├── Bug-Bounty-Course.md
├── Day1.md
├── Hacking QA.md
├── README.md
├── Should i learn webDev before starting bug bounties if yes how much.md
├── awk.md
├── curl.md
├── cut.md
├── cut.txt
├── dig.md
├── few_more_tools.md
├── find_command_notes.md
├── getting_started_in_bug_bounties.md
├── grep.md
├── linux-commands-Snapsec.md
├── nmap.md
├── sed.md
├── ssh.md
├── top_open_ports.txt
└── what are some good resources for XSS.md


/Bug-Bounty-Course.md:
--------------------------------------------------------------------------------
 1 | # Course Content
 2 | 
 3 | This is the content that i am going to produce for my bug bounty course
 4 | 
 5 | 
 6 | __Course Name__: Bug Bounty - Thought Porcess
 7 | 
 8 | - __Content:__
 9 | 
10 |     - What is Bug Bounties
11 |     - The two ways of gettings started
12 |     - The developer Perespective of vulnerabilites
13 |     - Example of Reflected XSS Vulnerability from an developer prespective
14 |     - Focus on your methodology
15 |     - Master of None is master of All
16 |     - Consistency is the key
17 |     - How to find your first bug
18 | 
19 | 
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/Day1.md:
--------------------------------------------------------------------------------
  1 | 
  2 | ## LFI (Local File Inclusion)
  3 | 
  4 | 
  5 | #### Methodology
  6 | 
  7 | - Identify the input Location
  8 | - add parameter to `/etc/passwd`
  9 | - If Error, Start Appending `../` at the beginning of the payload
 10 | - Continue till 10-20 `../../../../../`
 11 | - If Nothing works, Try above mentioned Encoding Techniques.
 12 | 
 13 | 
 14 | __Vulenrable Parameeters__
 15 | 
 16 | ```js
 17 | ?cat={payload}
 18 | ?dir={payload}
 19 | ?action={payload}
 20 | ?board={payload}
 21 | ?date={payload}
 22 | ?detail={payload}
 23 | ?file={payload}
 24 | ?download={payload}
 25 | ?path={payload}
 26 | ?folder={payload}
 27 | ?prefix={payload}
 28 | ?include={payload}
 29 | ?page={payload}
 30 | ?inc={payload}
 31 | ?locate={payload}
 32 | ?show={payload}
 33 | ?doc={payload}
 34 | ?site={payload}
 35 | ?type={payload}
 36 | ?view={payload}
 37 | ?content={payload}
 38 | ?document={payload}
 39 | ?layout={payload}
 40 | ?mod={payload}
 41 | ?conf={payload}
 42 | ```
 43 | 
 44 | ### Payloads
 45 | __Primary Payload__
 46 | ```
 47 | file=/etc/passwd
 48 | ```
 49 | 
 50 | __Other Techniques__
 51 | ```
 52 | http://targetserver.com/load.php?page=../../../../../etc/passwd
 53 | http://targetserver.com/load.php?page=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
 54 | http://targetserver.com/load.php?page=../../../../../etc/passwd%00   -->For Extension Filters
 55 | http://targetserver.com/load.php?page=../../../../../etc/passwd%2500 -->For Extension Filters
 56 | http://targetserver.com/load.php?page=..\..\..\..\..\etc\passwd%00
 57 | http://targetserver.com/load.php?page=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://targetserver.com/load.php?page=/etc/passwd/../../../../../../../../../../../../../../../../../..
 58 | http://some.domain.com/static/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd
 59 | http://example.com/index.php?page=..%252f..%252f..%252fetc%252fpasswd
 60 | http://example.com/index.php?page=..%c0%af..%c0%af..%c0%afetc%c0%afpasswd
 61 | http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd
 62 | http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00
 63 | ```
 64 | 
 65 | __some filter check whether the value of page= starts with /public or not if no they will block the request__
 66 | ```
 67 | http://targetserver.com/load.php?page=/public/../../../../../../../../etc/passwd
 68 | ```
 69 | 
 70 | 
 71 | __Encodings__
 72 | ```js
 73 | URl encoding
 74 | Double encoding
 75 | 16-unicode encoding
 76 | overlong UTF-8 Encoding
 77 | ```
 78 | 
 79 | __Windows__
 80 | ```
 81 | http://targetserver.com/load.php?page=../../../windows.ini
 82 | ```
 83 | 
 84 | 
 85 | 
 86 | # File Upload
 87 | 
 88 | - Upload php
 89 | - Upload Different Version .php2 , .php3
 90 | - Upload html file
 91 | - Upload .phP
 92 | - Upload .PHP
 93 | - Upload .svg
 94 | - Remove Cookies from Upload Request
 95 | - Upload file.php.png
 96 | - Change content-type of request to accepted files content type
 97 | - Change Magic Byte of File to Accepted file
 98 | 
 99 | 
100 | __If you can upload any random Extension but cannot execute the code__
101 | 
102 | - Create a new file `.htaccess` with the content
103 | ```
104 | AddType application/x-httpd-php .lol
105 | ```
106 | 
107 | - Upload `.htaccess` to folder
108 | - now upload `shell.lol` to the same folder
109 | 
110 | 
111 | __Content-Type__
112 | 
113 | ```
114 | image/gif
115 | text/html
116 | application/xml
117 | image/x-icon
118 | image/jpeg
119 | image/svg+xml
120 | application/json
121 | image/png
122 | application/xhtml+xml
123 | application/x-shockwave-flash
124 | application/zip
125 | application/javascript
126 | application/x-bzip
127 | text/css
128 | text/csv
129 | video/3gpp
130 | ```
131 | 


--------------------------------------------------------------------------------
/Hacking QA.md:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | ## Q:__How to Get started in Bug Bounties__
 4 | 
 5 | To be honest, Its important to learn som basic stuff before actually start hacking things.
 6 | 
 7 | - Learn Some Basic Web Developing Programming like (HTML,Javascripts and PHP)
 8 | - Learn Some Basic networking concepts like (TCP/IP,DNS,CDN's etc)
 9 | - Learn How Browsers work (SOP,CSP, etc)
10 | - Then Start reading "Web Hacking Handbook" and "OWASP Testing Guide"
11 | - Then Join One of the Hacking Playforms (Hackerone or BugCorwd)
12 | 
13 | I have created an roadmap to be fallowed if you are new to bug bounties, Have a look at it here
14 | https://github.com/imran-parray/Bug-Bounty-Resources/blob/master/README.md
15 | 
16 | 
17 | TIP: Always remember you need to learn basic things first then move to actualy hacking stuff.
18 | 
19 | Hope this helps , Your Mentor  
20 | 
21 | 
22 | ## Q:__Resources__
23 | 
24 | Finish all of this and you will rock the stage
25 | https://github.com/imran-parray/Bug-Bounty-Resources/blob/master/README.md
26 | 
27 | Regarding Books, I think you should start reading 
28 | - Owasp Testin guide 
29 | - Web hacking Handbook
30 | - Web Hacking 101
31 | 
32 | Then Read some reports on Hackerone and try to find the same bugs on other bounty programs as well
33 | Hope this helps , Your Mentor  
34 | 
35 | 
36 | ## Q:__I Know hacking But i Couldn't Find Bugs__
37 | 
38 | If you know how to Find bugs but you havn't found alot of bugs yet. Let me tell you somethig 
39 | "The master of all is the master of none" . As far my personal openion it important to master atleast one bug and have basic
40 | knowledge about all other bugs.
41 | 
42 | So master atleast one bug and have moderate knowledge about other bugs.
43 | 
44 | Hope this helps , Your Mentor  
45 | 
46 | 
47 | 
48 | ## Q:__Do i use kali linux or is kali best for hacking__
49 | 
50 | to be honest kali is a nice OS but its not necessary to user Kali for Hacking. Even i found most of the tools useless which are
51 | preinstalled on kali linux. The most important tools for hacking web apps are "Browsers" and "Burpsuite". So i would suggest you 
52 | to start with any OS (kali or Non-Kali). 
53 | 
54 | Hope this helps , Your Mentor  
55 | 
56 | 
57 | 
58 | ## Q:__I am a developer and Want to find bugs__
59 | 
60 | That great, As you already good knowledge about Web development its going to alot beneficial for you while hacking web apps.
61 | All you have to do is start reading some of the Bugs and try to replicate the same process on Bug Bounty targets.
62 | 
63 | I would recomeded you by start reading the fallowing books 
64 | (You can fallow any order)
65 | 
66 | - Owasp Testing guide 
67 | - Web hacking Handbook
68 | - Web Hacking 101
69 | 
70 | TIP: Dont stuck too much with reading process, Keep reading new stuff and keep applying it at the same time.
71 | 
72 | Hope this helps , Your Mentor  
73 | 
74 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## Someone Needs Help
2 | 
3 | People do ask me alot of questions, and everytime someone does that i post an answer to his question into this reporsitory, so that he can revisit the link if he needed to.
4 | 


--------------------------------------------------------------------------------
/Should i learn webDev before starting bug bounties if yes how much.md:
--------------------------------------------------------------------------------
 1 | # Web Development
 2 | 
 3 | ## Front End
 4 | 
 5 | #### HTML and CSS
 6 | 
 7 | <https://www.youtube.com/playlist?list=PLgGbWId6zgaWZkPFI4Sc9QXDmmOWa1v5F&fbclid=IwAR1NzU2xu_am1wU-YAd-waI-bvP5rn3zhH4fUXVtSyS9Kvxr48rLqF3K66Q>
 8 | 
 9 | #### CSS (one video)
10 | 
11 | <https://m.youtube.com/watch?v=1PnVor36_40>
12 | 
13 | #### Javascripts
14 | 
15 | <https://m.youtube.com/playlist?list=PLsyeobzWxl7qtP8Lo9TReqUMkiOp446cV>
16 | 
17 | #### Bootstrap (one video)
18 | 
19 | <https://m.youtube.com/watch?v=hnCmSXCZEpU>
20 | 
21 | ## BackEnd
22 | 
23 | #### php
24 | <https://m.youtube.com/playlist?list=PL4cUxeGkcC9gksOX3Kd9KPo-O68ncT05o>
25 | 


--------------------------------------------------------------------------------
/awk.md:
--------------------------------------------------------------------------------
  1 | sed & awk
  2 | ========
  3 | 
  4 | 
  5 | 
  6 | For command lines, the syntax is:
  7 | ------------------------------------
  8 |     awk ’instructions’ files
  9 | 
 10 | 
 11 | using script file 
 12 | ------------------
 13 | 
 14 |     awk -f scfl file 
 15 | 
 16 | 
 17 | 
 18 | variables 
 19 | ---------
 20 | 
 21 |     $0     — while document 
 22 |     $1     — field one 
 23 |     $2    — field two
 24 |     ...
 25 |     ...
 26 | 
 27 | 
 28 | 	awk regex 
 29 | 	awk ‘/pattern/‘ file 
 30 | 
 31 | 
 32 |     awk '/line/' file                                     
 33 |     second line                                                          
 34 |     line three                                                           
 35 |     line four                                                            
 36 |     line five                                                            
 37 |     line six     
 38 | 
 39 | 
 40 | 
 41 | adding command to the awk 
 42 | ------------------------------------
 43 | 	
 44 | 	
 45 | 	iPad:~# awk '/line/' file                                     
 46 | 	second line                                                          
 47 | 	line three                                                           
 48 | 	line four                                                            
 49 | 	line five                                                            
 50 | 	line six                                                             
 51 | 	    
 52 | 	
 53 | 	Imrans-iPad:~# awk '/line/{print }' file                           
 54 | 	line                                                                 
 55 | 	three                                                               
 56 | 	four                                                                 
 57 | 	five                                                                 
 58 | 	six                                                                  
 59 | 	Imrans-iPad:~# 
 60 | 
 61 | 
 62 | 
 63 | 
 64 | 
 65 | 
 66 | changing field seperator 
 67 | ------------------------------------
 68 | 
 69 | 	Imrans-iPad:~# echo im/mm/jj | awk -F/ '/jj/{print $2}'              
 70 | 	mm   
 71 | 
 72 | 
 73 | 
 74 | 	multiple statements on data 
 75 | ------------------------------------
 76 | 
 77 | 	Imrans-iPad:~# echo '                                                
 78 | 	
 79 | 	> imran,nazir,parray                                                 
 80 | 	> mubashir,mehraj,dar                                                
 81 | 	> zubair,fayaz,mir' | awk -F, '{print ;print }'                  
 82 | 	
 83 | 	imran                                                                
 84 | 	parray                                                               
 85 | 	mubashir                                                           	
 86 | 	dar                                                                  
 87 | 	zubair                                                               
 88 | 	mir            
 89 | 
 90 | 
 91 | 
 92 | 
 93 | combining sed and awk 
 94 | -------------------------
 95 | 
 96 | 
 97 | 	Imrans-iPad:~# cat ff                                                
 98 | 	l1 f1 f2 f3                                                          
 99 | 	l2 f1 f2 f3                                                          
100 | 	l3 f1 f2 f3   
101 | 
102 | 	Imrans-iPad:~# cat ff | sed -e 's/1/one/' -e 's/2/two/'              
103 | 	lone f1 ftwo f3                                                      
104 | 	ltwo fone f2 f3                                                      
105 | 	l3 fone ftwo f3                            
106 |                           
107 | 	Imrans-iPad:~# cat ff | sed -e 's/1/one/' -e 's/2/two/' | awk '{print $2}'                                                                
108 | 	f1                                                                   
109 | 	fone                                                                 
110 | 	fone   
111 | 


