Thursday, 17 June 2021

Website Penetration

 Website Penetration Testing: A Beginner’s Guide

What Is a Website and How Does It Work?

A website is a software application installed on a server (or a computer) that allows users to access content or services over the internet. Understanding how a website works involves knowing the role of the web server, the database, and how these components interact. A website has two main applications a web server(for example, Apache) and a database(for example, MySQL).

  1. The web server is used to understand and executes the web application. A web application can be written in Java, Python, PHP, or any other programming language. The only restriction is that the web server needs to be able to understand and execute the web application.
  2. The database contains the data that is used by the web application. All of this is stored on a computer called the server. The server is connected to the internet and has an IP address, and anybody can access or ping it.

The web application is executed either by the target or by the web server which is installed on our server. Therefore, any time we run a web application or request a page, it is actually executed on the web server and not on the client's computer. Once it is executed on the web server, the web server sends an HTML page which is ready to read to the target client or person, as shown in the following diagram:


Diagram showing how a website server sends HTML to a client

Suppose, we are using a computer or a phone, and we want to access google.com. In our URL, if we type google.com, it will be translated to an IP address using a DNS server. A DNS is a server that translates every name, .com, .edu or any website with a name or a domain name to its relevant IP address. If we request google.com, then the request goes to a DNS server and translates google.com to the IP where Google is stored. Then the DNS server will go to the IP address of Google and execute the page that we wanted using all of the applications that we have spoken about, and then just give us a ready HTML page.

Now the program gets executed on the server, and we just get an HTML which is a markup language as a result of the program. This is very important, because in the future, if we want to get anything executed on the web server, such as a shell, then we need to send it in a language that the web server understands(for example PHP). Once we execute it inside the server, it will be executed on the target computer.

This means that, regardless of the person that accesses the pages, the web shell that we are going to send(if it is written in Java or in a language that the server understands) will be executed on the server and not on our computer. Therefore, it will give us access to the server and not to the person who accessed that server.

On the other hand, some websites use JavaScript, which is a client-side language. If we can find a website that allows us to run JavaScript code, then the code will be executed by the clients. Even though the code might be injected into the web server, it will be executed on the client side, and it will allow us to perform attacks on the client computer and not on the server. Hence, it is very important to distinguish between a client-side language and a server-side language.

Attacking a Website

In this section, we are going to discuss attacking a website. For attacking websites, we have two approaches:

  1. We can use the methods of attacking a website method that we have learned so far. Because we know that a website is installed on a computer, we can try to attack and hack it just like any other computer. However, we know that a website is installed on a computer, and we can try to attack and hack it just like any other computer. We can also use server-side attacks to see which operating system, web server or other applications are installed. If we find any vulnerabilities, we can use any of them to gain access to the computer.
  2. Another way to attack is client-side attacks. Because websites are managed and maintained by humans. This means that, if we manage to hack any of the administrators of the site, we will probably be able to get their username and password, and from there log in to their admin panel or to the Secure Socket Shell (SSH). Then we will be able to access any of the servers that they use to manage the website.

If both of the methods fail, we can try to test the web application, because it is just an application installed on that website. Therefore, our target might not be the web application, maybe our target is just a person using that website, but whose computer is inaccessible. Instead, we can go to the website, hack into the website, and from there go to our target person.

All of the devices and applications are interconnected, and we can use one of them to our advantage and then make our way to another computer or to another place. In this section, instead of focusing on client-side and server-side attacks, we will be learning about testing the security of the web application itself.

