Code With Python
@DataScience4
39.2K subscribers
886 photos
27 videos
22 files
769 links
This channel delivers clear, practical content for developers, covering Python, Django, Data Structures, Algorithms, and DSA – perfect for learning, coding, and mastering key programming skills.
Admin: @HusseinSheikho || @Hussein_Sheikho
Download Telegram
About
Blog
Apps
Platform
Join
Code With Python
39.2K subscribers
Code With Python
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 ...
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
    inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic eth0

---
#CyberSecurity #WebSecurity #Vulnerability

#11. curl
A tool to transfer data from or to a server, using various protocols. Essential for interacting with web APIs and inspecting HTTP headers.

curl -I https://example.com

HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Fri, 27 Oct 2023 10:00:00 GMT
Server: ECS (dcb/7F83)
Content-Length: 648


#12. gobuster
A fast tool used to brute-force URIs (directories and files), DNS subdomains, and virtual host names.

gobuster dir -u https://example.com -w /usr/share/wordlists/dirb/common.txt

===============================================================
Gobuster v3.5
===============================================================
[+] Url:                     https://example.com
[+] Threads:                 10
[+] Wordlist:                /usr/share/wordlists/dirb/common.txt
===============================================================
/index.html           (Status: 200) [Size: 1256]
/images               (Status: 301) [Size: 178] -> https://example.com/images/
/javascript           (Status: 301) [Size: 178] -> https://example.com/javascript/


#13. nikto
A web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs.

nikto -h https://scanme.nmap.org

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          45.33.32.156
+ Target Hostname:    scanme.nmap.org
+ Target Port:        80
+ Start Time:         ...
---------------------------------------------------------------------------
+ Server: Apache/2.4.7 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ OSVDB-3233: /icons/README: Apache default file found.


#14. sqlmap
An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws.

sqlmap -u "https://testphp.vulnweb.com/listproducts.php?cat=1" --dbs

...
available databases [2]:
[*] information_schema
[*] acuart


#15. whatweb
Identifies different web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.

whatweb scanme.nmap.org

https://scanme.nmap.org [200 OK] Apache[2.4.7], Country[UNITED STATES], HTTPServer[Ubuntu Linux][Apache/2.4.7 ((Ubuntu))], IP[45.33.32.156], Script, Title[Go ahead and ScanMe!], Ubuntu

---
#CyberSecurity #PasswordCracking #Exploitation

#16. John the Ripper (john)
A fast password cracker, currently available for many flavors of Unix, Windows, DOS, and OpenVMS.

# Assume 'hashes.txt' contains 'user:$apr1$A.B.C...$...'
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Using default input encoding: UTF-8
Loaded 1 password hash (md5crypt, 32/64 OpenSSL)
Press 'q' or Ctrl-C to abort, almost any other key for status
password123      (user)
1g 0:00:00:01 DONE (2023-10-27 10:15) 0.9803g/s 1234p/s 1234c/s
Session completed


#17. hashcat
An advanced password recovery utility that can crack a wide variety of hash types using multiple attack modes (dictionary, brute-force, mask).

# -m 0 = MD5 hash type
hashcat -m 0 -a 0 hashes.md5 /usr/share/wordlists/rockyou.txt
378 views