--------------------------------------------------------------------------------
/curl.md:
--------------------------------------------------------------------------------
  1 | cURL
  2 | ====
  3 | 
  4 | 
  5 | __GET request__
  6 | ```console
  7 | curl http://example.com/posts/3
  8 | ```
  9 | 
 10 | 
 11 | __Show only head of the response__
 12 | ```console
 13 | curl --head http://www.example.com/posts/3				 
 14 | ```
 15 | 
 16 | __Save the Output to output.txt file__
 17 | ```console
 18 | curl -o output.txt http://www.example.com/posts/3			 
 19 | ```
 20 | 
 21 | 
 22 | __Download the Remote File__
 23 | ```console
 24 | curl -O http://www.example.com/posts/3					 
 25 | ```
 26 |   
 27 | 
 28 | __Sending Post Requests:__
 29 | ```console
 30 | curl --data "username=admin&password=admin" http://www.example.com/login
 31 | curl --d "username=admin&password=admin" http://www.example.com/login
 32 | ```
 33 | 
 34 | __Put requests:__
 35 | ```console
 36 | curl -X PUT -d curl --data "title=change me" http://example.com/posts/3
 37 | ```
 38 | 
 39 | __Delete Request:__
 40 | ```console
 41 | curl -X DELETE http://www.example.com/posts/3
 42 | ```
 43 | 
 44 | __Adding Authantication:__
 45 | ```console
 46 | curl -u username:password http://www.example.com/posts/3
 47 | ```
 48 | 
 49 | 
 50 | __Curl and FTP__
 51 | ```console
 52 | Uploading: curl -u account@website.com:password  -T local_file.txt ftp://ftp.example.com
 53 | Donwloading: curl -u account@website.com:password -O ftp://ftp.example.com/ftp_file.txt
 54 | ```
 55 | __Show req/res headers:__
 56 | ```console
 57 | curl -i http://www.example.com/posts/3
 58 | ```
 59 | 
 60 | 
 61 | __Fallow Redirection:__
 62 | ```console
 63 | curl -L http://www.example.com/posts/3
 64 | ```
 65 | 
 66 | __Output:__
 67 | ```console
 68 | [verbose]          curl -v http://www.example.com/posts/3
 69 | [Too Verbose]      curl -vv http://www.example.com/posts/3
 70 | [silent]           curl -s http://www.example.com/posts/3
 71 | 
 72 | ```
 73 | 
 74 | __User Agent__
 75 | ```console
 76 | curl -A "User Agent String" http://www.example.com/posts/3
 77 | ```
 78 | 
 79 | __Adding Cookies to Requests__
 80 | ```console
 81 | curl -b name=value http://www.example.com/posts/3
 82 | ```
 83 | 
 84 | __Adding Cookies to Requests from file__
 85 | ```console
 86 | curl -b cookies.txt http://www.example.com/posts/3
 87 | ```
 88 | 
 89 | 
 90 | __Adding Custom Headers to Requests__
 91 | ```console
 92 | curl -H "Header:Value" http://www.example.com/posts/3
 93 | ```
 94 | 
 95 | 
 96 | __Use Compression [deflate/gzip]__
 97 | ```console
 98 | curl --compressed http://www.example.com/posts/3
 99 | ```
100 | 
101 | __Save response to file__
102 | 
103 | ```console
104 | curl -o results.txt http://www.example.com/posts/3
105 | ```
106 | 


--------------------------------------------------------------------------------
/cut.md:
--------------------------------------------------------------------------------
  1 | __Lets Say we have a input file__
  2 | ```console
  3 | root@root:~/Desktop/temp# cat file.txt 
  4 | name:age:color
  5 | one:1:111
  6 | two:2:222
  7 | three:3:333
  8 | 
  9 | ```
 10 | 
 11 | 
 12 | 
 13 | __Reading Byte 1__
 14 | ```console
 15 | root@root:~/Desktop/temp# cat file.txt | cut -b 1
 16 | n
 17 | o
 18 | t
 19 | t
 20 | ```
 21 | 
 22 | __Reading Byte 1,2 and 3__
 23 | ```console
 24 | root@root:~/Desktop/temp# cat file.txt | cut -b 1,2,3
 25 | nam
 26 | one
 27 | two
 28 | thr
 29 | 
 30 | ```
 31 | 
 32 | 
 33 | 
 34 | __Reading Byte Range from 1-3__
 35 | ```console
 36 | root@root:~/Desktop/temp# cat file.txt | cut -b 1-3
 37 | nam
 38 | one
 39 | two
 40 | thr
 41 | ```
 42 | 
 43 | 
 44 | __Reading Byte range from 1-4__
 45 | ```console
 46 | 
 47 | root@root:~/Desktop/temp# cat file.txt | cut -b -4     [Starting to 4]
 48 | name
 49 | one:
 50 | two:
 51 | thre
 52 | ```
 53 | 
 54 | 
 55 | __Reading Byte 2-end__
 56 | ```console
 57 | 
 58 | root@root:~/Desktop/temp# cat file.txt | cut -b 2-     [start from 2 to end]
 59 | ame:age:color
 60 | ne:1:111
 61 | wo:2:222
 62 | hree:3:333
 63 | 
 64 | ```
 65 | 
 66 | 
 67 | 
 68 | __Reading 1 character__
 69 | ```console
 70 | 
 71 | root@root:~/Desktop/temp# cat file.txt | cut -c 1
 72 | n
 73 | o
 74 | t
 75 | t
 76 | ```
 77 | 
 78 | __Reading 1-3 characters__
 79 | ```console
 80 | 
 81 | root@root:~/Desktop/temp# cat file.txt | cut -c 1-3
 82 | nam
 83 | one
 84 | two
 85 | thr
 86 | ```
 87 | 
 88 | __Reading starting-3 characters__
 89 | ```console
 90 | root@root:~/Desktop/temp# cat file.txt | cut -c -3
 91 | nam
 92 | one
 93 | two
 94 | thr
 95 | ```
 96 | 
 97 | __Reading characters from 3 to end__
 98 | ```console
 99 | 
100 | root@root:~/Desktop/temp# cat file.txt | cut -c 3-
101 | me:age:color
102 | e:1:111
103 | o:2:222
104 | ree:3:333
105 | 
106 | ```
107 | 
108 | 
109 | 
110 | 
111 | 
112 | __Using Delimiter to extract 1st field__
113 | ```console
114 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1
115 | name
116 | one
117 | two
118 | three
119 | ```
120 | 
121 | __Using Delimiter to extract 1st and 2nd field__
122 | ```
123 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
124 | name:age
125 | one:1
126 | two:2
127 | three:3
128 | ```
129 | 
130 | 
131 | 
132 | __Using reverse Match (Not gate)__
133 | ```console
134 | 
135 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
136 | name:age
137 | one:1
138 | two:2
139 | three:3
140 | 
141 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --complement
142 | color
143 | 111
144 | 222
145 | 333
146 | 
147 | ```
148 | 
149 | 
150 | 
151 | __Using Output Delimiters__
152 | ```console
153 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --output-delimiter=~
154 | name~age
155 | one~1
156 | two~2
157 | three~3
158 | 
159 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2,3 --output-delimiter=~
160 | name~age~color
161 | one~1~111
162 | two~2~222
163 | three~3~333
164 | 
165 | ```
166 | 
167 | 
168 | 
169 | __Example 1: Removing protocols from Urls__
170 | ```console
171 | root@root:~/Desktop/temp# cat file.txt 
172 | https://google.com
173 | https://facebook.com
174 | https://imran.com
175 | http://example.com
176 | 
177 | 
178 | root@root:~/Desktop/temp# cat file.txt | cut -d"/" -f3
179 | google.com
180 | facebook.com
181 | imran.com
182 | example.com
183 | 
184 | ```
185 | 
186 | 
187 | 
188 | __Example 2: Extracting Domains from URLS__
189 | ```console
190 | root@root:~/Desktop/temp# cat file.txt 
191 | https://google.com?name=imran&age=xxx&age=xxx
192 | https://facebook.com?name=imran&age=xxx&age=xxx&age=xxx
193 | https://imran.com?name=imran&age=xxx&age=xxx&age=xxx
194 | http://example.com?name=imran&age=xxx&age=xxx
195 | 
196 | 
197 | root@root:~/Desktop/temp# cat file.txt | cut -d"?" -f1
198 | https://google.com
199 | https://facebook.com
200 | https://imran.com
201 | http://example.com
202 | 
203 | ```
204 | 
205 | 
206 | 
207 | __Example 3 : Extracting Keys/Values from JSON Object__
208 | ```console
209 | root@root:~/Desktop/temp# cat file.txt 
210 | {
211 | "a":"1",
212 | "b":"2",
213 | "c":"3",
214 | }
215 | 
216 | root@root:~/Desktop/temp# cat file.txt | grep ':'
217 | "a":"1",
218 | "b":"2",
219 | "c":"3",
220 | 
221 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f1
222 | "a"
223 | "b"
224 | "c"
225 | 
226 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f2
227 | "1",
228 | "2",
229 | "3",
230 | root@root:~/Desktop/temp# 
231 | 
232 | ```
233 | 


--------------------------------------------------------------------------------
/cut.txt:
--------------------------------------------------------------------------------
  1 | __Lets Say we have a input file__
  2 | ```console
  3 | root@root:~/Desktop/temp# cat file.txt 
  4 | name:age:color
  5 | one:1:111
  6 | two:2:222
  7 | three:3:333
  8 | 
  9 | ```
 10 | 
 11 | 
 12 | 
 13 | __Reading Bytes__
 14 | ```console
 15 | root@root:~/Desktop/temp# cat file.txt | cut -b 1
 16 | n
 17 | o
 18 | t
 19 | t
 20 | 
 21 | root@root:~/Desktop/temp# cat file.txt | cut -b 1,2,3
 22 | nam
 23 | one
 24 | two
 25 | thr
 26 | 
 27 | ```
 28 | 
 29 | 
 30 | 
 31 | __Reading Byte Range__
 32 | ```console
 33 | root@root:~/Desktop/temp# cat file.txt | cut -b 1-3
 34 | nam
 35 | one
 36 | two
 37 | thr
 38 | 
 39 | root@root:~/Desktop/temp# cat file.txt | cut -b -4     [Starting to 4]
 40 | name
 41 | one:
 42 | two:
 43 | thre
 44 | 
 45 | 
 46 | root@root:~/Desktop/temp# cat file.txt | cut -b 2-     [start from 2 to end]
 47 | ame:age:color
 48 | ne:1:111
 49 | wo:2:222
 50 | hree:3:333
 51 | 
 52 | ```
 53 | 
 54 | 
 55 | 
 56 | __Reading 1 character__
 57 | ```console
 58 | 
 59 | root@root:~/Desktop/temp# cat file.txt | cut -c 1
 60 | n
 61 | o
 62 | t
 63 | t
 64 | ```
 65 | 
 66 | __Reading 1-3 characters__
 67 | ```console
 68 | 
 69 | root@root:~/Desktop/temp# cat file.txt | cut -c 1-3
 70 | nam
 71 | one
 72 | two
 73 | thr
 74 | ```
 75 | 
 76 | __Reading starting-3 characters__
 77 | ```console
 78 | root@root:~/Desktop/temp# cat file.txt | cut -c -3
 79 | nam
 80 | one
 81 | two
 82 | thr
 83 | ```
 84 | 
 85 | __Reading characters from 3 to end__
 86 | ```console
 87 | 
 88 | root@root:~/Desktop/temp# cat file.txt | cut -c 3-
 89 | me:age:color
 90 | e:1:111
 91 | o:2:222
 92 | ree:3:333
 93 | 
 94 | ```
 95 | 
 96 | 
 97 | 
 98 | 
 99 | 
100 | __Using Delimiter to extract 1st field__
101 | ```console
102 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1
103 | name
104 | one
105 | two
106 | three
107 | ```
108 | 
109 | __Using Delimiter to extract 1st and 2nd field__
110 | ```
111 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
112 | name:age
113 | one:1
114 | two:2
115 | three:3
116 | ```
117 | 
118 | 
119 | 
120 | __Using reverse Match (Not gate)__
121 | ```console
122 | 
123 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
124 | name:age
125 | one:1
126 | two:2
127 | three:3
128 | 
129 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --complement
130 | color
131 | 111
132 | 222
133 | 333
134 | 
135 | ```
136 | 
137 | 
138 | 
139 | __Using Output Delimiters__
140 | ```console
141 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --output-delimiter=~
142 | name~age
143 | one~1
144 | two~2
145 | three~3
146 | 
147 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2,3 --output-delimiter=~
148 | name~age~color
149 | one~1~111
150 | two~2~222
151 | three~3~333
152 | 
153 | ```
154 | 
155 | 
156 | 
157 | __Example 1: Removing protocols from Urls__
158 | ```console
159 | root@root:~/Desktop/temp# cat file.txt 
160 | https://google.com
161 | https://facebook.com
162 | https://imran.com
163 | http://example.com
164 | 
165 | 
166 | root@root:~/Desktop/temp# cat file.txt | cut -d"/" -f3
167 | google.com
168 | facebook.com
169 | imran.com
170 | example.com
171 | 
172 | ```
173 | 
174 | 
175 | 
176 | __Example 2: Extracting Domains from URLS__
177 | ```console
178 | root@root:~/Desktop/temp# cat file.txt 
179 | https://google.com?name=imran&age=xxx&age=xxx
180 | https://facebook.com?name=imran&age=xxx&age=xxx&age=xxx
181 | https://imran.com?name=imran&age=xxx&age=xxx&age=xxx
182 | http://example.com?name=imran&age=xxx&age=xxx
183 | 
184 | 
185 | root@root:~/Desktop/temp# cat file.txt | cut -d"?" -f1
186 | https://google.com
187 | https://facebook.com
188 | https://imran.com
189 | http://example.com
190 | 
191 | ```
192 | 
193 | 
194 | 
195 | __Example 3 : Extracting Keys/Values from JSON Object__
196 | ```console
197 | root@root:~/Desktop/temp# cat file.txt 
198 | {
199 | "a":"1",
200 | "b":"2",
201 | "c":"3",
202 | }
203 | 
204 | root@root:~/Desktop/temp# cat file.txt | grep ':'
205 | "a":"1",
206 | "b":"2",
207 | "c":"3",
208 | 
209 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f1
210 | "a"
211 | "b"
212 | "c"
213 | 
214 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f2
215 | "1",
216 | "2",
217 | "3",
218 | root@root:~/Desktop/temp# 
219 | 
220 | ```
221 | 