We are going to use the Metasploitable machine as our target machine, and if we run ifconfig command, we will see that its IP is 10.0.2.4, as shown in the following screenshot:



If we look inside the /var/www folder, we can see all the website files stored, as shown in the following screenshot:



In the above screenshot, we can see that we have a phpinfo.php page, and we have dvwa, Mutillidae, and phpMyAdmin. Now, if we go to any machine on the same network, try to open the browser and go to 10.0.2.4, we will see that we have a website made for Metasploitable, as shown in the given screenshot. A website is just an application installed on the web browser, and we can access any of the Metasploitable websites and use them to test their security:




Now we are going to look at the DVWA page. It requires a Username as admin and a Password as a password to log in. Once we enter these credentials, we can log in to it, as shown in the following screenshot:


Once we logged in, we can modify the security settings by using the DVWA Security tab, as shown in the following screenshot:



Under the DVWA Security tab, we will set Script Security to low and click on Submit:




We will keep it set to low in the upcoming section. Because this is just an introductory course, we will only be talking about the basic way of discovering web application vulnerabilities in both DVWA and the Mutilliidae web application.

If we go to the Mutillidae web application in the same way that we accessed the DVWA web application, we should make sure that our Security Level is set to 0, as shown in the following screenshot:


We can toggle Security Level by clicking the Toggle Security option on the page:


Information Gathering

In this section, we will discuss various techniques to gather information about the client using Whois Lookup, Netcraft, and Robtex. Then we will see how we can attack a server by targeting websites that are hosted on that server. Moving towards the information gathering section, we will learn about subdomains and how they can be useful for performing attacks. Later we are going to look for files on the target system to gather some information and also analyze that data.

Now, we will do information gathering before we start trying to exploit. Therefore, we are going to gather as much information as we can about the IP of the target, the technology that is used on the website, the domain name info, which programming language is used, what kind of server is installed on it, and what kind of database is being used. We will gather the company's information and its DNS records. We will also see subdomains that are not visible to other people and we can also find any files that are not listed. Now we can use any of the information-gathering tools that we used before, for example, we can use Maltego and just insert an entity as a website, and start running actions. We can also use Nmap, or even Nexpose, and test the infrastructure of the website and see what information we can gather from that.

This section will cover the following topics:

  • Whois Lookup
  • Netcraft

Whois Lookup

In this section, we are going to have a look at Whois Lookup. It is a protocol that is used to find the owners of internet resources, for example, a domain, a server, and an IP address. In this, we are not actually hacking, we are just retrieving information from a database about owners of stuff on the internet. For example, if we wanted to register a domain name like zaid.com we have to supply information about the person who is signing in like the address, and then the domain name will be stored in our name and people will see that Zaid owns the domain name. That is all we are going to do.

If we google Whois Lookup, we will see a lot of websites providing the services, so we are going to use http://whois.domaintools.com, enter our target domain name as isecurity.org, and press the Search button as shown in the following screenshot:




In the following screenshot, we can see that we get a lot of information about our target website:




We can see the email address that we can use to contact the domain name info. Usually, we will be able to see the company's address that has registered the domain name, but we can see that this company is using privacy on their domain. If the company is not using any privacy, we will be able to see their address and much more information about the actual company.

We can see when the domain name was created, and we can also see the IP address of isecurity.org. If we ping the IP, we should get the same IP address as mentioned in the following screenshot.

If we run ping.www.isecurity.org, the same IP address will be returned:


In the above screenshot, we can see the IP Location, Domain Status, and we can also access the History, but we need to register for that. Now, again we can use this information to find exploits.

In the following screenshot, in the Whois Record, we can find more information about the company that registered this domain:



This is essential information, but it is very helpful in the long run, just to know what their IP is, what our target is, and what services they are using. We can see the name server that is being used, and we can also see which company they are provided by.

Netcraft

In this section, we will learn how to get information about the technologies which is used by the target websites. To do this, we are going to use a website called Netcraft (https://www.netcraft.com), and then we will put the target address, select our target as isecur1ty.org, and click on the arrow as shown in the following screenshot:


After this, click on Site Report as shown in the following screenshot:


In the given screenshot, we can see some basic information like Site title, Site rank, Description, Keywords, and when the website was created:


When we further scroll down, we can see the website itself, the Domain, the IP address, and the Domain registrar, which is the company that registered the domain for isecur1ty:

In the preceding screenshot, we would normally see information about the organization, but here, we can't because isecur1ty is using privacy protection. Usually, we should be able to see such information and even more.

