Reconnaissance for Ethical Hackers full course in 4 hours | footprinting in ethical hacking

Hello everyone, welcome to a new course reconnaissance for ethical hackers. If you don't have any knowledge about reconnaissance, then this course is for you and you need to watch this whole training in 1. 5x or 1. 7x. Due to my slang, sometimes I might be slow, fast. So the good speed is to watch it in 1. 5x. Hope you guys enjoy this course. Thank you. Have a nice day. Hello guys.

Hope you're fine. In this class, we are learning about what is reconnaissance in ethical hacking. See reconnaissance often called recon is the first and most critical phase of an ethical hacking or penetration testing engagement. It involves collecting as much information as possible about a target system network or organization before attempting any attack. Purpose of reconnaissance. The goal is to understand the attack surface. Identify entry point. Discover technology in use. Map network infrastructure. Detect potential vulnerabilities early without proper reconnaissance later phase like exploitation become blind and ineffect inefficient. Now what is reconnaissance? Reconnaissance is nothing but gathering information about our target. See here it involves collecting as much information as possible about a target system. Right? So if you watch our ethical hacking courses there we use footprinting. See footprinting is also a reconnaissance. Okay, this is a same process. Footprinting also same process but the word is different here. In ethical hacking terms we use this process footprinting but in red teaming engagement we use this one as a reconnaissance. Remember this point but the steps are same. You don't need to worry about those things. Sorry guys. Footprinting reconnaissance is same right? Okay. Now see type of reconnaissance passive reconnaissance no direct interaction with the target example searching public data in Google or in social media right who is records DNS information public leaks and breach data now this all comes under passive reconnaissance because here you won't touch the target server you won't scan anything simple you gather information from internet that's it from public resources see tools The harvester multiggo is there, Google docs are there. Okay. By using this technique, we can able to perform the passive reconnaissance. Okay. Safe and stealthy because the target is not aware. As I told you here, we are not touching our target. Simple. We are gathering information from public resources like Google, from Facebook, from any social media platforms. Okay. Right. Now, see active reconnaissance is there. Direct interaction with the target system. Example, port scanning, service detection, banner grabbing, network probing. This all steps comes under what? Active reconnaissance. Now here whenever you do this process, the attacker, okay, sorry, the target may know that you are doing the steps there. You are performing the attacks, you are doing the scanning. Okay, here you are interacting with the target. Okay, remember this point in active recognizance, you are interacting with the target. You are doing scans, you are doing uh vulnerability scannings there, right? Okay. Now see tools here we use uh N mapap netcat nikto. If you want to learn about net nap we have a complete course about net nap. Okay. You can also watch it and also we covered about nikto as well. It's a very easy tool basically. Okay. In the last classes in our last courses we covered about this tool. Now we are not touching this one. We are going with shodda and sensors. We going to learn a lot of stuffs which is necessary in reconnaissance. Okay. like in web reconnaissance I'm talking about in web in pentesting this all ships we going to cover here see more information um made you but can be detected here from doing this process you guys can able to get a lot of information but can be detected this is a issue with this active reconnaissance now this is about reconnaissance in the next classes we're going to learn about showdown guys hope you are fine in this class we

are learning where showdown fits in recon. Now in this whole class in this whole section we are covering about shoddan. So once you learn this thing once you watch this whole class this section you can become a master in shoddan right. So see shdan plays a major role in passive reconnaissance at scale. Instead of scanning network yourself right shdan continuously scans the internet index exposed devices stores banners and metadata. Right? Basically instead of scanning yourself okay like you no need to scan showdown automatically do the steps here so focus on the second point uh first point here continuously scan the internet going to scan whole IP you can also see your own IP there in showdown website just uh copy your camera IP or something like that and paste it there you mostly you guys will see your IP in the showdown search engine right you can also see the boards there which are open in your camera. You can also u see your printer IP if you are using printer a smart printer okay which have the public IP simple just try to see that IP there just paste that your printer IP you guys will see the IP there right so basically what it does means it's continuously scans the internet it's don't know okay it's your printer it's your device or not okay simple it going to scan the whole internet that's And it stored the stores result in this website. Okay. In what we say in showan sodan is a basically complete search engine. Okay. If you paste the IP there you guys will get the results about the ports about the vulnerabilities all steps. We will see this one. Yeah. How we can able to do this all steps right? See here this allows attacker and pentest to find target instantly. Okay. Identify vulnerable services. Avoid noisy scanning. Instead of scanning yourself, what happening here? Shodan did this process and we are gathering information from Shod. Okay, simple. We're going to paste the IP then you guys will see the result. Once you get the results, you can able to use it. Okay. Right. Now see how Shod discovered devices. Now this is what I am saying CCTV printer this IoT based devices. Right? See first of all it scan IP ranges across the internet connects to open ports example AD 443 2122 554 okay and grab service banners from response data right and it store device type software version open ports location organization this all stuffs example a CCTV camera may expose and it have port 554 which is RTSP port right banner is hack vision camera what is a banner. Whenever in if you watch our last courses, end map course or pentesting course, whenever we perform the scanning by using end map, uh service version detection is there. In service version detection, we can able to see the keywords there. Okay, some kind of keywords which reveal that okay the service is using this version, FTP. So this is how we can able to identify it by using what banners. Okay, simple in every device there is a banner. Okay, by using that banner it going to detect the device such as hack vision camera is there. So it going to uh sorry guys going to detect like this a printer might expose. Okay the printer port is 9100 by default port see banner is HP jet direct then it going to detect it and it going to show the result. See showdown index this. So you can search like port 554 as screenshot true. What is uh we're going to learn about the screenshot as well. What is screenshot in showdown? So simple. We can also look like this. Okay, this is filters basically and product is you can also look for the product pack. Then you guys will see the IPs related to this one and you can able to see the ports as well. See simple this is just copy this and paste it on your showdown search engine. Okay. Then you guys will see the results different IPs. See here this is why showdown is powerful. It turns raw data exposure into searchable intelligence right now. Why showdown is critical in pentest? She saves time. No need to scan entire uh internet. Helps identify real world expo exposed systems. Finds misconfigured services. Enable target profiling. Useful for red team operations. Right. Hello guys, hope you're fine. So this is

