My Hacking Commands
Change the dns file resolution to the local machine
sudo nano /etc/hostsffuf
ffuf is a fast web fuzzer written in Go. It is used to fuzz web applications and can be used for both content discovery and directory fuzzing
To use ffuf for directory fuzzing, you can use the following command:
ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txtThis command will fuzz the URL
http://example.com/FUZZusing the wordlist/path/to/wordlist.txtffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -e .php,.htmlThis command will fuzz the URL
http://example.com/FUZZand will append the extensions.phpand.htmlto the wordlist entriesffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt recursion-depth 2This command will fuzz the URL
http://example.com/FUZZand will recursively fuzz the found directories up to a depth of 2ffuf -u http://example.com/FUZZ -w /path/to/wordlist.txt -recursion-depth 2 -e .php,.htmlThis command will fuzz the URL
http://example.com/FUZZand will recursively fuzz the found directories up to a depth of 2 and will append the extensions.phpand.htmlto the wordlist entries
wfuzz
wfuzz is a web application fuzzer that allows you to fuzz web applications for vulnerabilities such as SQL injection, XSS, and more. It is written in Python and is highly customizable.
To use wfuzz for directory fuzzing and content discovery, you can use the following command:
fuzz -c -u http://example.com/login.php -d "username=admin&password=FUZZ" -w /path/to/wordlist.txtThis command will fuzz the POST parameter
passwordin the URLhttp://example.com/login.phpwith the wordlist/path/to/wordlist.txtwfuzz -c -z file/path/to/wordlist.txt http://example.com/FUZZThis command will fuzz the URL
http://example.com/FUZZusing the wordlist/path/to/wordlist.txtwfuzz -c -z file,/path/to/wordlist.txt -t 10 http://example.com/FUZZThis command will fuzz the URL
http://example.com/FUZZusing the wordlist/path/to/wordlist.txtwith 10 threadswfuzz -c -z file,/path/to/wordlist.txt --hc 404 http://example.com/FUZZThis command will fuzz the URL
http://example.com/FUZZusing the wordlist/path/to/wordlist.txtand will ignore 404 responses
nmap
nmap is a powerful network scanning tool that can be used to discover hosts and services on a network. It is commonly used for security auditing and network inventory.
To use nmap for host discovery and port scanning, you can use the following command:
nmap -sn targetThis command will perform a ping scan on the target host to discover live hosts
nmap -sS -p 1-65535 -T4 -A -v targetThis command will perform a SYN scan on all ports, use aggressive scanning options, and provide verbose output for the target host
gobuster
gobuster is a tool used for directory and file brute-forcing. It is commonly used for content discovery and directory fuzzing.
to use gobuster for directory fuzzing and content discovery, you can use the following command:
gobuster dir -u http://example.com -w /path/to/wordlist.txtThis command will fuzz the URL
http://example.comusing the wordlist/path/to/wordlist.txtgobuster dir -u http://example.com -w /path/to/wordlist.txt -x .php,.htmlThis command will fuzz the URL
http://example.comand will append the extensions.phpand.htmlto the wordlist entriesgobuster dir -u http://example.com -w /path/to/wordlist.txt -rThis command will fuzz the URL
http://example.comand will follow redirectsgobuster dir -u http://example.com -w /path/to/wordlist.txt -t 10This command will fuzz the URL
http://example.comusing 10 threads
hydra
hydra is a password-cracking tool that can be used to perform online password attacks against various services. It supports a wide range of protocols and services, including HTTP, FTP, SSH, and more.
To use hydra for password cracking, you can use the following command:
hydra -l username -P /path/to/wordlist.txt target_ip serviceThis command will perform a password cracking attack against the target IP address
target_ipusing the usernameusernameand the wordlist/path/to/wordlist.txtfor the specified servicehydra -L /path/to/usernames.txt -P /path/to/wordlist.txt target_ip serviceThis command will perform a password cracking attack against the target IP address
target_ipusing the usernames in the file/path/to/usernames.txtand the wordlist/path/to/wordlist.txtfor the specified servicehydra -l username -P /path/to/wordlist.txt target_ip -s port serviceThis command will perform a password cracking attack against the target IP address
target_ipon the specified port using the usernameusernameand the wordlist/path/to/wordlist.txtfor the specified service
searchsploit
searchsploit is a command-line search tool for Exploit Database, which is a repository of exploits and vulnerable software. It allows you to search for exploits based on software name, version, and other criteria.
To use searchsploit, you can use the following command:
searchsploit software_nameThis command will search for exploits related to the software
software_namesearchsploit -t software_nameThis command will search for exploits related to the software
software_nameand display the title of the exploitsearchsploit -x exploit_idThis command will display the contents of the exploit with the ID
exploit_idsearchsploit -m exploit_idThis command will copy the exploit with the ID
exploit_idto the current directory
metasploit
Metasploit is a penetration testing framework that allows you to develop, test, and execute exploit code against a remote target. It provides a wide range of tools and modules for various stages of the penetration testing process.
To use Metasploit, you can use the following commands:
msfconsoleThis command will start the Metasploit console
use exploit_nameThis command will select the exploit module
exploit_nameset RHOST target_ipThis command will set the remote host IP address to
target_ipset RPORT target_portThis command will set the remote host port to
target_portset LHOST local_ipThis command will set the local host IP address to
local_ipexploitThis command will execute the selected exploit against the target host
runThis command will run the selected exploit against the target host