In the preceding screenshot, we can see that it is hosted in the UK, we can also see the Nameserver, which is ns1.digitalocean.com, and again, if we just go to ns1.digitalocean.com, we will discover that this is a website for web hosting.

Now, we know that this is a web hosting company, and in worst-case scenarios, we can use this or try to hack into ns1.digitalocean.com itself to gain access to isecur1ty.

If we further scroll down, we will see the Hosting History of the hosting companies that isecur1ty used. We can see that the latest one is running on Linux with Apache, the same server that we saw in the previous section, 2.2.31 with Unix mod_ssl and all the other add-ons:


Again, this is very important to find exploits and vulnerabilities on our target computer.

Scrolling down to Web Track ers, will show us the third-party applications used on our target, so we can see that our target uses MaxCDN, Google, and other Google services. This could also help us to find and gain access to the target computer as shown in the following screenshot:


The Technology tab shows us the technologies which are used on the target websites:

 

In the above screenshot, we can see that it is using the Apache web server. On the Server-Side, we can see that the website uses PHP, which means the website can understand and run PHP code. In future, if we manage to run any kind of code on our target, then the code should be sent as PHP code. To create payloads on Metasploit or on Veil-Evasion, we should create them in PHP format and the target website will be able to run them because it supports PHP.

On the Client-Side, we can see in the preceding screenshot that the website supports JavaScript, so if we run JavaScript on the website, it would not be executed on the website, it will be executed on the user side who are viewing the website because JavaScript is a client-side language and PHP is server-side. If we manage to run PHP code, it will be executed on the server itself. If we manage to run JavaScript, it will be executed on the users. It is the same as jQuery. This is just a framework for JavaScript.

In the following screenshot, if we are scrolling down, then the website uses WordPress Self-Hosted software. Netcraft will show any web applications being used on the website:

WordPress is just a web application, so we could see other examples in our case, and it is an open source web application, there are a lot of other websites that might have. If we are lucky enough to find an existing one, then we can go ahead and exploit it on the target website. For example, suppose we have WordPress and if we go to 
https://www.exploit-db.com/ and search for WordPress, we will be able to find a lot of exploits related to WordPress.

There are different versions of WordPress. We need to make sure that we have the same number of versions as our target. We will look at an example to see how to use exploits, but it just shows how powerful information gathering is. If we further scroll, we will find other information like the websites uses HTML5 and CSS, and all kind of stuff as shown in the following screenshot:


Hence, Netcraft is used for getting to know the website. We gathered information regarding the site that it runs on PHP and runs JavaScript. It uses WordPress, so we can use WordPress to hack into the website. If we scroll up, we also discovered the web hosting of the website. So, in the worst-case scenarios, we can try to hack into a web hosting server and gain access to our target website.









Sunday, 13 June 2021

Metasploit Framework | How to install metasploit framework in termux

The Metasploit Framework is a powerful tool used by cybersecurity professionals and ethical hackers to test and exploit vulnerabilities in systems. It is a valuable resource for penetration testing and can help identify potential security weaknesses in networks, servers, and applications. If you are interested in learning more about the Metasploit Framework and how to install it, read on for a step-by-step guide.

Step 1: Install termux on your Android device

The first thing you need to do is install termux on your Android device. This is a terminal emulator and Linux environment app that allows you to run various command-line tools, including the Metasploit Framework. You can download termux from the Google Play Store or from the termux website.

Step 2: Update and upgrade termux packages

Once you have termux installed, open the app and run the following command to update and upgrade the packages:

apt update && apt upgrade

This will ensure that you have the latest packages and security updates installed on your device.