--------------------------------------------------------------------------------
/dig.md:
--------------------------------------------------------------------------------
 1 | Dig
 2 | ===
 3 | 
 4 | 
 5 | Asking Specific Name Server:
 6 | ===================
 7 | 
 8 | 	dig google.com 							A record
 9 | 	dig @nameserver google.com 				Querying any specific name server
10 | 	dig @nameserver google.com MX 				Querying MX records
11 | 	dig google.com +short 						Show only resolved A records [only ip addresses]
12 | 
13 | 
14 | Asking Specific DNS record:
15 | ==================
16 | 
17 | 	dig +nocmd example.com A +noall +answer
18 | 	dig +nocmd example.com NS +noall +answer
19 | 	dig +nocmd example.com MX +noall +answer
20 | 	dig +nocmd example.com TXT +noall +answer
21 | 	dig +nocmd example.com SOA +noall +answer
22 | 	dig +nocmd example.com ANY +noall +answer (This rarely works)
23 | 
24 | 
25 | 
26 | Reverse Lookup
27 | ===========
28 | 	dig -x 104.27.179.12                             Reverse Lookup
29 | 
30 | 
31 | Zone Transfers:
32 | ==========
33 | 	dig -t NS zonetransfer.me +short					---	Finding name Servers
34 | 	dig -t AXFR zonetransfer.me @nsztm1.digi.ninja 		---	Requesting zone files from NS1
35 | 	dig -t AXFR zonetransfer.me @nsztm2.digi.ninja		---	Requesting zone files from NS2
36 | 
37 | 
38 | 


--------------------------------------------------------------------------------
/few_more_tools.md:
--------------------------------------------------------------------------------
1 | https://github.com/lazytools/sshchecker
2 | 


--------------------------------------------------------------------------------
/find_command_notes.md:
--------------------------------------------------------------------------------
 1 | 	
 2 | Finding Files
 3 | ------------------------
 4 | #### By Name:
 5 | 	------------	
 6 | 	locate NAME
 7 | 	locate *.extension
 8 | 	find / -name nmap				---	Find from root all file with name "nmap"
 9 | 	find / -iname nmap				---	Find from root all file with name "nmap" regardless of case sensitive
10 | 	find / -name 'nmap*'				---	Find from root all files with starting name as root
11 | 	find / -name 'nm??'				---	Find from root all files with starting name as root
12 | 	find / -name 'nm??*'				---	Find from root all files with starting name as nm and the two chars or more
13 | 	find ~ -iname '*.txt'				---	Find all the files in the root directory with txt extension
14 | 	find /usr/share -name '*nmap*'			---	Find all the files in the /usr/share which contains text nmap
15 | 	
16 | #### Bysize:
17 | 	-------
18 | 	
19 | 	find . -size 300b				---	Find all file with size 300 bytes
20 | 	find . -size +300b				---	Find all file with size more than 300 bytes
21 | 	find . -size -300b				---	Find all file with size less than 300 bytes
22 | 	find ~ -empty 					---	Find all file with emptysize
23 | 	
24 | 	
25 | #### ByTime:
26 | 	-------
27 | 	
28 | 	find ~ -mtime 1					---	Find all the files which were modiefied before one day [24 hours]
29 | 	find ~ -mmin 5					---	Find all the files which were modified befire 5 minutes
30 | 	find / -mtime 2 -mtime -4 			---	Find all the files which were modified before 2 to 4 days
31 | 	
32 | 	
33 | #### By owners:
34 | 	----------
35 | 	
36 | 	find /usr/share/fonts -user imran		---	Find all the files in /usr/share/fonts owened by imran
37 | 	find /dev -group hackers			---	Find all the fiels in /dev which are owened by group hackers
38 | 	
39 | 	
40 | #### Finding and Executing commands on Found files:
41 | ----------------------------------------------
42 | 	
43 | 	find . -name '*.html' -exec cat '{}' ';'		---	Find all the files with html extension and execute cat command in them
44 | 									here {} represents the set of files found by found command
45 | 	
46 | 	find . -name '*.html' -ok rn '{}' ';'			---	Find all the html files and check which command will be executed on them just to confirm
47 | 									the removal of files. This is a test command and it should be run before -exec
48 | 	
49 | 	
50 | 	
51 | #### combining things:
52 | -----------------
53 | 	find / -name '*.html' -size +300b 			---	Find all the html files who size more than 300
54 | 	 
55 | 	
56 | 


--------------------------------------------------------------------------------
/getting_started_in_bug_bounties.md:
--------------------------------------------------------------------------------
  1 | ## Understading and Learning Linux
  2 | 
  3 | #### Learning Shell
  4 | http://linuxcommand.org/lc3_learning_the_shell.php
  5 | 
  6 | 
  7 | #### Linux File system
  8 | https://www.youtube.com/watch?v=HIXzJ3Rz9po
  9 | 
 10 | ## Web Severs
 11 | 
 12 | ### How they work
 13 | https://www.youtube.com/watch?v=RsQ1tFLwldY
 14 | 
 15 | ### How to setup your own server
 16 | https://www.youtube.com/watch?v=R5CUn5wGQGg
 17 | 
 18 | 
 19 | ## Programming
 20 | #### HTML
 21 | https://www.youtube.com/playlist?list=PLr6-GrHUlVf_ZNmuQSXdS197Oyr1L9sPB
 22 | 
 23 | #### Javascript 
 24 | https://www.youtube.com/watch?v=W6NZfCO5SIk
 25 | 
 26 | 
 27 | ## Networking-Resources for Bug Bounties
 28 | 
 29 | Having knowledge about computer networks plays an very important role in Bug Bounties. 
 30 | Alot of people doing bug bouties have less knowledge about how different communication systems work. So Here are some of the 
 31 | resources which can be used by "Bug Hunters" to expand thir thoughts on computer networks.
 32 | 
 33 | #### Undetstanding basic concepts
 34 | https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
 35 | 
 36 | #### Understanding OSI Model 
 37 | ###### [Dont waste too much time on this as this is more theoritical]
 38 | 
 39 | https://www.youtube.com/watch?v=-6Uoku-M6oY
 40 | https://www.geeksforgeeks.org/layers-osi-model/
 41 | 
 42 | #### Understanding TCP/IP model
 43 | http://www.steves-internet-guide.com/internet-protocol-suite-explained/
 44 | https://www.geeksforgeeks.org/computer-network-tcpip-model/
 45 | 
 46 | ## Understanding CLIENT - SEVER ARTITECTURE
 47 | ###### One video is enough
 48 | https://www.youtube.com/watch?v=SwLdKeC8scE
 49 | 
 50 | 
 51 | 
 52 | ## Understanding DNS
 53 | ###### Although you may not like the quality of the vidoes they are best one on internet
 54 | https://www.youtube.com/watch?v=Hk0FjTIxSrI     [part 1] 
 55 | 
 56 | https://www.youtube.com/watch?v=a_jCXHTYF4c     [part 2]
 57 | https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/network_registrar/9-0/dns/guide/DNS_Guide/DNS_Guide_chapter_00.pdf
 58 | 
 59 | 
 60 | #### Undetstanding DNS SECURITY
 61 | https://www.youtube.com/playlist?list=PLEGgkEr0ifYuHzA5wJnAmAvFVZvoIXrj4
 62 | https://www.cloudflare.com/learning/dns/dns-security/
 63 | 
 64 | 
 65 | 
 66 | #### Getting familiar with DIG 
 67 | https://www.rootusers.com/12-dig-command-examples-to-query-dns-in-linux/
 68 | 
 69 | 
 70 | 
 71 | ## How CDN Work
 72 | 
 73 | https://www.youtube.com/watch?v=farO15_0NUQ
 74 | https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
 75 | 
 76 | 
 77 | ## Understading HTTP Request Reponse
 78 | https://www.youtube.com/watch?v=DrI2lUXL1no
 79 | 
 80 | #### Getting Femilair with curl
 81 | https://www.thegeekstuff.com/2012/04/curl-examples/
 82 | https://medium.freecodecamp.org/how-much-can-you-curl-3c88e2fed3f6
 83 | 
 84 | ### Understanding HTTP HEADERS
 85 | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
 86 | 
 87 | 
 88 | ## How Load Balancers work
 89 | https://www.youtube.com/watch?v=7LMaAVwZE2c
 90 | https://tools.kali.org/information-gathering/lbd
 91 | 
 92 | 
 93 | ## How server Management works.
 94 | 
 95 | learn how to do server management on nginx server will be enough to undetstand how server are managed and what are the 
 96 | mistakes than can be done
 97 | 
 98 | https://www.nginx.com/resources/library/complete-nginx-cookbook/
 99 | 
100 | 
101 | ## Burpsuite 
102 | 
103 | https://www.youtube.com/playlist?list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA
104 | 
105 | 
106 |   
107 |   
108 |   
109 | # more comming Soon.....
110 | 
111 | 


--------------------------------------------------------------------------------
/grep.md:
--------------------------------------------------------------------------------
  1 | 
  2 | __Input file__
  3 | 
  4 | ```console
  5 | Imrans-Air:temp imranparray$ cat file.txt 
  6 | Hello world
  7 | i am line 1
  8 | i am line 2
  9 | 44444
 10 | 55555
 11 | 
 12 | ```
 13 | 
 14 | __Case insenstivity__
 15 | ```console
 16 | Imrans-Air:temp imranparray$ cat file.txt | grep 'h'
 17 | Imrans-Air:temp imranparray$ cat file.txt | grep -i 'h'
 18 | Hello world
 19 | ```
 20 | 
 21 | __Reverse Match__
 22 | ```console
 23 | Imrans-Air:temp imranparray$ cat file.txt | grep 'am'
 24 | i am line 1
 25 | i am line 2
 26 | Imrans-Air:temp imranparray$ cat file.txt | grep -v 'am' 
 27 | Hello world
 28 | 44444
 29 | 55555
 30 | 
 31 | 
 32 | ```
 33 | 
 34 | __No of Matches__
 35 | ```console
 36 | Imrans-Air:temp imranparray$ cat file.txt | grep -c 'am' 
 37 | 2
 38 | 
 39 | ```
 40 | 
 41 | __Searching Regular Expressions__
 42 | ```console
 43 | Imrans-Air:temp imranparray$ cat file.txt | grep -E '\d{5}' 
 44 | 44444
 45 | 55555
 46 | ```
 47 | 
 48 | __Get the Search pattern from the file__
 49 | ```console
 50 | Imrans-Air:temp imranparray$ echo '\d{5}' > pattern
 51 | Imrans-Air:temp imranparray$ cat file.txt | grep -Ef pattern 
 52 | 44444
 53 | 55555
 54 | 
 55 | ```
 56 | 
 57 | __Print the source of input__
 58 | ```console
 59 | Imrans-Air:temp imranparray$ cat file.txt | grep -H 'am'
 60 | (standard input):i am line 1
 61 | (standard input):i am line 2
 62 | Imrans-Air:temp imranparray$ grep -H 'am' file.txt 
 63 | file.txt:i am line 1
 64 | file.txt:i am line 2
 65 | 
 66 | ```
 67 | 
 68 | __Print Line number where the match is found__
 69 | ```console
 70 | Imrans-Air:temp imranparray$ cat file.txt | grep -n 'am'
 71 | 2:i am line 1
 72 | 3:i am line 2
 73 | 
 74 | ```
 75 | 
 76 | __print n number of line after last match__
 77 | ```console
 78 | Imrans-Air:temp imranparray$ cat file.txt | grep -A 1 -n 'am'
 79 | 2:i am line 1
 80 | 3:i am line 2
 81 | 4-44444
 82 | 
 83 | ```
 84 | 
 85 | __print n number of line before first match__
 86 | ```console
 87 | Imrans-Air:temp imranparray$ cat file.txt | grep -B 1 -n 'am'
 88 | 1-Hello world
 89 | 2:i am line 1
 90 | 3:i am line 2
 91 | ```
 92 | 
 93 | __print only matching part__
 94 | ```console
 95 | Imrans-Air:temp imranparray$ cat file.txt | grep -o 'am'
 96 | am
 97 | am
 98 | 
 99 | ```
100 | 
101 | __Add color to mached patterns__
102 | ```console
103 | Imrans-Air:temp imranparray$ cat file.txt | grep 'am' --color
104 | i am line 1
105 | i am line 2
106 | 
107 | ```
108 | 