official website of showdown. showdown. io. So here first of all you need to create account. After creating an account you need to activate it. After activating it you guys will see the dashboard here. Now you can able to access the showdown. This is a free plan. Basically if you want to purchase a plans here or the page here is a page of plans billing. See account. show. io/billing. From here you can able to say this all stuffs right now see here what is showdown just let's go with the official page here. So, Showdown is a search engine for internet connected devices. Web search engine such as Google and Bing are great for finding websites. But what if you are interested in measuring which countries are becoming more connected or if you want to know which version of Microsoft is the most popular or you want to find the control servers for Marvel. Maybe a new vulnerability came out and you want to see how many host it can affect. Traditional web search engine don't let you answer those questions, right? Showdan gather information about all devices directly connected to the internet. If a device is directly hooked up to the internet, then show queries it for v uh various publicly available information. The types of devices that are indexed can be uh can vary tremendously ranging from small desktop up to nuclear power plant and everything in between. Right? So what does shoddan index zed the bulk of the data is taken from banner. Now you know about banner right I told you in the last class. So you can able to read this all steps. This is very necessary for you. See there is a two uh interfaces of showdown. This is a UI interface. If you want to use showdown uh through graphical user interface then this is a easy way simple visit website create an account there and use the showdown from here or you can also use through CLA through your terminal Kali Linux terminal or Ubuntu terminal. So how to do that one I'm going to tell you see here and also showdown cheat sheet is there. So if you click on view uh all filters then you can able to see the filters there and there is also advances there. If you search the queries here then it will show you the results. Okay. And network is there. If you mention this all SHs then it will show you the results for you. Right? So there is a lot of SHs you need to explore here but it's not that much necessary. Now why we use SHA? This is one thing to find the devices simple words. Now see I want to look is there any FTP anonymous login is there or not. Now you know about FTP anonymous login right? So see there is a query is if I look if I type FTP here then what will happen it will show those all devices which have the FTP service in it service in it. How it's detecting it through banner. See in this banner there is a description basically here there if there is a FTP then it will show the result. Okay. So this is how it will work. See it's having the different IPs. If you see left side here you guys will see at China it's in peak. Okay. Like three 2511 258 devices out there in United States there are this many devices and Japan this many right so this is how we can able to figure out this kind of stuffs so total results in internet okay this many I can able to see but there is more remember this point because uh every day should scan on internet it's going to scan the entire internet and it will find the stuffs okay there are a lot of internal IPs are there which are not exposed. It only find the stuffs on public IPs. Okay. Is there a public is there is a public network? Then it going to scan for it and it will show the public results not private results. Okay. How they can able to associate simple thing right? So remember this point u about uh this top ports uh is there uh mostly they are using 21 port for this FTP. Okay. And the second top port is 2 2121. Yeah, mostly people configure using this port as well. And there are a lot of ports. Okay. And top organizations uh which are using and there is a top products which are using this FTP. Okay. Now I want to identify is there any uh IP which allows anonymous login. So how we can able to look for it? So simple just search for like this double quotes goods just use uh 230 if you watch our previous courses then you will get about this one okay basically it's also focus on banners successful once you connect with FTP then you guys will see this output there simple we are looking using that output so simple let me search for the port 21 hit enter So please login. Okay, I need to login just wait. Okay, here it is. First of all, you need to create account here. Click on hit enter now. Uh please login. What happening here? So now it's working. See there is a almost 35,000 results I got 35 321 mostly in United States I got the steps related to this one there are different states okay uh different countries but if I click on United States here now see the search parameter here it going to change see now it's taking us now it will only show the US-based results here that means on this IP address I can able to log login in FTP by using just anonymous credentials in a simple words simple thing right so I can't show you this thing right and here if you're uh like if you are looking for other stuffs such as uh outdated uh versions of FTP then you can also look for this right let me show you know about VS FTPD which we exploited in our last classes okay in lab so simple uh let Let me look for it. Now mostly people say that right uh why we focus on the outdated steps because outdated steps are being used on internet. Okay. So that's why it's necessary to cover those things. Okay. VSF TPD then 2. 3. 4. If I hit enter here now you guys can able to see there is a lot of companies which are using this version. VSFTPD is there. Okay. uh 2. 4. Okay. Basically, this is one of the most popular one. See what is the company here? Basically, it's a telecom company. Let me open this one. See, Korea Republic of there is a lot of things here which I can go for like I can't go right. Let me show you. See here the simple stuffs we got. We didn't get a lot of information. You can the basically pentester or any blackhead hacker what they do is they test for it mostly we are pentesters right so we need to test it but we don't have permission right this is also one thing now there is a China okay so basically how many results I got this is very necessary to know see 1400 results 1486 results we got here that means this many devices are vulnerable uh having the vulnerability of this one okay this is how you need to figure out now if you are looking for simple you can also mention the product as well is there any product such as uh let's go with the FTP only product and uh here let me add uh in double quotes I'm going to add the product name here pro ft PD is there then I'm going to add the version once I add the version here then what will happen it will look for that specific version right just add uh 1. 3. 5 is which is a vulnerable version the exploit has been released in 2015 you know that so here we got the results now see the version it's using 1. 3. 5 maybe it will vulnerable because it's using the vulnerable version here how many devices I got see the results here 10,000 plus results are there. Okay. So basically the things are very necessary to learn this everything even the outdated even the popular one every popular one is linked with outdated stuffs. Remember this point. Okay. So you need to learn each and everything. So here I want to look for a specific port. Okay. Now just assume that there is a one software is there. Mostly people are using that software and that software is running on the port 8000. Just think like this. Okay. Now I want to look for the specific port on specific country then how I can able to do it simple just type the port here then uh let me add the port 8,000 and country just mention the country here uh let me look for um something like US is there right which is okay let me search for it see how this many devices are there which having the port 80 if I open this result here you guys will see port 8,000 Right? So, and also it's vulnerable with this all vulnerabilities. But mostly see remember one thing this is a kind of hint for you. Okay. Mostly what they do mean they they add the honeypot in their network. What will happen once they add honeyot means it will show the fake vulnerabilities there. So attacker can able to waste his time by doing the steps. See how many vulnerabilities are there? It's a totally it's a honeypot. Okay. I 100% I'm 100 100% sure that it's using a honeybot right no server will be vulnerable with this many uh vulnerabilities. So remember this point here. Let's go back. And also if you're looking for a specific organization on specific organization such as there is a just type here or and let me search for uh Tesla is there. Hit enter now. Now there is no search results. Uh search results. Let me remove this country from here. Hit enter now. Maybe I can find okay nothing. So you can remove the port as well. Just change the port or something like that. Then can able to find the details. So this is how we can able to use this what uh this queries. Okay. And this all shows see there is a download explore is if you click on showdown uh there is also a report option is there. If I click on uh let me search for again FTP or something like that. Okay, let's search for this one only. Now see there is a view report is there. Once you click on view report you guys will see the report there. Right. So this are this is a report which you can able to see and if you click on more then you guys can able to see more uh informations and if you click on downloads you can uh create the download here and you can able to download this report as well and there is a monitor in monitor what will happen when you can able to uh monitor the IPS right and there is a images you know about images showdown images is there one of the most uh popular one right basically uh we need to become a number member here so let me try to access this we will see later this classes right so hope you guys get it how we can able to use shoddon it's very easy to use just need to understand the concept that's it hope you guys enjoy this classes thank you have a nice day so hello guys so in

