Search the Community

Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks. It uses many open source tools, most of them are available for download from github. Changelog v3.0 MAJOR CHANGES Changed operation system from UBUNTU to Kali Changed .bashrc aliases. All modules were rebuilt. Added new module crimson_IPcon – for IP-only assessment. Active Directory enumeration & vulnerability scanning was added in crimson_IPcon. No more port scanning on crimson_recon and crimson_target. If you need this functionality, use crimson_IPcon. No more Python 2.7 code ( there are still some scripts in the /scripts/ directory, but the modules do not use them. I decided to leave them there, so I can rewrite the code if needed to python3 or GO in the future) testssl, wpscan and jwt_tool transferred from crimson_exploit to crimson_target testssl transferred from crimson_exploirt to crimson_target crimson_exploit does not need domain anymore, just the params.txt | all.txt | dirs.txt files Added sstimap.py to the SSTI testing in the crimson_exploit module It is possible now to use the crimson_exploit module without a domain name. Just place the dirs.txt and params.txt in the current directory and run the script. MINOR CHANGES crimson_faker.py script => Template for generating fake data for API testing. crimson_target – dig_for_secret functions were moved out. It will be a part of the 5th module for the static code analysis in the next patch. New for flag crimson_target -n to skip brute-forcing directories. All banners were removed from modules Nuclei run with headless mode You can use c_0, c_1, c_2, and c_3 aliases instead of crimson_MODULE-NAME Removed some static_code analysis functions from modules and placed them in the future c_4 module named crimson_lang. [Hidden Content]

THESE ARE THE MEANING OF THE FOLLOWING ABBREVIATIONS. _______________________ 1.) GOOGLE - Global Organization Of Oriented Group Language Of Earth. 2.) YAHOO - Yet Another Hierarchical Officious Oracle. 3.) WINDOW - Wide Interactive Network Development for Office work Solution. 4.) COMPUTER - Common Oriented Machine Particularly United and used under Technical and Educational Research. 5.) VIRUS - Vital Information Resources Under Siege. 6.) UMTS - Universal Mobile Telecommunicati ons System. 7.) AMOLED - Active-matrix organic light-emitting diode. 8.) OLED - Organic light-emitting diode. 9.) IMEI - International Mobile Equipment Identity. 10.) ESN - Electronic Serial Number. 11.) UPS - Uninterruptible power supply. 12. HDMI - High-Definition Multimedia Interface. 13.) VPN - Virtual private network. 14.) APN - Access Point Name. 15.) SIM - Subscriber Identity Module. 16.) LED - Light emitting diode. 17.) DLNA - Digital Living Network Alliance. 18.) RAM - Random access memory. 19.) ROM - Read only memory. 20.) VGA - Video Graphics Array. 21.) QVGA - Quarter Video Graphics Array. 22.) WVGA - Wide video graphics array. 23.) WXGA - Widescreen Extended Graphics Array. 24.) USB - Universal serial Bus. 25.) WLAN - Wireless Local Area Network. 26.) PPI - Pixels Per Inch. 27.) LCD - Liquid Crystal Display. 28.) HSDPA - High speed down-link packet access. 29.) HSUPA - High-Speed Uplink Packet Access. 30.) HSPA - High Speed Packet Access. 31.) GPRS - General Packet Radio Service. 32.) EDGE - Enhanced Data Rates for Globa Evolution. 33.) NFC - Near field communication. 34.) OTG - On-the-go. 35.) S-LCD - Super Liquid Crystal Display. 36.) O.S - Operating system. 37.) SNS - Social network service. 38.) H.S - HOTSPOT. 39.) P.O.I - Point of interest. 40.) GPS - Global Positioning System. 41.) DVD - Digital Video Disk. 42.) DTP - Desk top publishing. 43.) DNSE - Digital natural sound engine. 44.) OVI - Ohio Video Intranet. 45.) CDMA - Code Division Multiple Access. 46.) WCDMA - Wide-band Code Division Multiple Access. 47.) GSM - Global System for Mobile Communications. 48.) WI-FI - Wireless Fidelity. 49.) DIVX - Digital internet video access. 50.) APK - Authenticated public key. 51.) J2ME - Java 2 micro edition. 52.) SIS - Installation 53.) DELL - Digital electronic link library. 54.) ACER - Acquisition Collaboration Experimentation Reflection. 55.) RSS - Really simple syndication. 56.) TFT - Thin film 57.) AMR- Adaptive Multi-Rate. 58.) MPEG - moving pictures experts group. 59.) IVRS - Interactive Voice Response System. 60.) HP - Hewlett Packard.

Some vocabulary Infosec: Information security, which is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Infosec can also be a person who practices ethical security. Opsec: Operations security, which is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. Black/grey/white hat hacker: Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if they're a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is usually a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, they might want to be malicious if it can be benefit (data breach, money, whistleblowing ...). Red team: According to Wikipedia, a red team or the red team is an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. It is particularly effective in organizations with strong cultures and fixed ways of approaching problems. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were foreign world leaders. Little formal doctrine or publications about Red Teaming in the military exist. In infosec exercises, Red teamers are playing the role of attackers. Blue team: A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. As a result, blue teams were developed to design defensive measures against red team activities. In infosec exercises, Blue teamers are playing the role of defenders. Penetration tester: An ethical hacker who practices security, tests applications and systems to prevent intrusions or find vulnerabilities. Security researcher: Someone who practices pen testing and browses the web to find phishing/fake websites, infected servers, bugs or vulnerabilities. They can work for a company as a security consultant and are most likely a Blue teamer. Reverse engineering: Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Similar to scientific research, the only difference being that scientific research is about a natural phenomenon. Social engineering: In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught on among computer and information security professionals. Threat analyst: A threat hunter, also called a cybersecurity threat analyst, is a security professional or managed service provider (MSP) that proactively uses manual or machine-assisted techniques to detect security incidents that may elude the grasp of automated systems.