--------------------------------------------------------------------------------
/linux-commands-Snapsec.md:
--------------------------------------------------------------------------------
  1 | ## PS
  2 | 
  3 | __list terminal process__
  4 | ```console
  5 | ps -a
  6 | ```
  7 | 
  8 | 
  9 | __list all processes__
 10 | ```console
 11 | ps -x
 12 | ```
 13 | 
 14 | 
 15 | __kill a process__
 16 | ```console
 17 | kill <PID>
 18 | ```
 19 | 
 20 | 
 21 | ## uname
 22 | 
 23 | __list system info__
 24 | ```console
 25 | uname -a
 26 | ```
 27 | 
 28 | ## df
 29 | __list all disks__
 30 | ```console
 31 | df -a
 32 | ```
 33 | 
 34 | 
 35 | __list all information in Human Readable Format__
 36 | ```console
 37 | df -h
 38 | ```
 39 | 
 40 | ## cut
 41 | 
 42 | __Lets Say we have a input file__
 43 | ```console
 44 | root@root:~/Desktop/temp# cat file.txt 
 45 | name:age:color
 46 | one:1:111
 47 | two:2:222
 48 | three:3:333
 49 | 
 50 | ```
 51 | 
 52 | 
 53 | 
 54 | __Reading Byte 1__
 55 | ```console
 56 | root@root:~/Desktop/temp# cat file.txt | cut -b 1
 57 | n
 58 | o
 59 | t
 60 | t
 61 | ```
 62 | 
 63 | __Reading Byte 1,2 and 3__
 64 | ```console
 65 | root@root:~/Desktop/temp# cat file.txt | cut -b 1,2,3
 66 | nam
 67 | one
 68 | two
 69 | thr
 70 | 
 71 | ```
 72 | 
 73 | 
 74 | 
 75 | __Reading Byte Range from 1-3__
 76 | ```console
 77 | root@root:~/Desktop/temp# cat file.txt | cut -b 1-3
 78 | nam
 79 | one
 80 | two
 81 | thr
 82 | ```
 83 | 
 84 | 
 85 | __Reading Byte range from 1-4__
 86 | ```console
 87 | 
 88 | root@root:~/Desktop/temp# cat file.txt | cut -b -4     [Starting to 4]
 89 | name
 90 | one:
 91 | two:
 92 | thre
 93 | ```
 94 | 
 95 | 
 96 | __Reading Byte 2-end__
 97 | ```console
 98 | 
 99 | root@root:~/Desktop/temp# cat file.txt | cut -b 2-     [start from 2 to end]
100 | ame:age:color
101 | ne:1:111
102 | wo:2:222
103 | hree:3:333
104 | 
105 | ```
106 | 
107 | 
108 | 
109 | __Reading 1 character__
110 | ```console
111 | 
112 | root@root:~/Desktop/temp# cat file.txt | cut -c 1
113 | n
114 | o
115 | t
116 | t
117 | ```
118 | 
119 | __Reading 1-3 characters__
120 | ```console
121 | 
122 | root@root:~/Desktop/temp# cat file.txt | cut -c 1-3
123 | nam
124 | one
125 | two
126 | thr
127 | ```
128 | 
129 | __Reading starting-3 characters__
130 | ```console
131 | root@root:~/Desktop/temp# cat file.txt | cut -c -3
132 | nam
133 | one
134 | two
135 | thr
136 | ```
137 | 
138 | __Reading characters from 3 to end__
139 | ```console
140 | 
141 | root@root:~/Desktop/temp# cat file.txt | cut -c 3-
142 | me:age:color
143 | e:1:111
144 | o:2:222
145 | ree:3:333
146 | 
147 | ```
148 | 
149 | 
150 | 
151 | 
152 | 
153 | __Using Delimiter to extract 1st field__
154 | ```console
155 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1
156 | name
157 | one
158 | two
159 | three
160 | ```
161 | 
162 | __Using Delimiter to extract 1st and 2nd field__
163 | ```
164 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
165 | name:age
166 | one:1
167 | two:2
168 | three:3
169 | ```
170 | 
171 | 
172 | 
173 | __Using reverse Match (Not gate)__
174 | ```console
175 | 
176 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
177 | name:age
178 | one:1
179 | two:2
180 | three:3
181 | 
182 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --complement
183 | color
184 | 111
185 | 222
186 | 333
187 | 
188 | ```
189 | 
190 | 
191 | 
192 | __Using Output Delimiters__
193 | ```console
194 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --output-delimiter=~
195 | name~age
196 | one~1
197 | two~2
198 | three~3
199 | 
200 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2,3 --output-delimiter=~
201 | name~age~color
202 | one~1~111
203 | two~2~222
204 | three~3~333
205 | 
206 | ```
207 | 
208 | 
209 | 
210 | __Example 1: Removing protocols from Urls__
211 | ```console
212 | root@root:~/Desktop/temp# cat file.txt 
213 | https://google.com
214 | https://facebook.com
215 | https://imran.com
216 | http://example.com
217 | 
218 | 
219 | root@root:~/Desktop/temp# cat file.txt | cut -d"/" -f3
220 | google.com
221 | facebook.com
222 | imran.com
223 | example.com
224 | 
225 | ```
226 | 
227 | 
228 | 
229 | __Example 2: Extracting Domains from URLS__
230 | ```console
231 | root@root:~/Desktop/temp# cat file.txt 
232 | https://google.com?name=imran&age=xxx&age=xxx
233 | https://facebook.com?name=imran&age=xxx&age=xxx&age=xxx
234 | https://imran.com?name=imran&age=xxx&age=xxx&age=xxx
235 | http://example.com?name=imran&age=xxx&age=xxx
236 | 
237 | 
238 | root@root:~/Desktop/temp# cat file.txt | cut -d"?" -f1
239 | https://google.com
240 | https://facebook.com
241 | https://imran.com
242 | http://example.com
243 | 
244 | ```
245 | 
246 | 
247 | 
248 | __Example 3 : Extracting Keys/Values from JSON Object__
249 | ```console
250 | root@root:~/Desktop/temp# cat file.txt 
251 | {
252 | "a":"1",
253 | "b":"2",
254 | "c":"3",
255 | }
256 | 
257 | root@root:~/Desktop/temp# cat file.txt | grep ':'
258 | "a":"1",
259 | "b":"2",
260 | "c":"3",
261 | 
262 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f1
263 | "a"
264 | "b"
265 | "c"
266 | 
267 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f2
268 | "1",
269 | "2",
270 | "3",
271 | root@root:~/Desktop/temp# 
272 | 
273 | ```
274 | 
275 | ## Grep
276 | __Lets Say we have a input file__
277 | ```console
278 | root@root:~/Desktop/temp# cat file.txt 
279 | name:age:color
280 | one:1:111
281 | two:2:222
282 | three:3:333
283 | 
284 | ```
285 | 
286 | 
287 | 
288 | __Reading Byte 1__
289 | ```console
290 | root@root:~/Desktop/temp# cat file.txt | cut -b 1
291 | n
292 | o
293 | t
294 | t
295 | ```
296 | 
297 | __Reading Byte 1,2 and 3__
298 | ```console
299 | root@root:~/Desktop/temp# cat file.txt | cut -b 1,2,3
300 | nam
301 | one
302 | two
303 | thr
304 | 
305 | ```
306 | 
307 | 
308 | 
309 | __Reading Byte Range from 1-3__
310 | ```console
311 | root@root:~/Desktop/temp# cat file.txt | cut -b 1-3
312 | nam
313 | one
314 | two
315 | thr
316 | ```
317 | 
318 | 
319 | __Reading Byte range from 1-4__
320 | ```console
321 | 
322 | root@root:~/Desktop/temp# cat file.txt | cut -b -4     [Starting to 4]
323 | name
324 | one:
325 | two:
326 | thre
327 | ```
328 | 
329 | 
330 | __Reading Byte 2-end__
331 | ```console
332 | 
333 | root@root:~/Desktop/temp# cat file.txt | cut -b 2-     [start from 2 to end]
334 | ame:age:color
335 | ne:1:111
336 | wo:2:222
337 | hree:3:333
338 | 
339 | ```
340 | 
341 | 
342 | 
343 | __Reading 1 character__
344 | ```console
345 | 
346 | root@root:~/Desktop/temp# cat file.txt | cut -c 1
347 | n
348 | o
349 | t
350 | t
351 | ```
352 | 
353 | __Reading 1-3 characters__
354 | ```console
355 | 
356 | root@root:~/Desktop/temp# cat file.txt | cut -c 1-3
357 | nam
358 | one
359 | two
360 | thr
361 | ```
362 | 
363 | __Reading starting-3 characters__
364 | ```console
365 | root@root:~/Desktop/temp# cat file.txt | cut -c -3
366 | nam
367 | one
368 | two
369 | thr
370 | ```
371 | 
372 | __Reading characters from 3 to end__
373 | ```console
374 | 
375 | root@root:~/Desktop/temp# cat file.txt | cut -c 3-
376 | me:age:color
377 | e:1:111
378 | o:2:222
379 | ree:3:333
380 | 
381 | ```
382 | 
383 | 
384 | 
385 | 
386 | 
387 | __Using Delimiter to extract 1st field__
388 | ```console
389 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1
390 | name
391 | one
392 | two
393 | three
394 | ```
395 | 
396 | __Using Delimiter to extract 1st and 2nd field__
397 | ```
398 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
399 | name:age
400 | one:1
401 | two:2
402 | three:3
403 | ```
404 | 
405 | 
406 | 
407 | __Using reverse Match (Not gate)__
408 | ```console
409 | 
410 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2
411 | name:age
412 | one:1
413 | two:2
414 | three:3
415 | 
416 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --complement
417 | color
418 | 111
419 | 222
420 | 333
421 | 
422 | ```
423 | 
424 | 
425 | 
426 | __Using Output Delimiters__
427 | ```console
428 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2 --output-delimiter=~
429 | name~age
430 | one~1
431 | two~2
432 | three~3
433 | 
434 | root@root:~/Desktop/temp# cat file.txt | cut -d":" -f1,2,3 --output-delimiter=~
435 | name~age~color
436 | one~1~111
437 | two~2~222
438 | three~3~333
439 | 
440 | ```
441 | 
442 | 
443 | 
444 | __Example 1: Removing protocols from Urls__
445 | ```console
446 | root@root:~/Desktop/temp# cat file.txt 
447 | https://google.com
448 | https://facebook.com
449 | https://imran.com
450 | http://example.com
451 | 
452 | 
453 | root@root:~/Desktop/temp# cat file.txt | cut -d"/" -f3
454 | google.com
455 | facebook.com
456 | imran.com
457 | example.com
458 | 
459 | ```
460 | 
461 | 
462 | 
463 | __Example 2: Extracting Domains from URLS__
464 | ```console
465 | root@root:~/Desktop/temp# cat file.txt 
466 | https://google.com?name=imran&age=xxx&age=xxx
467 | https://facebook.com?name=imran&age=xxx&age=xxx&age=xxx
468 | https://imran.com?name=imran&age=xxx&age=xxx&age=xxx
469 | http://example.com?name=imran&age=xxx&age=xxx
470 | 
471 | 
472 | root@root:~/Desktop/temp# cat file.txt | cut -d"?" -f1
473 | https://google.com
474 | https://facebook.com
475 | https://imran.com
476 | http://example.com
477 | 
478 | ```
479 | 
480 | 
481 | 
482 | __Example 3 : Extracting Keys/Values from JSON Object__
483 | ```console
484 | root@root:~/Desktop/temp# cat file.txt 
485 | {
486 | "a":"1",
487 | "b":"2",
488 | "c":"3",
489 | }
490 | 
491 | root@root:~/Desktop/temp# cat file.txt | grep ':'
492 | "a":"1",
493 | "b":"2",
494 | "c":"3",
495 | 
496 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f1
497 | "a"
498 | "b"
499 | "c"
500 | 
501 | root@root:~/Desktop/temp# cat file.txt | grep ':' | cut -d':' -f2
502 | "1",
503 | "2",
504 | "3",
505 | root@root:~/Desktop/temp# 
506 | 
507 | ```
508 | 
509 | 
510 | 
511 | ## Sed
512 | 
513 | 
514 | 
515 | Learn ed in Linux to get started in sed. Understanding how ed works will improve your understanding about sed.
516 | 
517 | 
518 | __Cheat Sheet__
519 | 
520 | ```
521 | :  # label
522 | =  # line_number
523 | a  # append_text_to_stdout_after_flush
524 | b  # branch_unconditional             
525 | c  # range_change                     
526 | d  # pattern_delete_top/cycle          
527 | D  # pattern_ltrunc(line+nl)_top/cycle 
528 | g  # pattern=hold                      
529 | G  # pattern+=nl+hold                  
530 | h  # hold=pattern                      
531 | H  # hold+=nl+pattern                  
532 | i  # insert_text_to_stdout_now         
533 | l  # pattern_list                       
534 | n  # pattern_flush=nextline_continue   
535 | N  # pattern+=nl+nextline              
536 | p  # pattern_print                     
537 | P  # pattern_first_line_print          
538 | q  # flush_quit                        
539 | r  # append_file_to_stdout_after_flush 
540 | s  # substitute                                          
541 | t  # branch_on_substitute              
542 | w  # append_pattern_to_file_now         
543 | x  # swap_pattern_and_hold             
544 | y  # transform_chars    
545 | ```
546 | 
547 | 
548 | 
549 | 
550 | __Symbols:__
551 | 
552 | 	^	---		Beginning of The Line
553 | 	$	---		Termination of the line
554 | 	[ ]	---		Range
555 | 	&	---		Matched String
556 | 	\*      ---		OR Eg: th  t or th
557 | 	\	---		Escape Character
558 | 
559 | 
560 | __Options:__
561 | 
562 | 	p	---	print
563 | 	d	---	delete
564 | 	q	---	Quit
565 | 	g	---	globally
566 | 	I 	---	ignore case sensivity
567 | 	-n 	---	silent mode
568 | 	-i 	---	Make changes in file
569 | 
570 | __Substituing the text__
571 | 
572 | 
573 | 	sed 's/t/T/' file.txt			---	Substitute t with T in file.txt [ It only replaces the 1st t not all]
574 | 	sed 's/t/T/g' file.txt			---	Substitute t with T in globally in file.txt
575 | 	sed -i 's/t/T/g' file.txt		---	Modify the original file
576 | 
577 | 
578 | 
579 | 
580 | __Delete the text__
581 | 
582 | 	echo "
583 | 	imran
584 | 	nazir
585 | 	parray" | sed '/imran/d'
586 | 
587 | 	nazir
588 | 	parray
589 | 
590 | 
591 | 
592 | 
593 | __Transform text__
594 | 
595 | 	replace 
596 | 	a->x
597 | 	b->y
598 | 	c->z
599 | 	
600 | 	root@root:~/Desktop# echo '
601 | 	abc
602 | 	bca ' | sed 'y/abc/xyz/'
603 | 
604 | 	xyz
605 | 	yzx 
606 | 
607 | 
608 | 
609 | 
610 | 
611 | 
612 | 
613 | 
614 | __The script file__
615 | 
616 |     $cat sedscr
617 |     s/ MA/, Massachusetts/ 
618 |     s/ PA/, Pennsylvania/ 
619 |     s/ CA/, California/
620 |     s/ VA/, Virginia/
621 |     s/ OK/, Oklahoma/
622 | 
623 |      sed -f sedsec filename
624 | 
625 | 
626 | 
627 | __Replacing nth Occurance__
628 | 
629 | 	echo "imranimranimra" | sed 's/imran/nazir/2'
630 | 
631 | 	imrannazirimran
632 | 
633 | 
634 | 
635 | 
636 | 
637 | 
638 | 
639 | 
640 | __Substituing at the beginning of the line:__
641 | 
642 | 
643 | 	sed 's/^t/ooo/' test.txt		---	replacing  t if they are at the beginning of the line
644 | 	sed 's/d$/ooo/' test.txt		---	replacing  d if they are at the beginning of the line
645 | 
646 | 
647 | __using Apersand and wildcards__
648 | 
649 | 
650 | 	sed 's/[0-5]/1/' test.txt			---	replacing anything from 0-5 and replace it with 1
651 | 	sed 's/[A-Z]m/1/' test.txt			---	replacing anything starts A-Z fallowed by m [eg: Am Bm Cm ]
652 | 	sed 's/[0-9]/(&)/' test.txt			---	replacing all mached with string inside ( ) 
653 | 	sed 's/[0-9]/(&&)/' test.txt		---	replacing all mached with string+string  inside [10 to (101)]
654 | 	sed 's/[0-9][0-9]/(&)/' test.txt		---	repcing all two digit numbers 
655 | 
656 | 
657 | 
658 | 
659 | __Using Astrick:__
660 | 
661 | 
662 | 
663 | 	sed 's/Th*/00/' test.txt			---	replacing all T and Th with 00
664 | 	sed 's/Thr*/00/' test.txt			---	replacing all Th and Thr with 00
665 | 	sed 's/There*/00/' test.txt		---	replacing all Ther and There with 00
666 | 	sed 's/[0-9][0-9]*/00/' test.txt	---	replacing all one digit and two digit numbers with 00
667 | 
668 | 	sed 's/[a-z]/00/' test.txt			---	replacing all small alphabits with 00
669 | 	sed 's/[a-z][A-Z]/00/' test.txt		---	replacing all small alphabits with 00 [Eg: t -> 00 and tH->00 ]
670 | 	sed 's/[A-Z]/00/' test.txt			---	replacing all A-Z  with 00
671 | 	sed 's/[a-zA-Z]/00/' test.txt		---	replacing all a-zA-Z  with 00
672 | 	OR
673 | 	sed 's/[A-z]/00/' test.txt			---	replacing all a-z A-Z  with 00
674 | 	sed 's/[0-z]/00/' test.txt			---	replacing all numbers and alphbits  with 00
675 | 
676 | 
677 | 
678 | 
679 | 
680 | __Using Delimiters:__
681 | 
682 | 
683 | 
684 | 	We can use anything as delimiter in SED
685 | 		Eg: sed 's/A/a/g' file.txt 			---	Here the / is the delimiter
686 | 		Eg: sed 's_A_a_g' file.txt 		---	Here the _ is the delimiter
687 | 		Eg: sed 's:A:a:g' file.txt 			---	Here the / is the delimiter
688 | 	All of them will perfrom the same function.
689 | 
690 | 
691 | __Using Proper Delimiters:__
692 | 
693 | 
694 | 
695 | 	Using proper delimiter will always keep you away from the mess.
696 | 	
697 | 		Eg: sed 's/\/etc\/passwd\//000/' file.txt			---	Replacing /etc/passwd/ with 000  [ Full of mess]
698 | 		Eg: sed 's_/etc/passwd_000_' file.txt 			---	Replacing /etc/passwd/ with 000  [ Less Mess ] 
699 | 
700 | 
701 | 
702 | 
703 | 
704 | 
705 | 
706 | 
707 | 
708 | 
709 | 
710 | 
711 | 
712 | 
713 | 
714 | __Using Not ^__
715 | 
716 | 	sed 's/[^0-9]/*/' file.txt			---	Replace Everything which is not a number with *
717 | 	sed 's/[^0-z ]/*/g' file.txt			---	Replace Everything which is not a [0-z] means 
718 | 								Alphanumric Which means all special chars
719 | 
720 | 
721 | 
722 | 
723 | 