this class we are learning about showdown API and CLI usage now first thing Why use showdown API? See the Showdown API allows automation integration into scripts, bulk data collection, posture recon uh workflows, useful for team automation, continuous monitoring, building custom tools. So this is why we use this API. See showdown API uh to set up the showdown API what we need to do is first of all we need to install uh we need to execute this command which is pip install showdown then simple we need to type showdown in it uh that means initiate and you need to mention your IP then what will happen is this store your API key locally so you can run commands without re-entering it. So let me show you how we can able to do it. Let me open my Kali machine. So simple. Just type here. Let me zoom it. Just type pip install showdown. Hit enter. Now it going to install showdown for you. Now you need to create uh this one. This Python environment. Just type here Python M. Just let me give the name env. Uh let's give something like uh VNV only. Okay, it going to create the environment with this name. Okay, now you need to activate. Just type here source and just type here uh bin. What is it? Python something activate. Sorry, sorry. Here uh I need to mention the name which you given V and bin and just mention activate here. activate right hit enter now see it successfully activated now you guys will see venv there let me clear it now this is a kind of headache process but still it will work okay the it won't break the system packages this is a secure way to deal with this kind of issues hit enter now no now it going to install showdown for you instead of adding the flag db break package page then instead of doing that one just go like this. Now what you need to do simple just use this initiate command to set up this API. Okay, just type here showdown. Uh if I type here showdown-h then you guys will see the help commands here. Just wait. See here there is a alert is there. Convert is there count is data domain host info in it. See initialize uh showdown command line then my IP is there. Print your external IP address. You can also just type showdown my IP. Then it going to mention the IP. See there is a scan. Scan an IP or net block using showdown search. You can also use a search here. So let's see. Let me clear it and let me type here show it. Initialize uh and mention your API here. First of all, login and click on account here. Once you click on account, see there is a APA. Click on show and copy this API and paste it here. Then hit enter. Now it going to successfully initialize it. Then what you need to do start the process. You successfully initiated the API here. Now you can able to use showdown in CLI. Now we need to check quiry credits here. So simple just do one thing just open it and search for showdown. Just type here showdown info. That's it. Now see you will get the results. Now quiry credits available zero. I don't have any queries here. Everything is zero. Scan credits available zero. Basically, we are using the free version, right? So, this is a result. But mostly, uh from here, you can also count the SHs. So, simple what you need to do is if you want to see how many results are there. So simple just type here show count and I'm looking for FTP right once I hit enter you guys can able to see this many results out there related to FTP and you can also see the host as well right if I type here show on host provide host any IP address there let me type here ping uh tesla. com izer right let me ping this one and here I got the IP address of Tesla and it's using Akamaite technologies so simple I'm just giving the results okay you can also look for the IP as well if you look like this then it's saying that as denied 403 forbidden right so it will show the results basically if you want to scan the IP simple you can also scan it just type here showdown on and scan and just mention here submit. Mention your IP address, your target IP. Now in our case, let me take one IP here. Just use ping or you can add your target any target IP such as let me go with Nokia. So here I got one IP. Let me use this one only. Okay. And then let me submit here. It going to scan for this one. Please upgrade your APA plan to perform on demand scan. So basically if you want to perform it uh the scan on this IP, it going to perform the scanning as well. Okay. U then you need to purchase a premium plan here. So on Black Fridays, okay, they uh they provide in a very cheap price about this plans. Okay. So you if you want to purchase shan then you need to purchase on black Friday you will get around in $5 or something like that instead of purchasing the uh it's enough okay the basic plan is enough you no need to go with a huge one right so simple uh this is the basic thing right you can also go with uh images showdown is here now if I type here images dot showdown. io. So this is a images page where you can able to look for the images. See you need to purchase for this one. Previously it's used to be free right now they added the payment as well. It's a onetime payment. Basically by using this images what will happen mean you guys can able to look through uh look from images. Okay. See here see there is a quirus credit credits out there in shoddan. You guys will see mostly we are right now we are also talking about the queries and credits here. Now what is the see query credits used when search showdown database apply filters right example show search Apache each query consume credits depending on filters and result size such scan credits. Okay used when sorry guys used when you request showdown to scan specific range specific targets. Okay, example showdown scan submit and you mention the range here at the time each IP scan consume credits. Okay, more expensive than query credits here. Right now show scan is here. Showdown scan see showdown allows limited on demand scanning. Example showdown scans submit and here you can able to mention the specific IP or the IP range as well. So what it does mean sends scan request to show. Showdown scans a range updates result in its database. Important only allowed for authorized target. Okay. Must follow legal boundaries here. See scanning ranges in soda. You can scan IP. You can uh scan single IP or subnet as well. Larger ranges depending on credits. If you have a good credits then you can able to scan for it. The ranges. Okay. Use cases organization wide assets discovery and external attack surface mapping. Now pract practical showdown CLA example. See here show search for Apache server. Simple you just search for search showdown search Apache. Now here search for CCTV camera. This is how we can able to search for showdown search hack vision port 80. Now it will show the results. Let me show you. I can't able to do it here. This is how we can we just need to add the mention the command there right. Showdown search equation and here we are mentioning the port here. Okay. The port is you know default port is of hack vision it's 8,000 okay but let's see for the port 80 it's as is denied because if you do this pro one and you have a premium plan then it will show the results and real world recon workflow using showdown see identity identify target domain or organization name use showdown f find exposed services identify IP ranges okay then sorry guys analyze Open ports software version right combined with N map or other tools vulnerable uh move to next phase vulnerability scanning and exploitation so this is just a uh workflow okay now about the showdown images I told you about this thing right I'm going to tell you about this showdown images see one of the most powerful feature of showdown is its ability to capture screenshot of exposed devices and services what are showdown images see showdown automatically connect to web- based services such as HTTP, HTTPS, takes screenshot of exposed interface, store them in its database. This screenshots are called showdown