Disclaimer

We do not take responsibility for any damage, or legal issues, done with these files here at AT Products LLC, Ethical Hacking Society, The Script Community, CodingHome, or Noodle Hackerspace.

Use a virtual machine if it's a computer virus; never open it on your physical machine. As a precaution, download them on your VM.

If it's an APK file, use an emulator.

More information on Virtual Machines (VM)
More information on APK Emulators


Learning Resources

Hacking Course - Network Penetration Testing HackTheBox TryHackMe E-Books Library of tools from Kali Linux OS W3schools freeCodeCamp CodeAcademy Course 1 Course 2



Python Basics

Comments

You can write text that the program will ignore by beginning the line with a #, this helps with reminding you what certain code does or for explaining purposes.

# This is a comment

Data Types

Variables can store data of different types, and different types can do different things.

Python has the following data types built-in by default, in these categories:
Text Type: str
Numeric Types: int, float, complex
Sequence Types: list, tuple, range
Mapping Type: dict
Set Types: set, frozenset
Boolean Type: bool
Binary Types: bytes, bytearray, memoryview

We will go more in-depth on some of these types in the next few paragraphs.

You can print the data type of a variable with the type() function:
x = 5
print(type(x))

Strings

Strings are surrounded by either single quotation marks, or double quotation marks.

x = "hello"
y = 'hello'
# single quotations and double quotation marks are the same
x == y # returns True

You can assign a multiline string to a variable by using three quotes:
x = """The FitnessGram Pacer test is a multistage aerobic capacity test that progressively gets more difficult as it continues. The 20 meter Pacer test will begin in 30 seconds."""

You can check the length of a string using the len() function: py
x = "hello"
print(len(text)) # returns 5

Numbers

There are 2 primary, int and float

py
x = 2 # int
y = 2.8 # float

To verify the type of an object in Python, use the type() function: py
print(type(x))
print(type(y))

Int, or integers, are whole numbers, positive or negative, without decimals.

Float is a number, positive or negative, containing one or more decimals.

Both strings and numbers are built-in data types.


JavaScript Basics


HTML Basics

Example Document

<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<h1> This is a heading </h1>
<p> This is text </p>
<a href="https://example.com">This is a link</a>
<img src="at.png" width="99.99% alt="Example Image">
</body>
</html>

We got to first lay down the very first thing to know. The <!DOCTYPE html> tag represents the Document Type and helps some browsers display correctly with your website, must only be used once. Some elements do need a closing tag, like </center>.

The <head> tag is needed to represent the head of the website. The <body> tag is the same thing, but it's the body.

HTML Text

Some elements are meant to show text like <text>, and <p>.

<p> This is text </p>

HTML Headings

The <h> tag has 6 different sizes, from <h1> to <h6>.

1 is the hugest, to 6 is the smallest.

<h1> This is a heading </h1>

HTML Images

The <img> tag is to show a image. The width or height description can be used by pixels or percentages by displays. The alt tag shows up when the image doesn't load or can't load, it shows the description.

<img src="at.png" width="99.99% alt="Example Image">


OSINT

Section by Nasus

Open source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. This can be used to learn more about your targets

Reverse Image Lookup Mac Address Lookup EXIF Data Database Lookup IP Lookup Archive.org


Denial of Service

Disclaimer

This is not DDoS. You have to distribute this code amongst a botnet for it to actually do damage. It only works against websites.


A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device's normal functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to addition users. A DoS attack is characterized by using a single computer to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack.


Website HTTP Flooder

Passwords

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity.

A strong password should be minimum 8 characters long and consist of lowercase, uppercase, numbers and symbols


Password Generator (Python) haveibeenpwned (Python | Request) by Nasus

Nasus hasn't made a cracker yet, so he recommends Vanhauser's, and Openwall's.


ID Creation Time

Channels, users, servers and categories have IDs also known as snowflakes. You can easily calculate when that item was created.

ID Creation Time (Python) by Nasus


Keylogging

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.


Keylogger (Python | pynput) by Nasus


CУБΞЯC's Recommendations

Advanced Key Logger (Python) Decryptor (Python) Requirements (TXT) all by CУБΞЯC.


Nitrologging | Tokenlogging

Try these links from CУБΞЯC and Nasus

Delgan MetaChris wodxgod It's Vichy KLDiscord Monst3red Alphalius's Rage BillyTheGoat356's Riot BillyTheGoat356's Plague BillyTheGoat356's Rage NotSaksh ECriminal Verlox KanekiWeb

Discord Injector (WCBandit) Discord Token Stealer Malware Protection (ZaikoARD) Uvipen's ASCII Generator


Other Scripts

Disclaimer

Note that an actual working key would take over a billion (10^6) years to find.


Nitro Generator (Python) Nitro Verify (Python) by nasus


Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted.
As of 2020, phishing is by far the most common attack performed by cybercriminals

Most phishing messages are delivered by email, and are not personalized or targeted to a specific individual or company–this is termed "bulk" phishing.

Spear phishing involves an attacker directly targeting a specific organization or person with tailored phishing communications. This is essentially the creation and sending of emails to a particular person to make the person think the email is legitimate. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.

Whaling is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.

Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.

SMS phishing or smishing is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the "bait". Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services.

Attackers will dial a large quantity of telephone numbers and play automated recordings - often made using text to speech synthesizers - that make false claims of fraudulent activity on the victim's bank accounts or credit cards. The calling phone number will be spoofed to show the real number of the bank or institution impersonated. The victim is then directed to call a number controlled by the attackers, which will either automatically prompt them to enter sensitive information in order to "resolve" the supposed fraud, or connect them to a live person who will attempt to use social engineering to obtain information.

Google Dorking

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT (Open Source Intelligence). This can be used to find information that was made public on accident. You can find more information about your targets this way. This can be very entertaining: finding public cameras, password lists, peoples files and passwords, gov documents, admin panels, and much more.


Basics of Google Dorking

"search string" - web pages that contain the exact same string

string | string - between queries will return results for each string

site: wikipedia.org - search for certain words on a website

-site: wikipedia.org - do not show results for a website

inurl:"view.shtml" "Network Camera" - find network cameras

?intitle:index.of? mp3 artist_name - find mp3 files of songs

intitle:"index of" inurl:ftp - find exposed FTP servers

filetype:txt inurl:"email.txt" - email lists (Government emails can be found)

filetype:ppt gulf war - find supported files

allintext:username filetype:log - find usernames and password logfiles

intitle:"Index of..etc" passwd - Linux machines with directory exposed

index of any-show-name - Find shows and movies for free

ethical hacking site:drive.google.com - Find free courses

index of software-name - Find free software

ext:log “Software: Microsoft Internet Information Services *.*” - Microsoft ISS server logs (online activity)


Wi-Fi Hacking

Section by Nasus

Wireshark is a network protocol analyzer used to capture traffic.

Putting your adapter in Monitor mode, or RFMON mode, allows a computer with a wireless network interface controller to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point

Buy a WiFi Adapter that supports Monitor Mode. The most recommended brand is Alla for WiFi Adapters.

Tools

Alla Network AWUS036NH & Alla Network 1000 mW AWUS036H.


Tutorial