--------------------------------------------------------------------------------
/nmap.md:
--------------------------------------------------------------------------------
  1 | # Nmap scanning
  2 | 
  3 | ## Basics Concepts
  4 | 
  5 | 
  6 | __MAC__
  7 | 
  8 | - 48 bits
  9 | - 6 bytes long
 10 | - Hex representation
 11 | 
 12 | DE:AD:BE:EF:CA:FE
 13 | 
 14 | - First 6 is OUI (Org unique identifier)
 15 | - Last 6 is extension indentifier
 16 | 
 17 | __IPV4__
 18 | 
 19 | - 32 bit address
 20 | - 4 octets
 21 | - Can be represented as Decimal 3232323232
 22 | - Can be represented as HEX C0A8010
 23 | - 2^32 Addressse possible (4.3 billion)
 24 | 
 25 | __Fregmentation__
 26 | 
 27 | Some network has MTU (maximum transmission unit) which is the maximu packet size that can be send over netowrk so sometime
 28 | packets need to be broke down in smaller units called the process of fragmentation.
 29 | 
 30 | 
 31 | __Classful Netoworks__
 32 | 
 33 | The Huge 1.4 billion ip addresses are converted in small classes 
 34 | 
 35 | | Class  | Range  | Leading Bits  |
 36 | |---|---|---|
 37 | | A  | 1.6 million  | 0  |
 38 | | B  |  65535 | 10  |
 39 | | C  |  256 |  110 |
 40 | | D  | Undefined  |  1110 |
 41 | | E  | Undefined  | 1111  |
 42 | 
 43 | 
 44 | 
 45 | __ARP:__
 46 | 
 47 | - Adress Resolution protocol 
 48 | - Used to find the Layer 2 Mac addresses for Layer 3 Ip addresses
 49 | 
 50 | __ICMP:__
 51 | 
 52 | - Internet control message Protocol
 53 | - Use to help other protocols
 54 | - Used for troubleshooting and error reporting
 55 | - Uses Types and codes instead of ports
 56 | 
 57 | 
 58 | __PING:__
 59 | __TCP:__
 60 | __PORTS:__
 61 | __Traceroute:__
 62 | 
 63 | 
 64 | 
 65 | 
 66 | 
 67 | __Connect Scan__ (-sT)
 68 | 
 69 | Open port:
 70 | 
 71 | - A --> Syn --> B
 72 | - A <-- Syn Ack <-- B
 73 | - A --> ACK --> B
 74 | - A --> RST/ACK --> B (To Reset/Close the connection)
 75 | 
 76 | Close Port:
 77 | 
 78 | - A --> Syn --> B
 79 | - A <-- RST/Ack <-- B
 80 | 
 81 | 
 82 | __Syn Scan__ (-sS)
 83 | 
 84 | Open port:
 85 | 
 86 | - A --> Syn --> B
 87 | - A <-- SYN/ACK <-- B
 88 | - A --> RST --> B (To Reset/Close the connection)
 89 | 
 90 | 
 91 | Close Port:
 92 | 
 93 | - A --> Syn --> B
 94 | - A <-- RST/Ack <-- B
 95 | 
 96 | ### Port Status
 97 | 
 98 | |Status | Meaning |
 99 | |---|---|
100 | |Closed | ICMP Port Unrecheable error |
101 | |Filtered | ICMP Port Unrecheable error |
102 | |Open/Filtered | No response |
103 | |Open | Any Response |
104 | 
105 | 
106 | ## Scanning
107 | 
108 | __Simple scan__
109 | 
110 | ```console
111 | root@root:~# nmap localhost
112 | 
113 | ```
114 | 
115 | __Simple TCP scan__ (Explicit 3 way handshake scan)
116 | 
117 | ```console
118 | root@root:~# nmap -sT localhost
119 | 
120 | ```
121 | 
122 | 
123 | 
124 | __Simple UDP Scan__
125 | 
126 | ```console
127 | root@root:~# nmap -sU localhost
128 | 
129 | ```
130 | 
131 | 
132 | 
133 | __Nmap OS scan__
134 | ```console
135 | root@root:~# nmap -p80 -O localhost
136 | 
137 | ```
138 | 
139 | 
140 | 
141 | __Nmap Service Detection__
142 | ```console
143 | root@root:~# nmap -sV -p80 localhost
144 | 
145 | ```
146 | 
147 | 
148 | 
149 | __Dont ping just Scan__
150 | ```console
151 | 
152 | root@root:~# nmap -PN -p80 localhost
153 | 
154 | ```
155 | 
156 | 
157 | 
158 | __Nmap Aggressive Scan__
159 | ```console
160 | root@root:~# nmap -A localhost
161 | 
162 | 
163 | ```
164 | 
165 | 
166 | __Nmap ACK Scan__
167 | ```console
168 | root@root:~# nmap -sA localhost
169 | 
170 | ```
171 | 
172 | 
173 | 
174 | __Nmap FIN Scan__ (Use fin Packets)
175 | ```console
176 | root@root:~# nmap -sF localhost
177 | 
178 | ```
179 | __Nmap ACK Scan__
180 | ```console
181 | root@root:~# nmap -sA localhost
182 | 
183 | ```
184 | __Nmap Xmas Scan__
185 | ```console
186 | root@root:~# nmap -sX localhost
187 | 
188 | ```
189 | 
190 | __Nmap Fast Mode__ (Top 100 Ports)
191 | ```console
192 | root@root:~# nmap -F localhost
193 | 
194 | ```
195 | 
196 | ### Different Ping Scans
197 | 
198 | __No port scanning__ (to check if the host is up)
199 | 
200 | ```console
201 | root@root:~# nmap 127.0.0.1-5 -sn 
202 | ```
203 | __ARP ping scan__
204 | ```console
205 | nmap -PR 127.0.0.1
206 | ```
207 | 
208 | 
209 | __No ping Scan__
210 | ```console
211 | nmap -Pn 127.0.0.1
212 | ```
213 | __ICMP ping Scan__
214 | ```console
215 | nmap -PI 127.0.0.1
216 | ```
217 | __ICMP Echo ping Scan__
218 | ```console
219 | nmap -PE 127.0.0.1
220 | ```
221 | 
222 | __No Timestamp Scan__
223 | ```console
224 | nmap -PP 127.0.0.1
225 | ```
226 | __SYN ping Scan__ (Much like SYN scan but with ACK)
227 | ```console
228 | nmap -PP 127.0.0.1
229 | ```
230 | 
231 | __UDP ping Scan__
232 | ```console
233 | nmap -PU 127.0.0.1
234 | ```
235 | 
236 | __TCP ping Scan__
237 | ```console
238 | nmap -P 127.0.0.1
239 | 
240 | 
241 | ```
242 | 
243 | 
244 | 
245 | __Nmap Protocol Scan__
246 | ```console
247 | nmap -sO 127.0.0.1
248 | ```
249 | 
250 | 
251 | __Nmap DNS lookup Scan__
252 | ```console
253 | nmap -sL 127.0.0.1
254 | ```
255 | 
256 | __Nmap Never DNS lookup Scan__
257 | ```console
258 | nmap -n 127.0.0.1
259 | ```
260 | 
261 | 
262 | __Nmap Traceroute Scan__
263 | ```console
264 | nmap --traceroute google.com
265 | ```
266 | 
267 | 
268 | 
269 | ### Wildcards
270 | 
271 | The targets can be specified in 3 different ways
272 | 
273 | - Wildcards -- 192.168.43.*
274 | - Range     -- 192.168.0-255.0-255
275 | - CIDR      -- 192.168.0.0/16
276 | 
277 | ### Options:
278 | 
279 | ```console
280 | nmap 192.168.43.*
281 | ```
282 | ```console
283 | nmap 192.168.43.0-255
284 | ```
285 | ```console
286 | nmap 192.168.43.0/10
287 | ```
288 | 
289 | 
290 | 
291 | ### Other Options:
292 | 
293 | __Nmap debug mode__
294 | ```console
295 | nmap -p80 localhost -d
296 | ```
297 | 
298 | __Nmap More debug mode__
299 | ```console
300 | nmap -p80 localhost -ddd
301 | ```
302 | 
303 | __Randomize Hosts while scanning__
304 | ```console
305 | root@root:~# nmap 192.168.43.200-239 --randomize_hosts -f
306 | ```
307 | 
308 | __Specify Network Interface__
309 | ```console
310 | root@root:~# nmap 192.168.43.200-239 --randomize_hosts -f
311 | ```
312 | 
313 | 
314 | __Nmap Use packets fragmentation__
315 | ```console
316 | root@root:~# nmap 192.168.43.239 -f
317 | ```
318 | 
319 | 
320 | __Nmap Verbose__
321 | ```console
322 | root@root:~# nmap 192.168.43.239 -v
323 | ```
324 | 
325 | __Nmap Very Verbose__
326 | ```console
327 | root@root:~# nmap 192.168.43.239 -vv
328 | ```
329 | 
330 | __Nmap show Reason__
331 | ```console
332 | root@root:~# nmap 192.168.43.239 -p80,21 --open --reason
333 | ```
334 | 
335 | __To exclude the Host__
336 | ```console
337 | nmap 127.0.0.1-255 --exclude 127.0.0.1
338 | ```
339 | __Input list__
340 | ```console
341 | nmap 127.0.0.1-255 -iL hosts.txt
342 | ```
343 | 
344 | __Exclude the range of ip addresses__
345 | ```console
346 | nmap 127.0.0.1-255 --excludefile hosts.list
347 | ```
348 | 
349 | 
350 | ## Script Engine
351 | 
352 | __Simple Script scan__
353 | 
354 | ```console
355 | nmap 192.168.43.* --script script-name
356 | ```
357 | 
358 | 
359 | 
360 | __Default Script scan__
361 | 
362 | ```console
363 | nmap 192.168.43.* -sC script-name
364 | ```
365 | 
366 | 
367 | __Catogary Script scan__
368 | 
369 | ```console
370 | nmap 192.168.43.* --script safe|intrusive|malware|version|discovery|vuln|auth|default
371 | ```
372 | 
373 | 
374 | 
375 | ## Ports
376 | 
377 | __Top 1000 Ports__
378 | 
379 | ```console
380 | nmap 192.168.43.*
381 | ```
382 | 
383 | 
384 | __All ports__
385 | ```console
386 | nmap -p- localhost
387 | ```
388 | 
389 | __Port range__
390 | ```console
391 | nmap -p 0-65535 localhost
392 | ```
393 | 
394 | 
395 | __All from 1-3__
396 | ```console
397 | nmap 192.168.43.* -p1-3
398 | 
399 | 
400 | __All from 1-3__
401 | ```console
402 | nmap 192.168.43.* -p-3
403 | ```
404 | 
405 | 
406 | 
407 | __All from 1 to all__
408 | ```console
409 | nmap 192.168.43.* -p1-
410 | ```
411 | 
412 | __Specific Ports__
413 | 
414 | ```console
415 | nmap 192.168.43.1/24 -p 80
416 | ```
417 | 
418 | 
419 | __Top Ports__
420 | 
421 | ```console
422 | nmap 192.168.43.1/24 --top-ports 500 80
423 | ```
424 | 
425 | 
426 | 
427 | __TCP and UDP Ports__
428 | 
429 | ```console
430 | nmap 192.168.43.1/24 -p T:80,U:53
431 | ```
432 | 
433 | 
434 | __Show only open ports__
435 | 
436 | ```console
437 | root@root:~# nmap 192.168.43.239 -p- --open
438 | 
439 | ```
440 | 
441 | 
442 | __Mixed Style__
443 | 
444 | ```console
445 | root@root:~# nmap 192.168.43.239 -p80,21-25,8080-8090 --open
446 | 
447 | ```
448 | 
449 | 
450 | ## Logging
451 | 
452 | __Show All packets Send and Receaved__
453 | ```console
454 | nmap localhost --packet-trace
455 | ```
456 | 
457 | 
458 | 
459 | __Nmap Simple Human Normal Output__
460 | 
461 | ```console
462 | root@root:~# nmap 192.168.43.239 -p- -oN output.file
463 | 
464 | ```
465 | 
466 | 
467 | __Nmap Simple XML Redeable Output__
468 | 
469 | ```console
470 | root@root:~# nmap 192.168.43.239 -p- -oX output.file
471 | ```
472 | 
473 | 
474 | __Nmap Simple Grepabel Output__
475 | 
476 | ```console