images or banners with screenshots. Okay. What you can see in showdown images mean CCTV, camera, live dashboard, router, admin panel, industrial control systems, okay, IC in a simple words, web application, login portals. See this gives visual confirmation of exposure instead of just raw data. You want to see the confirming exposure then this one is very necessary for confirmation. Okay, it's really vulnerable or not. So simple here this is a images of field you can able to use it for that one right? See why it's important. Quickly verify if a system is accessible. Identify default login panel. Detect sensitive exposed dashboard useful for reporting evidence. Now there is also one another feature in showdown which is a showdown exploits. So here only you guys will see it. It's a free okay you don't need to purchase a plan for it. Here it is showdown exploits. here it is visit site. Right. This is a CVDB. Click on view dashboard. Right. So vulnerabilities browser is view API uh docs documents. Now here you can able to see this one and this way. So by products we have this many. All right. So previously used to be in simple you need to search the steps it will show you the results right and here we have the what the specific what we said the exploit as well which you can able to see basically it take the result from exploit DB only okay you don't need to worry about this thing see here showdown also integrate exploit intelligence through its exploit database feature. What are showdown exploit? Showdown links discover services with known vulnerabilities from CV. Okay. Common vulnerabilities and exposure the full form of it and public exploit databases. This allow you to map services vulnerability and possible exploits. So how it helps in pentesting? See identifies known vulnerabilities quickly. Saves time in manual research. Helps uh periodize target based on risk. Okay. Maps real world exposure to actual exploits. Now important note shodd does not exploit system directly. This is the main thing. It's only provide vulnerability intelligence reference to public exploits. Actually exploitation must be done using tools like metasloit and custom scripts. See there is also a showdown report is there. You know about showdown report. Let me show you here. If you uh click on showdown account let me search for this. Now see there is a view report is there right click on view report you can able to see this one okay and also focus on this one there is a more is there right if I click here on any more so simple if you are looking for on any ASN or something like that you can also focus on this one right tet will is tlet do something. So if I go back uh and here see there is a specific companies let's go organization sorry if I click on products in products you guys will see this now here there is a pro FTPD now this is how you can able to mention it right so it will automatically now if I want pure FTPD then see what will See it's using the product pure FTPD. Now if I want to go with the access network camera now it will it's have the 10 results basically right. So uh showdown provides reporting feature mainly web dashboard API data export CLI output formatting. Okay. What is showdown report? A should not report is structured summary of discovering assets and exposure including IP addresses, open ports, service running, vulnerabilities, geographic data. Okay. Organization details, resolve steps in report. Okay. Using reports in pentesting reports are used to document finding, show expos exposed assets, provide evidence to client. Okay. Support risk assessment. Example report use case target organization and then the steps. Okay. Search showdown something like this. Then collect IP support services export data. Then build report including attack surface summary, vulnerable systems and risk severity. Now remember one thing don't go with showdown report. You need to use your uh create your own report. Okay. In your own template don't just uh mostly people what they did mean this kind of stuffs is happening. Okay. They perform the necess scanning and after doing the necess scanning NSS allows to generate the report. Right? Simple. They generate the report and they send the steps to client. So it's not a right way to do that one. Okay. You need to just copy the steps uh make it more clearly. Okay. Then just submit it by using your own template. Your company template is there. Right? Simple. You need to paste the steps there. Don't paste it exactly. Okay? Just change the steps. See combining images plus exploit splits report. See strong workflow. Use showdown search filter with screenshot. Identify exposed services. Check for CVS exploit. Export results. Right? Build report. This is how we can able to do it. So see real example flow. Search CCTV. So simple you just search for it and add screenshot simple by using this one. So to look okay the screenshot is there or not for that specific one. Check exploit. Okay then export data. You can able to do this process using what? Using uh the CL CLI. Okay. We also have the showdown extension. You know that just let me show you. See here is a shudon extension. Just click on add to Firefox. Add. Okay. Now if I click here. Now first of all I need to trust it. Okay. Just click on extensions. Where is extensions? Okay. It's here. Wait. See, it's showing the results IP, host name and tag. And also it will show the ports which are open in this website. Okay. The port 80 and 443 is open. Right. So this is how we can able to use this showdown. Uh what we say now see how this many ports are open here and CV DB this is a domain which we are using right now and this is IP and this is a host name and tag is CDN and this many ports are open. View IP details. Click on IP details. You guys will see the results here. Right. and view sorry guys view domain results you guys will see the domain results here so this is how it will work it's easy okay but just explore it it's not a big deal in the last classes also we covered showdown at the time it used to be free you know that we do a lot of ships there but right now they increase the prices or something like that previously I think prices al also little bit low right now they increase the shifts right now which one you need to use see census is there according to me census is excellent showdown is good okay but this guys just uh it's good but I'm going to show you about the census as well how we can able to use it right hope you guys enjoy this class thank you have a nice

hello guys hope you are fine in this class we are learning about what is subdomain enumeration since subdomain enumeration is a process of discovering all subdomains associated with the main domain example main domain is like this okay microsoft com. Let's take in our case we have example. com is there you can also think like tesla. com basically tesla. com microsoft. com basically these all are main domains right see subdomains look like this api. example. com is a subdomain in a simple words api. tesla. com is a subdomain okay ww. tesla. com Tesla. com is there. It's al it's also a subdomain. www is also a subdomain. Remember this point. Okay. See admin. com is here. Admin. ample. com. This is also subdomain. The main one is this much only. Example. com is a main domain. Right? Now see why subdomain enumeration is important. In real world pentesting the main domain is really the only target. Subdomains often run different application have weaker security contain test or staging environment expose internal services reress ww. acample. com is secure dev. example. com example. com outdated or maybe vulnerable right attacker focus on the weakest entry point not the main site now you guys will say that why w you said uh you will ask something like this right here I told you that www is also uh subdomain basically why it's saying secure but this is a main face basically in official way www. fas. com Facebook. com is there. Whenever you visit facebook. com automatically it's go with WW. Okay. But the main is facebook. com only. But here it's automatically take WW then it's a subdomain basically. Okay. WW whenever you see WW in front of the site then think that okay it's also a subdomain but it will be secure but still it comes under subdomain. You need to remember this point. So types of subdomain enumeration passive enumeration no direct interaction with target uses public data source in passive enumeration what will happen mean we gathered the subdomains for uh from internet okay we going to do some searches on set. sh SH is there. Okay. From there we can able to get the subdomain and active enumeration is there where we can perform brute forces. Brute force and DNS probing can more aggressive and detectable. See now you need to learn about certificate transparency. What is this CD?