Step 3: Install the Metasploit Framework

To install the Metasploit Framework, you will need to use the termux package manager, pkg. Run the following command to install the Metasploit Framework:

pkg install unstable-repo pkg install metasploit

This will install the unstable repository, which is required to install the Metasploit Framework, as well as the Metasploit Framework itself.

Step 4: Start the Metasploit Framework

To start the Metasploit Framework, run the following command:

msfconsole

This will open the Metasploit Framework console, where you can begin using the various tools and commands available.

Step 5: Explore the Metasploit Framework

Now that you have the Metasploit Framework installed and running, you can start exploring all of the various tools and commands available. Some useful commands to try include:

  • show options: Display all of the options and settings for a particular module
  • show exploits: Display a list of available exploits
  • show payloads: Display a list of available payloads
  • use exploit/<exploit name>: Select a particular exploit to use
  • set RHOST <target IP>: Set the target IP address for the exploit
  • set LHOST <local IP>: Set the local IP address for the exploit
  • exploit: Run the exploit

These are just a few examples of the many commands available in the Metasploit Framework

Friday, 11 June 2021

Pre-connection Attack Network Penetration test

Pre-connection Attack

Pre-connection attack is the first part of the network penetration testing. To perform this attack, we will look at the fundamentals like how to show all the networks around us, how to find the details of all the connected devices to a particular network. Once we know about the network and connected devices to it, we can disconnect any device without knowing the password of that device.

Following are the basic steps we will be going through to perform Pre-connection attack:

  1. Wireless Interface in Monitor mode: In this step, we will change the mode of wireless device as Monitor mode.
  2. About airodump-ng: In this step, we will use airodump-ng to list all the network around us and display useful information about them.
  3. Run airodump-ng: In this step, we will see all the devices that are connected to a particular network and collect more information about it.
  4. Deauthenticate the Wireless client: In this step, we can disconnect any device which is shown in the previous step using the aireplay-ng.

Wireless interface in Monitor Mode

This step is used to put your wireless card into Monitor mode. In Monitor mode, your card can listen to every packets that's around us. By default, the mode of wireless devices is set to "Managed" that means our wireless device will only capture packets that have our device's MAC address as the destination MAC. It will only capture packets that are actually directly to my Kali machine.

But we want to capture all the packets that are within our range even if the destination MAC is not our MAC or even without knowing the password of the target device. To do this, we need to set the mode as Monitor mode.

We can use iwconfig to see the wireless interfaces.


In the above image, you can see that the wireless interface wlan0 is in Managed mode. Use the following command to set it in Monitor mode.

Where

  • ifconfig wlan0 down command is used for disabling the Managed mode
  • airmon-ng check kill command is used to kill any process that could interfere with using my interface in monitor mode. After this command, your internet connection will be lost.
  • iwconfig wlan0 mode monitor command is used to enable monitor mode
  • ifconfig wlan0 up command is used to enable the interface
  • iwconfig command shows that the mode is set to Monitor

In the above figure, you can see that the mode is changed as Monitor mode. Now we are able to capture all the Wi-Fi packets that are within our range even if the packets are not directed to our computer or even without knowing the password of the target network.

To do this, we need a program that can capture the packets for us. The program we are going to use is airodump-ng.

About airodump-ng

airdump-ng is used to list all the network around us and display useful information about them. It is a packet sniffer, so it is basically designed to capture all the packets around us while we are in Monitor mode. We can run it against all of the networks around us and collect useful information like the mac address, channel name, encryption type, number of clients connected to the network and then start targeting to the target network. We can also run it against certain AP(access point) so that we only capture packets from a certain Wi-Fi network.

Syntax

  1. airodump-ng [MonitorModeInterface]

First, let's look at how to run the program. In this case, we need our Wi-Fi card in Monitor mode. The name of the our Wi-Fi card is wlan0.


Note: We can press Ctrl + C to stop the following execution.