477 | root@root:~# nmap 192.168.43.239 -p- -oG output.file
478 | 
479 | ```
480 | 
481 | 
482 | __Nmap Simple All Output__
483 | 
484 | ```console
485 | root@root:~# nmap 192.168.43.239 -p- -oA output.file
486 | 
487 | ```
488 | 
489 | 
490 | ## Os and Version detectio
491 | _Nmap OS detection needs atleast one Open port and One closed Port on the machine.
492 | 
493 | __default os scan__
494 | ```console
495 | nmap -O 192.168.43.239
496 | ```
497 | 
498 | 
499 | 
500 | __Nmap Service Detection__
501 | ```console
502 | root@root:~# nmap -sV -p80 localhost
503 | 
504 | ```
505 | 
506 | 
507 | __Limit Os scan__(Dont waste too much time if you are not able to detect OS)
508 | ```console
509 | nmap -O --osscan-limit 192.168.43.239
510 | ```
511 | 
512 | 
513 | __Aggresive Os scan__(Spend too much time if you are not able to detect OS)
514 | ```console
515 | nmap -O --osscan-guess 192.168.43.239
516 | ```
517 | 
518 | __Version Intensity__ (level=1,2,3,4,5,7,8,9)
519 | ```console
520 | nmap 192.168.43.239 --version-intensity <level> 
521 | ```
522 | 
523 | 
524 | 
525 | __High Version Intensity__ (level=9)
526 | ```console
527 | nmap 192.168.43.239 --version-all 
528 | ```
529 | 
530 | 
531 | 
532 | ## Performance
533 | 
534 | __Min Parallelism__(minimum hosts to be scanned parallely)
535 | ```console
536 | nmap 192.168.43.0-255 --min-parallelism 10
537 | 
538 | ```
539 | 
540 | __Max Parallelism__(Maximum hosts to be scanned parallely)
541 | ```console
542 | nmap 192.168.43.0-255 --max-parallelism 10
543 | 
544 | ```
545 | 
546 | 
547 | __Host Timeout__(give up on this target after this time default:30min)
548 | ```console
549 | nmap 192.168.43.0-255 --host-time <time>
550 | ```
551 | 
552 | __Min Packet Rate__(rate can be 1-100000000000)
553 | ```console
554 | nmap 192.168.43.0-255 --min-rate <Number>
555 | ```
556 | 
557 | 
558 | __Max Packet Rate__(rate can be 1-100000000000)
559 | ```console
560 | nmap 192.168.43.0-255 --max-rate <Number>
561 | ```
562 | 
563 | __Scan delay__(Adjust delay between probes)
564 | ```console
565 | nmap 192.168.43.0-255 --scan-delay <time>
566 | ```
567 | __Performance template__(-T(1|2|3|4|5)
568 | ```console
569 | nmap 192.168.43.0-255 -T1
570 | ```
571 | 
572 | __T1__
573 | ```console
574 |   hostgroups: min 1, max 100000
575 |   rtt-timeouts: init 15000, min 100, max 15000
576 |   max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
577 |   parallelism: min 0, max 1
578 |   max-retries: 10, host-timeout: 0
579 |   min-rate: 0, max-rate: 0
580 | 
581 | ```
582 | 
583 | __T2__
584 | ```console
585 |   hostgroups: min 1, max 100000
586 |   rtt-timeouts: init 1000, min 100, max 10000
587 |   max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
588 |   parallelism: min 0, max 1
589 |   max-retries: 10, host-timeout: 0
590 |   min-rate: 0, max-rate: 0
591 | 
592 | ```
593 | 
594 | __T3__
595 | ```console
596 |   hostgroups: min 1, max 100000
597 |   rtt-timeouts: init 1000, min 100, max 10000
598 |   max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
599 |   parallelism: min 0, max 0
600 |   max-retries: 10, host-timeout: 0
601 |   min-rate: 0, max-rate: 0
602 | 
603 | ```
604 | 
605 | __T4__
606 | ```console
607 |   hostgroups: min 1, max 100000
608 |   rtt-timeouts: init 500, min 100, max 1250
609 |   max-scan-delay: TCP 10, UDP 1000, SCTP 10
610 |   parallelism: min 0, max 0
611 |   max-retries: 6, host-timeout: 0
612 |   min-rate: 0, max-rate: 0
613 | 
614 | ```
615 | 
616 | __T5__
617 | ```console
618 |   hostgroups: min 1, max 100000
619 |   rtt-timeouts: init 250, min 50, max 300
620 |   max-scan-delay: TCP 5, UDP 1000, SCTP 5
621 |   parallelism: min 0, max 0
622 |   max-retries: 2, host-timeout: 900000
623 |   min-rate: 0, max-rate: 0
624 | ```
625 | 
626 | 
627 | ### How it works
628 | 
629 | #### How OS detection Works
630 | > There is an file `/usr/share/nmap/nmap-os-db` which contain the patterns like this
631 | 
632 | ```
633 | CPE cpe:/h:2wire:1701hg
634 | SEQ(SP=7E-9A%GCD=1-6%ISR=9E-A8%TI=I%TS=A)
635 | OPS(O1=M5ACNNSW0NNNT11%O2=M578NNSW0NNNT11%O3=M280W0NNNT11%O4=M218NNSW0NNNT11%O5=M218NNSW0NNNT11%O6=M109NNSNNT11)
636 | WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
637 | ECN(R=Y%DF=Y%T=FA-104%TG=FF%W=8000%O=M5ACNNSW0N%CC=N%Q=)
638 | T1(R=Y%DF=Y%T=FA-104%TG=FF%S=O%A=O|S+%F=AS%RD=0%Q=)
639 | T2(R=N)
640 | T3(R=N)
641 | T4(R=Y%DF=Y%T=FA-104%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=E44A4E43%Q=)
642 | T5(R=Y%DF=Y%T=FA-104%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=BD1AB510%Q=)
643 | T6(R=Y%DF=Y%T=FA-104%TG=FF%W=0%S=A%A=Z%F=R%O=%RD=EA6C967D%Q=)
644 | T7(R=N)
645 | U1(DF=Y%T=FA-104%TG=FF%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
646 | ```
647 | 
648 | 
649 | 
650 | 
651 | 
652 | 
653 | #### How nmap Detect Services
654 | 
655 | > There is an file `/usr/share/nmap/nmap-services` which contain the list of port number and an expected services on those port
656 | ```
657 | vettcp	78/tcp	0.000000
658 | vettcp	78/udp	0.000626
659 | finger	79/tcp	0.006022
660 | finger	79/udp	0.000956
661 | http	80/sctp	0.000000	# www-http | www | World Wide Web HTTP
662 | http	80/tcp	0.484143	# World Wide Web HTTP
663 | http	80/udp	0.035767	# World Wide Web HTTP
664 | hosts2-ns	81/tcp	0.012056	# HOSTS2 Name Server
665 | hosts2-ns	81/udp	0.001005	# HOSTS2 Name Server
666 | xfer	82/tcp	0.002923	# XFER Utility
667 | xfer	82/udp	0.000659	# XFER Utility
668 | mit-ml-dev	83/tcp	0.000539	# MIT ML Device
669 | mit-ml-dev	83/udp	0.001203	# MIT ML Device
670 | ctf	84/tcp	0.000276	# Common Trace Facility
671 | ctf	84/udp	0.000610	# Common Trace Facility
672 | mit-ml-dev	85/tcp	0.000690	# MIT ML Device
673 | mit-ml-dev	85/udp	0.000610	# MIT ML Device
674 | mfcobol	86/tcp	0.000138	# Micro Focus Cobol
675 | 
676 | ```
677 | 
678 | So even starting an `HTTP server` on port `3306` will result showing up `Mysql` detected by `Nmap`.
679 | 
680 | ```console
681 | root@root:~# python -m SimpleHTTPServer 3306
682 | Serving HTTP on 0.0.0.0 port 3306 ...
683 | 
684 | ```
685 | 
686 | ```console
687 | root@root:~# nmap localhost
688 | Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-24 19:22 HDT
689 | Nmap scan report for localhost (127.0.0.1)
690 | Host is up (0.0000060s latency).
691 | Other addresses for localhost (not scanned): ::1
692 | Not shown: 998 closed ports
693 | PORT     STATE SERVICE
694 | 80/tcp   open  http
695 | 3306/tcp open  mysql
696 | 
697 | ```
698 | 
699 | But using `-sV` scan flag will actually force nmap to communicate to the server and detect the service 
700 | 
701 | > There is an aother file called `/usr/share/nmap/nmap-service-probes` which containes the regular expression to detect services based on the response 
702 | 
703 | Let search `SimpleHTTPServer` in the file
704 | 
705 | ```console
706 | root@root:/usr/share/nmap# cat nmap-service-probes  | grep SimpleHTTPServer
707 | match http m|^HTTP/1\.0 501 Not Implemented\r\nServer: SimpleHTTP/([\w._-]+) Python/([\w._-]+)\r\n.*Content-Type: text/html\r\nConnection: close\r\n\r\n<head>\n<title>Error response</title>\n</head>\n<body>\n<h1>Error response</h1>\n<p>Error code 501\.\n<p>Message: Not Implemented\.\n<p>Error code explanation: 501 = Server does not support this operation\.\n</body>\n$|s p/SimpleHTTPServer/ v/$1/ i/rPath Appliance Platform Agent; Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
708 | match http m|^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+) Python/([\d.]+)\r\n| p/SimpleHTTPServer/ v/$1/ i/Python $2/ cpe:/a:python:python:$2/ cpe:/a:python:simplehttpserver:$1/
709 | 
710 | ```
711 | 
712 | You can see that if `^HTTP/1\.0 200 OK\r\nServer: SimpleHTTP/([\d.]+)` is matched with any of the response it will be marked as http. 
713 | 
714 | So i tried to communicate with the SimpleHTTPServer with Curl to see the response Here is what i saw
715 | 
716 | ```http
717 | root@root:/usr/share/nmap# curl -I localhost:3306
718 | HTTP/1.0 200 OK
719 | Server: SimpleHTTP/0.6 Python/2.7.15+
720 | Date: Wed, 25 Mar 2020 04:42:01 GMT
721 | Content-type: text/html; charset=UTF-8
722 | Content-Length: 3614
723 | 
724 | 
725 | ```
726 | You can see the ` SimpleHTTP/0.6` matching `SimpleHTTP/([\d.]+)` Regex which confimed nmap that its an http service.
727 | 
728 | 
729 | ```console
730 | root@root:~# nmap -sV localhost
731 | Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-24 19:27 HDT
732 | Nmap scan report for localhost (127.0.0.1)
733 | Host is up (0.0000030s latency).
734 | Other addresses for localhost (not scanned): ::1
735 | Not shown: 998 closed ports
736 | PORT     STATE SERVICE VERSION
737 | 80/tcp   open  http    Apache httpd 2.4.34
738 | 3306/tcp open  caldav  Radicale calendar and contacts server (Python BaseHTTPServer)
739 | Service Info: Host: 127.0.0.1
740 | ```
741 | 
742 | You can have a look at on the server that direct connection was made by nmap for detecting services
743 | ```console
744 | 127.0.0.1 - - [24/Mar/2020 19:27:57] code 400, message Bad request syntax ('\x00\x1e\x00\x06\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07version\x04bind\x00\x00\x10\x00\x03')
745 | 127.0.0.1 - - [24/Mar/2020 19:27:57] "