CD? So guys, hope you're fine in this class. We are learning about certificate transparency. What is certificate transparency? See certificate transparency is a system where all SSL DLS certificates are publicly logged. Whenever a company issues an SSL certificate it get it gets recorded in public locks. Anyone can view it. Okay. See why CT locks are useful. Certificates often includes domain name and subdomains. This is why it's necessary for us. See so if a company secures api. exagample. com admin. acample. com example. com this appears in CT locks you can extract them right what is set. sh now mostly you guys know about this crt. sh search. Basically, this is a website. Okay, let me open this. Let me open browser here. Let me look for uh this one. Uh okay, still uh there is a 52 error which is a bad gateway. Mostly people are uh using this one. So that's why uh mostly you guys will see 52 bad gateway. Okay, let me show you how it's look. So you guys can able to see it right. So this is official website okay of set. sh where you need to enter the keyword okay if you're looking for any website just mention the website name like tesla. com. Now whenever you mention tesla. com then what will happen mean it going to find the subdomains of tesla. com. Okay. Now if you are only looking for Tesla not uh you're not mentioning the com. in or something like that then it going to find a lot of results for you. Okay, in that results only you guys will see the subdomain. See in identity just wait in identity you guys can able to see the domains. So this is how you can able to find it. So the sorry guys there is automation tools are there for this one. So basically what we need to do is we need to use this one. There is a basically bash script. Let me show you. You can also read that medium articles as well. Right. Uh this one also you can able to read it. Uh you can able to see this one which is a version two. Right. So it's a little bit advanced by comparing to this set. sh Uh search this one right this one is also available from uh here let me show you this is uh this one is from 1 3 you can able to see this one you can also use this click on raw or simple download it once you download this one you guys will see there is a set. sh is here. If I open it, you guys will see this one, right? So, let me open terminal here. To use it, what you need to do, just type here set. sh/ert. sh and then mention your target uh website or the keyword which you are looking for. You can also mention. com as well. Okay, hit enter. Now what will happen mean it going to gather the certificate uh the domains only. It going to focus on domains. Okay, once it once uh it's gathered the domain, it going to save it. Okay, with this name. So Tesla set. txt is here right mostly this site is why not too bad gateway or something. Okay, maybe after 2 days just try to open it. It will work. Okay, mostly people are using it. It's a free uh website. There is a lot of paid tools out there to perform the same thing like uh let me show you one free one. Okay, which is uh SSL broad. Okay, from here also you guys can able to get the results. Tesla. com short scan. Now you need to create an account here. It's a free account. You don't need to worry about it. Click on open report. You guys can able to see the results here. So it will show you the host here. See host name is there right? Basically you need to focus on that one. But it's not good like uh what we say s. sh. There is also another website the name of uh just wait let me show you this one. So simple here also you need to mention the domain. Uh let me type here tesla. com. Basically it's also a uh paid one but it's not nothing is better than set. sh. Okay this one there are paid but still I'm just showing you the stuff that's it. See here you got you guys can able to see the results. All right. So first of all let's see what is set. sh. What is this? See S. SH is a public tool used to search certificate transparency logs. Search certificate transparency log extract domains and subdomains. Example usage you just need to search it. Then it's written uh the subdomains. Okay. Why it's work? Why? Why it's working in a simple word? See organization often generate certificate for subdomains even for internal or staging system. This get logged exposed via CT locks right how certificate transparency help find subdomains. See company request SSL certificate. Certificate includes subdomains. You need to remember this point. Okay guys let me just let me show you. There is a Snapchat is here. Let me visit this website. snapshot. com is there. Now here you guys will see this is a Snapchat page. Okay. And it's working on https. You know that. Yeah. Then what you need to do click on connection is secur right now. See certificate is valid. Let me open this one. Once I open it, click on details. Once I click on details, you guys will see a lot of details here, right? So here there is a version serior issuer. Okay here in here you guys will see some subdomains. It's also issued for snap. You guys will see in you will see something like subject alternate names or something like that. Okay. Here it's not there right so let me click on amazon. com. So here we have the SSL right. Okay. Click on connection is secure. View this one. Click on details. See there is a something like subject. We'll see something like uh subject alternate names. mostly there only you guys can able to see that one the details about the this sorry the subdomains okay the domains which are using the same uh certificate so can't able to see now so no problem see what we are doing instead of using manually we are using the tools such as like set okay by using These tools we can able to find those data. See key advantage completely passive no interaction with target. Okay, it's hard to detect. Now see wild card domains are there. nothing but um you will see in Google doing about this wild card but still now if I'm looking for a specific country domains okay like gov uh let's take us okay it going to list only US-based domains there okay yeah a wild card example look like this right this means any subdomain resolved even if it doesn't exist problem with wild card is when enumerating random123. example. com example. com may resolve but in it's not a real subdomain this create false positive what this wild card domains we will see what is wild card this all steps in next classes right now finding subdomains using shodda now let's learn some about the shodd so hello guys hope