  • BSSID shows the MAC address of the target network
  • PWR shows the signal strength of the network. Higher the number has better signal
  • Beacons are the frames send by the network in order to broadcast its existence
  • #Data, shows the number of data packets or the number of data frames
  • #/s shows the number of data packets that we collect in the past 10 seconds
  • CH shows the channel on which the network works on
  • ENC shows the encryption used by the network. It can be WEP, OPN, WPA, WPA2
  • CIPHER shows the cipher used in the network
  • AUTH shows the authentication used on the network
  • ESSID shows the name of the network

In the above image, you can show all the wireless networks like Oppo, perfe, Fligh, Ashu, LIFCA, Xiaom, BS1A-YW5 etc and the detailed information about all the network.

Run airodump-ng

In this step, we will run airodump-ng to see all the devices that are connected to a particular network and collect more information about it. Once we have a network to the target, it's useful to run airodump-ng on that network only, instead of running it on all the networks around us.

Currently, we are running airodump-ng on all the networks around us. Now we are going to target the network BS1A-YW5 whose BSSID is 50:C8:E5:AF:F6:33. We are going to sniff on that network only.

To do this, we will be use the same program. The command will be as follows:



Where

  • --bssid 50:C8:E5:AF:F6:33 is the access point MAC address. It is used to eliminate extraneous traffic.
  • --channel 11 is the channel for airodump-ng to snif on.
  • --write test is used to store all the data in a file named as test. It is not mandatory, you can skip this part.
  • wlan0 is the interface name in Monitor mode.

After execution of this command, the following devices will be shown:



Where

  • BSSID of all the devices is same because devices are connected to the same network
  • STATION shows the number of devices that are connected to this network
  • PWR shows the power strength of each of the devices
  • Rate shows the speed
  • Lost shows the amount of data loss
  • Frames show the number of frames that we have captured

After executing this command, we have 3 devices that are connected to the network BS1A-YW5 and all the devices have the same BSSID as 50:C8:E5:AF:F6:33.

Deauthenticate the wireless client

It is also known as deauthentication attacks. These attacks are very useful. These attacks allow us to disconnect any device from any network that is within our range even if the network has encryption or uses a key.

In deauthentication attack, we are going to pretend to be client and send a deauthentication packet to the router by changing our MAC address to the MAC address of the client and tell the router that we want to disconnect from you. At the same time, we are going to pretend to be router by changing our MAC address to the router's MAC address until the client that we are requesting to be disconnected. After this, the connection will be lost. Through this process, we can disconnect or deauthenticate any client from any network. To do this, we will use a tool called aireplay-ng.




First of all, we will run airodump-ng on the target network, because we want to see which clients or devices are connected to it. This time, we will not need the --write option, so we are just going to remove it. After completion the run process of airodump-ng, we are going to disconnect the device with STATION A8:7D:12:30:E9:A4 using the airoplay-ng.

Syntax

  1. aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]

After executing this command, the device whose STATION is A8:7D:12:30, lost the internet connection. We can only connect to the network again when we quit this executing command by pressing Ctrl + C.

Where

  • -deauth is used to tell airplay-ng that we want to run a deauthentication attack and assign 100000 which is the number of packets so that it keeps sending a deauthentication packets to both the router and client and keep the client disconnected.
  • -a is used to specify the MAC address of the router. 50:C8:E5:AF:F6:33 is the target access point.
  • -c specifies the MAC address of the client. A8:7D:12:30:E9:A4 is client's MAC address.
  • wlan0 is the wireless adaptor in Monitor mode.




Post Attacks kali Ethical Hacking

Post-Connection Attacks

All the attacks that we performed in the pre-connection and gaining access section, we weren't connected to a network. In this section, we are going to be talking about post-connection attack that means the attacks that we can do after connecting to the network. Now, it doesn't matter that the network is a wireless or a wired network and it doesn't matter that the target was using the WEP or WPA key, we can launch all of the attacks that we're going to talk about in this section.