versionbind" 400 -
746 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 400, message Bad HTTP/0.9 request type ('\x00')
747 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "
748 |                                       " 400 -
749 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 400, message Bad request syntax ('HELP')
750 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "HELP" 400 -
751 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "GET / HTTP/1.0" 200 -
752 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 404, message File not found
753 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "GET /nmaplowercheck1585110482 HTTP/1.1" 404 -
754 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 501, message Unsupported method ('POST')
755 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "POST /sdk HTTP/1.1" 501 -
756 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "GET / HTTP/1.1" 200 -
757 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 404, message File not found
758 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "GET /HNAP1 HTTP/1.1" 404 -
759 | 127.0.0.1 - - [24/Mar/2020 19:28:02] code 404, message File not found
760 | 127.0.0.1 - - [24/Mar/2020 19:28:02] "GET /evox/about HTTP/1.1" 404 -
761 | 
762 | ```
763 | 
764 | ## Tip
765 | > Use `diff` Linux command to see if there is any new service or host detected in the network
766 | 
767 | > Pending
768 | <http://www.irongeek.com/i.php?page=videos/nmap-class-hfc-louisville-issa&mode=print>
769 | 


--------------------------------------------------------------------------------
/sed.md:
--------------------------------------------------------------------------------
  1 | SED
  2 | ===
  3 | 
  4 | Learn ed in Linux to get started in sed. Understanding how ed works will improve your understanding about sed.
  5 | 
  6 | 
  7 | Cheat Sheet
  8 | ===========
  9 | 
 10 | ```
 11 | :  # label
 12 | =  # line_number
 13 | a  # append_text_to_stdout_after_flush
 14 | b  # branch_unconditional             
 15 | c  # range_change                     
 16 | d  # pattern_delete_top/cycle          
 17 | D  # pattern_ltrunc(line+nl)_top/cycle 
 18 | g  # pattern=hold                      
 19 | G  # pattern+=nl+hold                  
 20 | h  # hold=pattern                      
 21 | H  # hold+=nl+pattern                  
 22 | i  # insert_text_to_stdout_now         
 23 | l  # pattern_list                       
 24 | n  # pattern_flush=nextline_continue   
 25 | N  # pattern+=nl+nextline              
 26 | p  # pattern_print                     
 27 | P  # pattern_first_line_print          
 28 | q  # flush_quit                        
 29 | r  # append_file_to_stdout_after_flush 
 30 | s  # substitute                                          
 31 | t  # branch_on_substitute              
 32 | w  # append_pattern_to_file_now         
 33 | x  # swap_pattern_and_hold             
 34 | y  # transform_chars    
 35 | ```
 36 | 
 37 | 
 38 | 
 39 | 
 40 | Symbols:
 41 | ======
 42 | 	^	---		Beginning of The Line
 43 | 	$	---		Termination of the line
 44 | 	[ ]	---		Range
 45 | 	&	---		Matched String
 46 | 	\*      ---		OR Eg: th = t or th
 47 | 	\	---		Escape Character
 48 | 
 49 | 
 50 | Options:
 51 | ======
 52 | 	p	---	print
 53 | 	d	---	delete
 54 | 	q	---	Quit
 55 | 	g	---	globally
 56 | 	I 	---	ignore case sensivity
 57 | 	-n 	---	silent mode
 58 | 	-i 	---	Make changes in file
 59 | 
 60 | Substituing the text
 61 | =============
 62 | 
 63 | 	sed 's/t/T/' file.txt			---	Substitute t with T in file.txt [ It only replaces the 1st t not all]
 64 | 	sed 's/t/T/g' file.txt			---	Substitute t with T in globally in file.txt
 65 | 	sed -i 's/t/T/g' file.txt		---	Modify the original file
 66 | 
 67 | 
 68 | 
 69 | 
 70 | Delete the text
 71 | =============
 72 | 	echo "
 73 | 	imran
 74 | 	nazir
 75 | 	parray" | sed '/imran/d'
 76 | 
 77 | 	nazir
 78 | 	parray
 79 | 
 80 | 
 81 | Insert | Append | Change
 82 | =================
 83 | 	root@root:~/Desktop# cat file
 84 | 	imran
 85 | 	nazir
 86 | 	parray
 87 | 
 88 | 
 89 | 	Inserts an text Before the matched line
 90 | 	root@root:~/Desktop# sed '/imran/i\pppp\ asdasd' file
 91 | 	pppp asdasd
 92 | 	imran
 93 | 	nazir
 94 | 	parray
 95 | 
 96 | 	Inserts an text after the matched line
 97 | 	root@root:~/Desktop# sed '/imran/a\pppp asdasd' file
 98 | 	imran
 99 | 	pppp asdasd
100 | 	nazir
101 | 	parray
102 | 
103 | 	Changes the text in the matched line
104 | 	root@root:~/Desktop# sed '/imran/c\pppp asdasd' file
105 | 	pppp asdasd
106 | 	nazir
107 | 	parray
108 | 
109 | 
110 | Transform text
111 | ==========
112 | 	replace 
113 | 	a->x
114 | 	b->y
115 | 	c->z
116 | 	
117 | 	root@root:~/Desktop# echo '
118 | 	abc
119 | 	bca ' | sed 'y/abc/xyz/'
120 | 
121 | 	xyz
122 | 	yzx 
123 | 
124 | 
125 | printing Line Number using = sign
126 | ======================
127 | 
128 | 	echo '
129 | 	a
130 | 	b
131 | 	c' | sed '/b/='
132 | 
133 | 	a
134 | 	3
135 | 	b
136 | 	c
137 | 
138 | 
139 | Printing Non Printable chars
140 | ==================
141 | 	-l Option prints the non printable character as two digit ascii
142 | 
143 | 	root@root:~/Desktop# cat /bin/ls | sed -n -e "l" | head
144 | 	\177ELF\002\001\001\000\000\000\000\000\000\000\000\000\003\000>\000\
145 | 	\001\000\000\000\320V\000\000\000\000\000\000@\000\000\000\000\000\
146 | 	\000\000H\a\002\000\000\000\000\000\000\000\000\000@\0008\000\t\000@\
147 | 	\000\035\000\034\000\006\000\000\000\005\000\000\000@\000\000\000\000\
148 | 	\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\
149 | 	\000\370\001\000\000\000\000\000\000\370\001\000\000\000\000\000\000\
150 | 	\b\000\000\000\000\000\000\000\003\000\000\000\004\000\000\0008\002\
151 | 	\000\000\000\000\000\0008\002\000\000\000\000\000\0008\002\000\000\
152 | 	\000\000\000\000\034\000\000\000\000\000\000\000\034\000\000\000\000\
153 | 	\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000\005\000\
154 | 
155 | 
156 | Grouping commands
157 | ===============
158 | 	root@root:~/Desktop# cat file 
159 | 	imran
160 | 	nazir
161 | 	parray
162 | 	
163 | 	if(x=1)
164 | 	{
165 | 	print(X is one)
166 | 	}
167 | 	
168 | 	if(x==2)
169 | 	{
170 | 	print(X is two)
171 | 	}
172 | 	
173 | 	root@root:~/Desktop# cat file  | sed '/if/{
174 | 	p
175 | 	=
176 | 	}'
177 | 	imran
178 | 	nazir
179 | 	parray
180 | 	
181 | 	if(x=1)
182 | 	5
183 | 	if(x=1)
184 | 	{
185 | 	print(X is one)
186 | 	}
187 | 	
188 | 	if(x==2)
189 | 	10
190 | 	if(x==2)
191 | 	{
192 | 	print(X is two)
193 | 	}
194 | 	
195 | 	root@root:~/Desktop# 
196 | 
197 | 
198 | 
199 | Next line
200 | =======
201 | 	You can select next line using n. This will search imran and then go to
202 | 	 next line and delete the whole line.
203 | 
204 | 
205 | 	root@root:~/Desktop# cat file  | sed '/imran/{
206 | 	n
207 | 	/^.*$/d}'
208 | 	
209 | 
210 | 	imran
211 | 	parray
212 | 
213 | 
214 | Quit Command
215 | ==========
216 | 	
217 | 	root@root:~/Desktop# cat file 
218 | 	imran
219 | 	nazir
220 | 	parray
221 | 
222 | 	root@root:~/Desktop# cat file | sed '2q'
223 | 	imran
224 | 	nazir3
225 | 
226 | 
227 | Execute multiple commands at once
228 | ==========================
229 |     sed ‘
230 |     s/three/3/
231 |     s/four/4/‘ file
232 | 
233 | 
234 | The script file
235 | ==========
236 |     $cat sedscr
237 |     s/ MA/, Massachusetts/ 
238 |     s/ PA/, Pennsylvania/ 
239 |     s/ CA/, California/
240 |     s/ VA/, Virginia/
241 |     s/ OK/, Oklahoma/
242 | 
243 |      sed -f sedsec filename
244 | 
245 | 
246 | 
247 | Replacing nth Occurance
248 | ================
249 | 	echo "imranimranimra" | sed 's/imran/nazir/2'
250 | 
251 | 	imrannazirimran
252 | 
253 | 
254 | 
255 | Using Regular Expressions
256 | =================
257 | 	echo "
258 | 	imran123
259 | 	nazir123imran" | sed 's/[0-9]/(&)/g'
260 | 
261 | 	imran(1)(2)(3)
262 | 	nazir(1)(2)(3)imran
263 | 
264 | 
265 | 
266 | 
267 | print only matched lines
268 | ==================
269 |     by default sed will print all the lines after performing the operation.
270 |     -n option can be used to print no lines
271 |     but p can be used to print the matched lines 
272 | 
273 |     sed -n ‘s/three/3/p’ file.txt
274 | 
275 |     which prints only matched lines 
276 | 
277 | 
278 | 
279 | 
280 | 
281 | Substituing at the beginning of the line:
282 | =========================
283 | 
284 | 	sed 's/^t/ooo/' test.txt		---	replacing  t if they are at the beginning of the line
285 | 	sed 's/d$/ooo/' test.txt		---	replacing  d if they are at the beginning of the line
286 | 
287 | 
288 | using Apersand and wildcards
289 | ===================
290 | 
291 | 	sed 's/[0-5]/1/' test.txt			---	replacing anything from 0-5 and replace it with 1
292 | 	sed 's/[A-Z]m/1/' test.txt			---	replacing anything starts A-Z fallowed by m [eg: Am Bm Cm ]
293 | 	sed 's/[0-9]/(&)/' test.txt			---	replacing all mached with string inside ( ) 
294 | 	sed 's/[0-9]/(&&)/' test.txt		---	replacing all mached with string+string  inside [10 to (101)]
295 | 	sed 's/[0-9][0-9]/(&)/' test.txt		---	repcing all two digit numbers 
296 | 
297 | 
298 | 
299 | 
300 | Using Astrick:
301 | =========
302 | 
303 | 
304 | 	sed 's/Th*/00/' test.txt			---	replacing all T and Th with 00
305 | 	sed 's/Thr*/00/' test.txt			---	replacing all Th and Thr with 00
306 | 	sed 's/There*/00/' test.txt		---	replacing all Ther and There with 00
307 | 	sed 's/[0-9][0-9]*/00/' test.txt	---	replacing all one digit and two digit numbers with 00
308 | 
309 | 	sed 's/[a-z]/00/' test.txt			---	replacing all small alphabits with 00
310 | 	sed 's/[a-z][A-Z]/00/' test.txt		---	replacing all small alphabits with 00 [Eg: t -> 00 and tH->00 ]
311 | 	sed 's/[A-Z]/00/' test.txt			---	replacing all A-Z  with 00
312 | 	sed 's/[a-zA-Z]/00/' test.txt		---	replacing all a-zA-Z  with 00
313 | 	OR
314 | 	sed 's/[A-z]/00/' test.txt			---	replacing all a-z A-Z  with 00
315 | 	sed 's/[0-z]/00/' test.txt			---	replacing all numbers and alphbits  with 00
316 | 
317 | 
318 | 
319 | 
320 | 
321 | Using Delimiters:
322 | ===========
323 | 
324 | 
325 | 	We can use anything as delimiter in SED
326 | 		Eg: sed 's/A/a/g' file.txt 			---	Here the / is the delimiter
327 | 		Eg: sed 's_A_a_g' file.txt 		---	Here the _ is the delimiter
328 | 		Eg: sed 's:A:a:g' file.txt 			---	Here the / is the delimiter
329 | 	All of them will perfrom the same function.
330 | 
331 | 
332 | Using Proper Delimiters:
333 | ===============
334 | 
335 | 
336 | 	Using proper delimiter will always keep you away from the mess.
337 | 	
338 | 		Eg: sed 's/\/etc\/passwd\//000/' file.txt			---	Replacing /etc/passwd/ with 000  [ Full of mess]
339 | 		Eg: sed 's_/etc/passwd_000_' file.txt 			---	Replacing /etc/passwd/ with 000  [ Less Mess ] 
340 | 
341 | 
342 | 
343 | 
344 | Using Multi Expression:
345 | ===============
346 | 
347 | 		sed 's/A/a/g' file.txt 	| sed 's/Z/z/g' file.txt		---	Replacing A with a and Z with z [ Full of mess]
348 | 		sed 's/A/a/;s/Z/z/' file.txt						---	Replacing A with a and Z  with z [ Less Mess ]
349 | 
350 | 
351 | 
352 | 
353 | 
354 | 
355 | 
356 | Last and first Word of line
357 | =================
358 | 
359 | 
360 | 	\w* 			---	First Word
361 | 	\w*$		---	Last word
362 | 	\w*.			---	First Word with space
363 | 	\w*.			---	First Word with space
364 | 
365 | 	sed 's/\w*./000/' file.txt			---	Removing First word of the line with 000
366 | 	sed 's/\w*$./000/' file.txt		---	Removing last word of the line with 000
367 | 
368 | 
369 | 
370 | 
371 | 
372 | 
373 | 
374 | Using Not ^
375 | =======
376 | 	sed 's/[^0-9]/*/' file.txt			---	Replace Everything which is not a number with *
377 | 	sed 's/[^0-z ]/*/g' file.txt			---	Replace Everything which is not a [0-z] means 
378 | 								Alphanumric Which means all special chars
379 | 
380 | 
381 | Printing Matched Lines Only
382 | ===================
383 | 	-n	--- 	Silent Mode
384 |  	p	---	print matched strings
385 | 
386 | 	sed -n 's/imran/Nazir/gp' file.txt	---	Replace imran and Nazir and dont print Anything 
387 | 								execpt Mached lines
388 | 	sed -n 's/imran/imran/gp' file.txt	---	Seach imran and print the matched line
389 | 	sed -n 's/imran/&/gp' file.txt		---	Seach imran and print the matched line
390 | 
391 | 
392 | 
393 | 
394 | Using Filters in File
395 | ============
396 | 	cat filters.txt
397 | 		s/[a-z]/aaa/
398 | 		s/[A-Z]/AAA/
399 | 		s/[0-9]/0000/
400 | 
401 | 	sed -f filters.txt file.txt	---			Will apply all filters in the filters.tx on file.txt
402 | 
403 | 
404 | 
405 | Ignoring Case Sensitivity:
406 | ================
407 | 	sed 's/imRan/Nazir/'gI file.txt	---		Replace imran with Nazir without checking case-sensitivity
408 | 
409 | 
410 | 
411 | 
412 | 
413 | 
414 | Find Full Works at the last and the beginning
415 | ============================
416 | 	\bWORD\b				---	Find Whole match for WORD not a partial Match 
417 | 	sed 's/\bnew\b/old/' file.txt	---	Find new everywhere and replace it with old 
418 | 
419 | 
420 | 
421 | 
422 | 
423 | Displaying Number of line in Sed
424 | =====================
425 | 	head -n 5 file.txt	---		Displays 5 lines of file.txt
426 | 	sed '5 q' file.txt	---		Displays 5 lines of file.txt
427 | 						q -> Quit
428 | 
429 | 
430 | 
431 | 
432 | Deleting Lines with Matched Strings:
433 | =======================
434 | 
435 | 	sed '/new/d' file.txt	 	---				Remove Lines with new 
436 | 	sed '/new/Id' file.txt 	---				Remove Lines with new without checking case 
437 | 									senstitivitty
438 | 	sed '/\bnew\b/new/Id' file.txt		---		Remove Lines with full word new
439 | 	sed '/imran$/d' file.txt			---			Remove all the line which ends with the imran
440 | 	sed '/^imran/d' file.txt			---			Remove all the line which starts with the imran
441 | 
442 | 
443 | 
444 | 
445 | 
446 | Printing the number of lines File:
447 | =====================
448 | 
449 | 	sed '=' file.txt			---	print the line number before you print the line
450 | 	sed -n '=' test.txt 		---	print the line numbers without line
451 | 	sed -n '$=' test.txt 		---	print number of line in test.txt
452 | 		-n	 	dont print any line
453 | 		$= 	 	print last line numbers
454 | 		text.txt	in file test.txt
455 | 
456 | 
457 | 
458 | 
459 | 
460 | Excluding Lines in the Seacrch Proces
461 | ========================
462 | 	
463 | 	sed '1!{/imran/nazir;}' file.txt
464 | 	
465 | 	Explaination : Sed  replace  imran with nazir but dont search in line 1 
466 | 
467 | 
468 | 
469 | 
470 | Numbering Lines in Sed
471 | ===============
472 | 
473 | 	sed '=' file.txt			---			Print Lines numbers with lines
474 | 									Eg:
475 | 									1
476 | 									new is new
477 | 									2
478 | 									old is gold
479 | 									3
480 | 									newer is badder
481 | 									4
482 | 									older is golder
483 | 
484 | 
485 | 	sed -n '=' file.txt				---			Print Line numbers without printing the lines
486 | 
487 | 	sed -n '$=' file.txt				---			Print Last Line Number without printing the line
488 | 
489 | 	sed '=' file.txt  | sed 'N ; s/\n/-- /'	--- 		prints Line numbers witn Lines on same line.				
490 | 	Explanation:     Send Number each line in file.txt and for every line N
491 | 					replace \n [new-Line-Character] with -- .
492 | 
493 | 								1 new is new
494 | 								2 old is gold
495 | 								3 newer is badder
496 | 								4 older is golder
497 | 								5 news is bads
498 | 
499 | 
500 | Skipping Lines:
501 | ==========	
502 | 	
503 | 	sed 'n;d' file.txt			---		Dont print line after Line print like [1 3 5 7..]
504 | 	sed '!1n;d' file.txt		---		Dont print Line after line prin but ignore 1st one so it will print like [2 4 6 8 10...]
505 | 	
506 | 	We can do it in same way:
507 | 	sed 'p;n' file.txt			---		Print lines by line but skip one line after printing a line [1 3 5 7..]
508 | 	sed 'p;n;n' file.txt		---		Print line by line but skip two lines after printing one line [1 4 7 10 ... ]
509 | 
510 | 
511 | 
512 | 
513 | 
514 | 
515 | 
516 | 
517 | 


