aircrack-ng -w /root/Desktop/wordlist.txt /root/Pretty_fly_4_a_WiFi-01.cap #replays the pcap to find the passwords
216
217airmon-ng stop wlan0mon
218
219service NetworkManager restart
220
221_____________________________________________________________________________________________________
222
223#Truecrypt Mounting from External Drive in Command line
224
225sudo truecrypt /root/Desktop/[File] /final/destination
226
227# can add -p PASSWORD if you need to.
228
229truecrypt --mount /home/desgua/Dropbox/enc1 /mnt/mymountpoint/
230 #if there is an error --mount filepath --force
231
232______________________________________________________________________________________________________
233
234#Venemy
235
236git clone https://github.com/mportatoes/venemy
237
238#Follow the instructions to pull the info for the API key - Firefox->Developer tools->Netowrk->Refresh->Cookies->scrool to see API key.
239
240python3 venemy_auth.py --all [username] #pulls all the info for a specific user
241
242python3 venemy_auth.py --crawl [username] #goes after friends of friends
243
244_________________________________________________________________________________________________________
245
246#theHarvester
247
248git clone https://github.com/laramies/theHarvester
249
250python3 -m pip install -r requirements.txt
251
252theharvester -d [domain name] -b all -l [results limit]
253
254#To change teh API key
255/usr/share/theharvester/discovery/shodansearch.py in the line 7 self.key="Your aPI Key Here" and copy your API Key.
256
257____________________________________________________________________________________________________________
258
259#UserRecon
260
261git clone https://github.com/thelinuxchoice/userrecon
262
263./userrecon.sh
264
265#enter target username