In all the previous attacks, we kept our wireless card in monitor mode, so that we could capture any packet that goes in the air. In this section, we're going to use our wireless card in managed mode because we have access to the network, so we really don't need to capture everything, we only want to capture packets that are directed to us.

In this section, we're going to look at the attacks that can perform when we break through the network. Firstly, we're going to use a tool netdiscover to gather all the important information about the network, and that information will help us to launch attacks. It is used to explore all the clients that are connected to a system. After this, we will learn a tool called Zenmap. This tool has a better interface and is more powerful than netdiscover. This tool is used to gather detailed information about all of the clients connected to the same network.

Netdiscover

The netdiscover is a tool which is used to gather all the important information about the network. It gathers information about the connected clients and the router. As for the connected clients, we'll be able to know their IP, MAC address and the operating system, as well as the ports that they have open in their devices. As for the router, it will help us to know the manufacturer of the router. Then we'll be able to look for vulnerabilities that we can use against the clients or against the router if we are trying to hack them.

In the Network penetration testing, we used airodump-ng to discover all the connected clients to the network. In the second part of the airodump-ng output, we learned how we could see the associated clients and their MAC addresses. All these details we can get before we connect to the target access point. Now, after connecting to the network, we can gather much more detailed information about these devices. To do this task, there are a lot of programs, but we're going to talk about two programs. Now start with the simplest and quickest one, netdiscover.

The netdiscover is a quicker and simplest program to use, but it doesn't show very detailed information about the target clients. It'll only show us their IP address, their MAC address, and sometimes the hardware manufacturer. We're going to use it by typing netdiscover, then we are going to use -r, and then we are going to specify the range, which can be any range we want. Looking at the IP (which is 10.0.2.1) tells us which network we are in. We want to discover all the clients that are in this network, so we're going to try and see if there is a device in 10.0.2.1. Then we're going to try 12, 13, 14, 15, 16, up to 254, that's the end of the range. So, to specify a whole range, we can write /24. That means we want 10.0.2.1, and then this IP is just going to increase up to 10.0.2.254, which is the end of the IP range in the network. The command for this is as follows:


Now hit Enter. It will return the output very fast, producing the result shown in the following screenshot:


In the above screenshot, we can see that we have four devices connected to the network. We have their IP address, MAC address, and the MAC Vendor. This method was very quick, and it just shows simple information.

Zenmap

Nmap(Network Mapper) is the second program that we're going to look. It is a huge tool and has many uses. Nmap is used to gather information about any device. Using the Nmap, we can gather information about any client that is within our network or outside our network, and we can gather information about clients just by knowing their IP. Nmap can be used to bypass firewalls, as well as all kinds of protection and security measures. In this section, we're going to learn some of the basic Nmap commands that can be used to discover clients that are connected to our network, and also discover the open ports on these clients.

We're going to use Zenmap, which is the graphical user interface for Nmap. If we type zenmap on the Terminal, we'll bring up the application like this:



In the Target field, we're going to put our IP address. In the Profile drop-down menu, we can have various profiles:



In the Target filed, if you want to gather information of only one IP address, we can just enter that address. We can also enter a range like we did with netdiscover. We're going to enter 198.168.1.1/24. Then we are going to select the Ping scan from the Profile drop-down menu and hit the Scan button:




The preceding scan is kind of a quick scan, but it doesn't show too much information, as we can see in the preceding screenshot. It only shows the connected devices. This scan is very quick. We are able to see the connected devices on the left-hand panel, and we can see their IP addresses, their MAC addresses, and their vendors.

The next scan we're going to learn is the Quick Scan. Now, the Quick scan is going to be slightly slower than the Ping scan. But in Quick scan, we will get more information than the Ping scan. We're going to be able to identify the open ports on each device:


In the above screenshot, we can see that it shows the open ports on each one of the discovering devices. The main router has an open port called 53/tcp. 80/tcp is the port used at the router setting page because it runs on a web server.