you're fine in this class we are learning how we can able to find subdomains using shodd so it's very easy to find so simple just open your terminal there is also a one tool for this one. Let me show you through terminal. If I let me clear it, there is a showdown is right. Just type here showdown and then just let me look for domain. tesla. com. Now it going to show the results for you related to Tesla. Okay, we are not using the premium membership, right? No problem. Okay, let me go to showdown. So, let me look for Tesla. com is right. Simple. Just mention the domain as well. You guys will see a lot of results here. See in SSL certificate, you guys will see the tesla. com. So, that's why it's showing you the results, right? see the location right so this is how it will work so if you only add instead of tesla. com if you add something like only Tesla now see the results here right maybe here uh here you won't see that much results but what will happen you guys will see those things where in uh in SSL basically you are uh it's having this keyword which is Tesla so that's It's this showdown is showing us the strips right. So now how we can able to automate the strips? Okay. If you have a uh premium membership in showdown then how we can able to use it? See there is a one tool for it. The name of show something woman. So here we have this one. So you can use this to get the domains from what we say from showdown and also there is also another one show domain seeker is there. Okay basically it will work so simple what you need to do just copy this commands and go to cd and pip install-r requirements and run the scripts here. What you need to do you need to mention this command here. Okay. -ash d and your target domain and dash s and mention your showdown API key. Once you do this one, you guys can able to see the results. See the example shops. The most popular one which mostly uses this one showman. That's it. This one is good. Okay. A basic tool, right? It will only show you the subdomain. Once uh the developer just executed this command, he just targeted Starbucks here. Right? Once it did then what happened? He just saw the results. Uh sorry here we can able to see the results. Basically what will happen means it will only show in terminal. it won't save the sh. So what you need to do you need to use pipe and you need to save the ship by just adding uh the greater than symbol and the file name where you want to save it. So basic thing right. So here you can able to see the usage what you need to do python show domain and you need to mention the API key in your target doain then you're going to do the shifts for you. Okay. So this is how we can able to get the subdomains using shoulda right. So here you can able to see it. You can also use something like this. Right? And if you are looking for a according to the organization then you can able to use this one right why what you get say subdomains links to IP services running on them ports and banners right limitation only shows internet exposed systems not complete enumeration now let's see how we can able to find subdomains using census hello guys hope

you're fine in this class we are learning about sensors simple First of all, you need to create an account in this platform. Then simple search it. Now, let me look for Tesla. Simple. Just type here tesla. com. Then what will happen? Just see. You guys will see a lot of results here. But we need to focus on certificates. Click on certificates. Then it will automatically change the search filter here. See now you guys can able to see the uh subdomains related to Tesla. At last you guys can able to see tesla. com. Okay, there is a second website tesla. com. Right? See here. So this is how you can able to find uh subdomains using census. It's very easy to use. Now see the results here. If I remove com uh from here and hit enter see what will happen. You guys will see different results. It's not from Tesla, right? You just saw you are just saying that only the keyword is there about Tesla. But we need a valid results. Okay, this is not a valid way to look for subdomains. If you are uh going with the certificate transparency, then you need to mention the domain here. Now assume that I want to look for Snapchat. Hit enter. Now you guys will see maybe the results about Snapchat or the other results as well. Okay. See there is a this is not a Snapchat website. Okay. But in the domain you can able to see the keyword Snapchat but it's not a Snapchat site. So that's why we need to mention a official domain here which is snapchat. com right so now you guys will see the results got some results here which having snapchat on it uses if I click on certificate here. Sorry, it's already there. So this is how you can able to look for it. So there is a issuer is security inc. If I want to look for it then let's see now basically let's do one thing. Let's visit official Snapchat site here. Now click on this icon. Click on connection. Click on more information. Right? There is a what view certificate is there. View certificate. Uh what I'm looking for just let's go back again the issuer. Let's see for issuer here. See here. This is what I'm saying. You will see a lot of uh sites. Okay. a lot of website related to a lot of domains related to Snapchat right so this is what I'm talking about by just seeing the that SSL icon you guys will get a lot of domains as well now I want to see for issuer Yeah, here is a issuer. Issuer name is digget in uh inc. Is it DG set? I remove this one. So here is D set. Now there are a lot of chances that the domains which we get now are from Snapchat. See here I got AWS staging story Snapchat. This is another one. Maybe in here in all names it may contain Snapchat. So that's why it's showing us a results right see app Snapchat. So this is how you need to go for it. Right? This is not a hard thing. You just need to explore right. Hope you guys enjoyed this class. Thank you. Have a nice day. Hello guys. Hope you are

fine. In this class, we are learning how we can able to find subdomains using virus total. You don't know about virus total. Let me explain you. See here you guys will get three features. Okay. One is file, one is URL and one is search. In search feature, we uh we can able to get subdomains. Okay. What is this file feature? Now assume that you just downloaded one file and you want to scan it for viruses. It's binded with virus or not. So simple you can able to use this feature. Simple choose file and select your target file here any exe file or something like that. So here right now we have the bash script. So simple click on confirm upload. Now it going to scan for the viruses in it. You can scan any APK... exe file. You can even scan the PHP files as well. You can scan the zip files. This all stuffs you can able to do by using this virus total. See it's just a normal file. So that's why we won't see any viruses here. Right? Let me go back. Now there is a URL. Now if you want to scan for the fishing URLs, okay, you have you are shopping from one site. Okay, one website. So if you want to look that the uh the website is spamming or scamming or not. Okay, like it's a legit website or not. So simple you can also look for it. So sorry guys, just wait. I have one uh fishing website. Just wait. Let me scan for it. Oh, here we have one website which is is. gd. It's a scam site. Okay, it's a fishing site. If I scan for that one, see it's saying that Malaysia. Simple thing. Don't visit that one. I just want to show you. Okay, how uh this will work. How you can able to scan for domains. Right now, there is a search. This feature is important for us to find subdomains. Now I want to look for Tesla. Just type here tesla. com and click uh on search. Now here you guys can able to see it successfully scanned. Now click on details. Here you can able to see the details. Right now the important part in our case is this one relations. Okay. If you click on relations you guys will see the subdomains here. Right? There is a lot of subdomains. Just click on three dots. You guys will see a lot of subdomains here. Without using any tool, without purchasing any service, we can able to get the subdomains here. Right? It's a one of the excellent way to get subdomains using virus total. See how many subdomains are there. You can uh use sublister to get the subdomains as well. Basically, sublister also get the subdomains from here only. Okay. like in sublister there is a virus total option is here it going to look for sub uh look subdomains in virus total as well okay so we're going to use that one so but how sublister find it this is a way it is a lot of subdomains if I click there then still I can able to see it so this is how we can able to find subdomains using what using virus total there is also one another website okay which is a very popular what subdomain finder. So for private scan you need to be uh just click on the private scan then it going to scan privately. Just mention your target website here. Click on scan. Now it going to scan for subdomains for you. Right? So here you have a lot of subdomains which you can able to see and also there is another one NM mapper. This is also one of the excellent uh website from where you guys can able to get the subdomains. Here you can use the multiple tools. Okay, like N map, subdomain finder. Let's click on subdomain finder here, right? There is a subdomain uh sub routinder. There's a lot of simple search for your target website and click on continue. Now it's going to find the subdomains for you. So see so basically it's found 165 164 subdomains here. So basically there are a lot of tools to find subdomains right hope you guys enjoy this class thank you have a nice so hello guys hope you're fine in