--------------------------------------------------------------------------------
/ssh.md:
--------------------------------------------------------------------------------
 1 | SSH
 2 | ====
 3 | 
 4 | 
 5 | 
 6 | 		apt-get install openssh-server			---	Server Side
 7 | 		apt-get install openssh-client				---	Cleint Side
 8 | 		service ssh start 						--	Server side
 9 | 
10 | 		ssh username@host.com				---	Cleint side		
11 | 		ssh username@127.0.0.1				---	Client side
12 | 
13 | 
14 | 
15 | 
16 | Disabling root login on ssh
17 | 
18 | 	$nano /etc/ssh/sshd_config
19 | 	>Search "PermitRootLogin yes"
20 | 	>Change "PermitRootLogin No"
21 | 	$service ssh restart
22 | 
23 | Note: So now if anyone want to login as root he has to login as user account first then use `su` command to login to user account if he is added to sudoers file
24 | 
25 | How to Connec to amazon intance via ssh
26 | ===========================
27 | 
28 | 	Download the key 
29 | 	chmod 400 key.pem
30 | 	ssh -i root@public-ip.com
31 | 
32 | 
33 | 
34 | Transfering files between systems
35 | ======================
36 | 	$sftp -i key.pem ubuntu@public-ip.com
37 | 	$ls 				--> list files on remote host
38 | 	$lls 				--> list files on local host
39 | 	$put local_file.txt	 --> Upload my local_file on remote server
40 | 	$get remote_file.txt	 --> Download remote_file.txt to local machine
41 | 


--------------------------------------------------------------------------------
/what are some good resources for XSS.md:
--------------------------------------------------------------------------------
 1 | ## Brutelogic Blog
 2 | https://brutelogic.com.br
 3 | 
 4 | ## Garage4hackers (They have alot of XSS videos on their channel)
 5 | <https://m.youtube.com/channel/UCDqagqREZlmJitWco-yPtvw>
 6 | 
 7 | ## Ashar Javid
 8 | Presentation: <https://m.youtube.com/watch?v=LLtOJNeMp7c>
 9 | twitter Profile: <https://twitter.com/soaj1664ashar>
10 | 


--------------------------------------------------------------------------------