The Script Community



The Script Community is for hacking enthusiasts to share their knowledge.


Learning Resources

Hacking Course - Network Penetration Testing HackTheBox TryHackMe E-Books Library of tools from Kali Linux OS W3schools freeCodeCamp CodeAcademy Course 1 Course 2

Python Learning


JavaScript Basics


HTML Basics


Osint

Section by Nasus

Open source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. This can be used to learn more about your targets

Reverse Image Lookup Mac Address Lookup EXIF Data Database Lookup IP Lookup Archive.org

Denial of Service

Disclaimer

This is not DDoS. You have to distribute this code amongst a botnet for it to actually do damage. It only works against websites.


A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to render a computer or other device unavailable to its intended users by interrupting the device's normal functioning. DoS attacks typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to addition users. A DoS attack is characterized by using a single computer to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack.


Website HTTP Flooder

Passwords

A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity.

A strong password should be minimum 8 characters long and consist of lowercase, uppercase, numbers and symbols


Password Generator (Python) haveibeenpwned (Python | Request) by Nasus

Nasus hasn't made a cracker yet, so he recommends Vanhauser's, and Openwall's.


ID Creation Time

Channels, users, servers and categories have IDs also known as snowflakes. You can easily calculate when that item was created.

ID Creation Time (Python) by Nasus


Keylogging

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.


Keylogger (Python | pynput) by Nasus


CУБΞЯC's Recommendations

Advanced Key Logger (Python) Decryptor (Python) Requirements (TXT) all by CУБΞЯC.


Nitrologging | Tokenlogging (VI)

Try these links from CУБΞЯC and Nasus

Delgan MetaChris wodxgod It's Vichy KLDiscord Monst3red Alphalius's Rage BillyTheGoat356's Riot BillyTheGoat356's Plague BillyTheGoat356's Rage NotSaksh ECriminal Verlox KanekiWeb

Discord Injector (WCBandit) Discord Token Stealer Malware Protection (ZaikoARD) Uvipen's ASCII Generator

Tutorial

Other Scripts

Nitro Generator

Disclaimer

Note that an actual working key would take over a billion years to find.

Nitro Generator (Python) Nitro Verify (Python) by nasus


Phishing

MyShraidar

Source = Wikipedia

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted.
As of 2020, phishing is by far the most common attack performed by cybercriminals

Types of Phishing

Email Phishing

Most phishing messages are delivered by email, and are not personalized or targeted to a specific individual or company–this is termed "bulk" phishing


Spear Phishing

Spear phishing involves an attacker directly targeting a specific organization or person with tailored phishing communications. This is essentially the creation and sending of emails to a particular person to make the person think the email is legitimate. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.


Clone Phishing

Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.


SMS Phishing

SMS phishing or smishing is conceptually similar to email phishing, except attackers use cell phone text messages to deliver the "bait". Smishing attacks typically invite the user to click a link, call a phone number, or contact an email address provided by the attacker via SMS message. The victim is then invited to provide their private data; often, credentials to other websites or services.


Voice Phishing

Attackers will dial a large quantity of telephone numbers and play automated recordings - often made using text to speech synthesizers - that make false claims of fraudulent activity on the victim's bank accounts or credit cards. The calling phone number will be spoofed to show the real number of the bank or institution impersonated. The victim is then directed to call a number controlled by the attackers, which will either automatically prompt them to enter sensitive information in order to "resolve" the supposed fraud, or connect them to a live person who will attempt to use social engineering to obtain information.


Google Dorking

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google dorking could also be used for OSINT (Open Source Intelligence). This can be used to find information that was made public on accident. You can find more information about your targets this way.


Basics of Google Dorking

Tutorial (Found by Nasus)

"search string" - web pages that contain the exact same string

string | string - between queries will return results for each string

site: wikipedia.org - search for certain words on a website

-site: wikipedia.org - do not show results for a website


The website above contains a list of the most usefull queries. This can be very entertaining: finding public cameras, password lists, peoples files and passwords, gov documents, admin panels

inurl:"view.shtml" "Network Camera" - find network cameras

?intitle:index.of? mp3 artist_name - find mp3 files of songs

intitle:"index of" inurl:ftp -find exposed FTP servers

filetype:txt inurl:"email.txt" - email lists (I found gov emails)

allintext:username filetype:log - find usernames and password logfiles

intitle:"Index of..etc" passwd - Linux machines with directory exposed

index of any-show-name - Find shows and movies for free

ethical hacking site:drive.google.com - Find free courses

index of software-name - Find free software

ext:log “Software: Microsoft Internet Information Services *.*” - Microsoft ISS server logs (online activity)


Wi-Fi Hacking

Section by Nasus

Wireshack is a network protocol analyzer used to capture traffic.

Putting your adapter in Monitor mode, or RFMON mode, allows a computer with a wireless network interface controller to monitor all traffic received on a wireless channel. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point

Buy a WiFi Adapter that supports Monitor Mode. The most recommended brand is Alfa for WiFi Adapters.

Tools

Alla Network AWUS036NH & Alla Network 1000 mW AWUS036H.


Tutorial


® AT Products 2019-2022