this class we are learning about how we can able to find subdomains using sublister one of the excellent tool right to get subdomains so here we have the detailed sublister is a python tool designed to enumerate subdomain of website using oent itself penetration tester and bug hunter collects and gathers subdomains for the domain they are targeted. Right? Sublister enumerates subdomains using many search engines such as Google, Yahoo, Bing, BU and ask. Right? Sublister also enumerates subdomains using netcraft, virus total, red crowd, DNS dumpster and reverse DNS. And also subroot is there. Subroot was integrated with sublist to increase the possibilities of finding small subdomains using brute force. Right? And we're going to mention uh the what we say word list here and we're going to use that word list to perform uh brute force on it. Okay. To find new subdomains with an improved word list. The credit goes to the rock who is the author of subroot. Now this is official website of subgroup. Okay. The official GitHub repository of sub subru. So how to use it? Basically you need uh Python here and you need to uh installation is there. Now let's use it. Just open terminal. Let me install this one. Just type cd sublist blister ls. You need to install the requirements here. To install requirements, here is a command p sudo pip install requirements. Hit enter and type your kali password. Now you need to create a environment python environment here. So simple to do that just type python dash m and let's give the environment with the name of env here source envirate. Now it successfully created this one. Now click what happened right? Instead of adding sudo just type pip install- requirements here that's it on once you do that one what you need to do so we successfully install Ubuntu and there is also a some requirements okay uh we successfully installed it now there is a usage basically see dash d for domain - b for brute force enable the subroot uh brute force module -ashp for ports scan and the found subdomains against specific TCP ports. Right? So here we have the examples. See here. So simply if I type here, let me clear it. Python sublister dash H for help. Okay, you guys can able to see the help. Just ignore this one. This all stuffs maybe. some shops has been break. Okay. So here we have help domain uh brute force ports verbose by threats number of threats to use for subbrs and here we have dash e for engines. First of all let's uh run this one. To run this simple just type here python sublist d. Okay. Why we are using - d here? Just go back to our repo uh this repository. So def for to mention the domain. Okay. Then we need to mention our target domain which is tesla. com or any domain. Okay. It's totally depend upon. So if I hit enter here, you guys will see it's using a multiple search. Okay, maybe some stuffs are missing. Just wait. Let me do one thing. If I type ls here, you guys will see there is a setup file is here. Let me install the setup file. To install this setup file, just type sudo python setup. py install. So it going to install this for you. Successfully set up. Let me clear here. Let me run this again. Okay. Now let's run this. See error virus total probably now is blocking our request. basically we need to change uh IP or something like that. So from here we got the subdomains right almost 40 subdomains we got. If I want to save it then simple just use this one and just save with the name of Tesla 1. xt. Before doing that, let me change my IP address here. Now I just want to use virus total. That's it. I don't want to use other uh subs here. So simple just add here dash E. You can add multiple search engines here. Okay. Dash E means for engine. Now here I'm going to use virus total. Something like this. Now it going to only scan for virus total. Uh go with virus total here. What happened me run using sudo. So if you don't want to see this uh issues simple just type here w ignore. Now it's blocking our request. Now let's use brood here. Write something like uh just that dtesla. comb for what brute here you can able to see it b for brute force enable the sub brute force module then what you need to mention you need you no need to just add -b there and if you want to see the output just Type -v for verbosity and hit enter. Now you guys will see uh the process of extracting domains here the subdomains right. So see net uh it's ext uh extracting the subdomains from netcat netcraft sorry. So now it's doing what it's starting brute force module now using sub brute. Now it going to perform brute force attack on it. Okay. Like it going to look for a multiple keywords and it will show you the results there. So mostly now you need to focus on this one subgroup okay because you will get the private informations private subdomains right see static. tesla. com we got autodiscocover. Now if you want to go more faster then you can also add something like this. Um just add dash t right. Okay, let me use Androids here. Hit enter. Now there is also alternate way. Okay, instead of getting this must uh messy things, we can also go with this website. discocovery. io. io. So what you need to do here we have a lot of uh websites okay like see if you are targeting zoom then here we have for zoom right just search for your target domain in our case it's Tesla so here we have how many subdomains we got 10,000 okay more than 10,000 subdomains we have here simple for free you guys can able to download this one Now simple let me extract it here. Open it. Now here you guys can able to see the multiple files. In every file you guys will see the subdomains. Instead of going with this all stuffs you can also download it from this website. So how easy it is right? So you don't need to worry and you no need to worry about this all why some are working some are not. This will work. Okay. Sometimes due to IP b IP issue it won't work. Okay. In our last pen uh ethical hacking and pendestion course also what happened um it won't work after some time it worked. So this is how it will happen. So you don't need to worry about it. See this is a brute attack basically where uh you going to perform brute force attack on subdomains to find you perform brute force attack on way not on subdomains on domains. Okay. then you will get the results here. So this is how it will work. In the next class we're going to learn about this one. All right. Uh way back URLs. Hope you guys enjoy this class. Thank you. Have a nice day. Hello guys.