[Hidden Content]

Crimson Crimson is a tool that automates some of the Pentester or Bug Bounty Hunter tasks. It uses many open source tools, most of them are available for download from github. It consists of three partially interdependent modules: crimson_recon – automates the process of domain reconnaissance. crimson_target – automates the process of urls reconnaissance. crimson_exploit – automates the process of bug founding. 🔻crimson_recon This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools. 🔻crimson_target This module covers one particular domain chosen by you for testing. It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools. 🔻crimson_exploit This module uses a number of tools to automate the search for certain bugs in a list of urls. Changelog v2.0 From now on, Crimson acts as a docker container and the install.sh script is no longer supported (Although, it should still works on Linux Mint) Much of the code has been rewritten and improved. Added project_valuation.sh, crimson_mass_nmap.py script to scripts directory Added Ciphey tool words directory has been improved Added new options to all three modules to make them more “elastic”. Added rustscan in place of masscan crimson_recon: Added optional flags to this module, which are shown below: -x # Domain bruteforcing (with words/dns wordlist) -v # Virtual host discovering -p # TCP ports scanning (1-65535) -u # UDP ports scanning (nmap default ports) -b # Third level subdomain bruteforcing -y # Proxy urls.txt and live.txt to Burp (127.0.0.1:8080) crimson_target Added optional flags to this module, which are shown below: -p # TCP (1-65535) / UDP (nmap default) ports scanning -a # Automatic deletion of possible false-positive endpoints after brute forcing with ffuf (this option needs more tests) -y # Proxy urls.txt and ffuf.txt to Burp (127.0.0.1:8080) A lot of modifications in the script New workflow – check the documentation guidelines. crimson_exploit The script was rewritten New tools being added, check scripts directory! Faster CVE scanning [hide][Hidden Content]]

Go scripts for finding an API key / some keywords in repository. Update V1.0.1 Removing some checkers Adding example file contains github dorks [hide][Hidden Content]]

It consists of three partially interdependent modules: crimson_recon – automates the process of domain reconnaissance. crimson_target – automates the process of urls reconnaissance. crimson_exploit – automates the process of bug founding. 🔻crimson_recon This module can help you if you have to test big infrastructure or you are trying to earn some bounties in *.scope.com domain. It includes many web scraping and bruteforcing tools. 🔻crimson_target This module covers one particular domain chosen by you for testing. It uses a lot of vulnerability scanners, web scrapers and bruteforcing tools. 🔻crimson_exploit This module uses a number of tools to automate the search for certain bugs in a list of urls. Changelog v1.4 Faster port scanning with “rustscan” Patched jsextractor bug “upload” directory created with a file for manual upload testing “pywhat” and “gmapiscanner” was added to installation Minor changes and bug fixes [hide][Hidden Content]]

Good community lvl23, I am looking for a forum similar to this one, but in cryptocurrencies. Do you recommend any black forum in crypto. I'm looking, but I can't find something that explains better how blockchain works, the most anonymous crypto and how Mixers/Tumblers work. Thanks in advance

Some Pentest Tools. Install and keep up to date some pentesting tools. I used this to pass my OSCP exam. Why I was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo (which you can see at the bottom of the page) and it gave me the motivation to start working on mine right away. But keep in mind that is different. I built this for people that are working with Kali. Should work on others distro but I didn't include tool like Burp Suite or SQLmap because it comes in Kali by default. [hide][Hidden Content]]

[Hidden Content]

Download links of Some Udemy Courses(Part- 2) ◾️Build an Advanced Keylogger using C++ for Ethical Hacking ◾️Css & JQuery Form Designing From Beginner to Expert ◾️Facebook Marketing Next Level List Building Strategies ◾️Get 100,000+ Premium Royalty Free Images For your Website ◾️How Hackers Create Malware and Infiltrate Victim Machines ◾️How To Start Dropshipping With Shopify & Aliexpress ◾️How To Start Trading Penny Stocks In 10 Easy Steps 2017 ◾️How to Succeed on Fiverr by Doing Freelance Work ◾️Kotlin for Android Development Develop an App with Kotlin ◾️Learn Android 4.0 Programming in Java Download Free: [Hidden Content]

[Hidden Content]

Some Internet Tricks With Computer Short Cut Tricks [Hidden Content]

SOME COOL TERMUX COMMANDS 1. A Moving Train Will Be Displayed On The Screen. [Hidden Content] 2. Display text in a different style. [Hidden Content] 3. Find factors of a number [Hidden Content] 4. To see text in colorful style [Hidden Content] 5. To open any site in termux [Hidden Content] TO KNOW MORE ABOUT ANY COMMAND TYPE [Hidden Content] Eg : [Hidden Content]

I have a compiled mt4 indicator. It have some kind of protection. The developer of that indicator take account number from the buyer and binds indicator with that account.Then that indicator is only useable with that account. I want to bypass that protection on that indicator.please help me in this problem. this is an image of that error or something