Now, let's take a look at the Quick scan plus, which take the Quick scan one step further. It's going to be slower than the Quick scan, but it will show us the programs that are running on the opened ports. So, in Quick scan, we saw that port 80 is open, but we didn't know what was running on port 80, and we saw that port 22 was running, but we didn't know what was running. We knew it was SSH, but we don't know what SSH server was running on that port.

So again, Quick scan plus will take longer than Quick scan, but it will gather more information, as shown in the following screenshot:




In the preceding screenshot, we can see that we have a Linux device connected. We can see that the operating system of the device is connected and that it also got us the version for the programs. In Quick scan, we only knew that port 22 was open but now we know that it's running, and the server is OpenSSH 4.7. Now we know that it was Apache HTTP server 2.2.8 and it was a Linux device. We can go ahead and look for exploits and vulnerabilities.





Programing enviroment in Termux

Programing enviroment in Termux




 Make a programming environment


We can install some programming languages like Python, C, Ruby, etc on Termux. 


Python


Python is the most used scripting language in hacking and penetration testing. We use it to automate stuff and build tools. Also, Python is highly used in mashing learning.

apt-get install python


C


C language is the core language of many other programming languages. You can learn computer architecture deeply if you get a good knowledge of C.

apt-get install clang


Ruby


If you want to install Metasploit on termux you need Ruby. Because MSF is coded in Ruby.

apt-get install ruby


Assembly


If you are planning to learn  hacking, Assembly is a must to learn. I suggest you write codes in C, Then disassemble them and learn Assembly.

apt-get install binutils


Turn your phone into a web server


You may know that using Python you can build a simple HTTP server. If you don't know about that read our python simple HTTP server tutorial.

You may use the following command to server on port 4444.

python -m SimpleHTTPServer 4444

Actually we install the apache server on your termux environment. Not only apache, PHP, and python also can be installed. So you can run a fully functional web server on your phone.


Some useful tools to install


Linux man pages


These are the Linux manual pages for programmers. There are hundreds of documents explaining various API s and tools. For example, if we want to know about the read() function in C you can just type "man read". It will open a page explaining how to work with read function.

You may install the manual pages with the following command.

apt-get install man


Nano editor


This is a simple text editor that can be used in the terminal. We use this tool often in Linux programming and text editing stuff. In the following image, you can see a screenshot of the nano editor.


Thursday, 10 June 2021

IP-Tracer

 IP-Tracer


What is IP-Tracer ?

IP-Tracer is used to track an ip address. IP-Tracer is developed for Termux and Linux based systems. you can easily retrieve ip address information using IP-Tracer. IP-Tracer use ip-api to track ip address.




How to install IP-Tracer ?


$ apt update


$ apt install git -y


$ git clone https://github.com/rajkumardusad/IP-Tracer.git


$ cd IP-Tracer


$ chmod +x install


$ sh install or ./install


How to use IP-Tracer

trace -m to track your own ip address.

trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1

trace for more information.

OR

ip-tracer -m to track your own ip address.

ip-tracer -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1

ip-tracer for more information.


CYBER-SCAN

CYBER-SCAN



CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)


Installation :


$ apt update && apt upgrade


$ apt install git 


$ apt install python2


$ apt install python


$ git clone https://github.com/medbenali/CyberScan.git


$ cd CyberScan


usage :


$ python2 CyberScan.py -v


$ CyberScan -h


We can perform ping operations with several protocols using CyberScan

The fastest way to discover hosts on a local Ethernet network


is to use ARP:


$ python2 CyberScan -s 192.168.1.0/24 -p arp


In case when ICMP echo requests are blocked, we can still use TCP:


$ CyberScan -s 192.168.1.105 -p tcp -d 80


192.168.1.105 = target IP.