Hope you're fine. In this class we are learning about way back URLs. Now this way back URLs is a reconnaissance tool that pulls historical URLs for a domain from the wayback machine. Way back machine is nothing but it's a internet archive. If you search for internet archive here sorry here it is internet archive. So if you open this one you guys can able to see internet archive is a nonprofit library of millions of free text, movies, software, music, websites and more. So here you will see more than one trillion web pages on the internet. Now if I want to look for tesla. com let's see how Tesla website look like 10 years back or something like that. simple search for it. So it will take some time. You need to wait. So here we have the APKs, the phone software archive, everything is uh here. See now it's 2026, right? So let's go to 2026. Here we have some snapshots. Okay, basically these are the snapshot. If I click here now see in February 9 there is a website snapshot. If I open this one you guys will see something uh there is something like this redirecting to this. So this is a basically website. So let's focus here in 2008 and here in 2008 from 67 2008 is in on peak. Okay. So let's focus on here. So you can target any but you guys will see there is a snapshot here. Just open it. So this is how it's look like. It's not owned by uh official tesla. com. Right now there is a this is a official Tesla website. It's slow. Just wait. Okay. I need to change my IP here. Let's see. Let me try to access this now. Still there is a issue. So, so we can in the simple words we can go back right and we can able to get some parameters here some endpoints there maybe it's still vulnerable we are not going that much back but see uh 2024 is there if I open uh let me click on 2024 and let's see the result here so simple let's click on July uh in this Okay, basically it's a time see still the website is same tesla. com right if I click on 2025 now see how many changes has been occurred here and basically these are the snapshot which took on this time I open this one it's saying access is denied I can't able to access see for us the site map is very important where we can able to get the domains this URLs is all ships uh sorry the parameters not domains you will see the same domain there but different parh parameters lot of parameters see now it's uh same but I can't able to see okay here is a website so this is how we can we successfully go back to uh right now I'm looking on April 5 2025 right now this is how the website is but currently I can't able to sorry can't able to access this and also there is a site map let me show you this thing if I open site map here you guys will see the results. Okay, just leave it. It's taking some time here. Just let's go back here. See, you can able to see what instead of only testing current endpoints, it lets you discovered old pages uh deprecated APIs, right? Hidden parameters, backup endpoints. Now why webback URLs is important in web pesting and bug bounty. See modern application often removes endpoints from UI. Okay. Leaves backend routes active forget to secure old APIs. So way back URLs help you find the pages like this. Okay. With end uh with parameters and endpoints. So these are critical parameters is equal to input points where user can able to input the data. See input points is equal potential vulnerabilities here. So especially used for XSS, SQL injection, idor open redirect. So basic way back URL usage is simple. You just need to type uh sorry guys web URLs and just mention the domain it will work. But before that you need to install web URLs here. So now it's loaded. Now if I go to URLs you guys will see some more results here. But still let's go back. Let's do this process here. type here there is a GitHub one from this is one of the most popular one right so how to install it simple just copy this command just open terminal here go back and paste it here you need to install Golang Just copy this commands. The second command, not GCC one. The second one, Golang. GO is right. Just copy it and paste it here. It will take some time to uh install this one. Just wait. So now what you need to do just copy this command and then paste it here. Right? After pasting this one just wait for some time it going to download it for you. Then execute this one p sudo cp and tell forward/go/bin slback urls. And what you're doing you are copying that one where your user local bin folder after doing that what you need to do just type here way back urls. Now see the color has been changed that means it's there it successfully installed in our machine. So just type way back urls and just wait for uh some time. It will take some seconds to show output. Just type this one. Now here it is right. So what I need to do? So see there is a dash no- subs are there right? That means don't include subdomains of the target domain here. Now what you need to do first of all the first thing you got the subdomains right you have the domain list or you only have a single domain. If you are using if you want to perform this uh use this way back URL on the doain then first of all you need to create one uh file. Okay, just create file with the just in that file just add the uh the domain. Okay, in our case we are using test ASP. Weeb. com. This one I just added this domain. Just you need to add your target domain here. Then what is the file name? Remember the file is domain. txt. So let's go back here. You guys can able to see there is a cat domain. TXT and here we added pipe. uh here they added pipe and then there is a tool again they are storing the results in URLs folder so this is how it's working so simple let me do one thing just let's go back sorry guys let's go back to our terminal just type cat doain txt and then add pipe webback urls and let me store in urls 1 txt Hit enter now. So just wait. Maybe it will take some time. So it's successfully done. If I open this one, there is a URL 1. TXT. If I open this, this is how it look like. Right now instead of this, let let's do one thing. Let me type here nano domain. txt. Let me add one another domain here. Uh just wait. Let me add tesla. com. Okay, let me do the same thing. Just add URLs2. txt. Now it will take some time to get the results. You can also add this dates as well. See there is a URLs 2. x. How many results are there? In our last classes also we covered this thing. See the results are 10,184. So we need to get parameter here parameters. To do that one there is also one another tool the name of the tool name is Qs replace. What you need to do simple see here what it does mean accept URLs on st replace all query strings values with user supplied value only output each combin uh each combination of query string parameter once per post and path. Now usage is something like this. Example input is there in our file. There is a kind of input. Now what we can able to do? We can able to replace this values okay which are in front of the SQL. See new value is there. Okay. Previously it's 1 2 something like that. Then we added the value according to us. You can also add basically why this necessary to add our payloads. Okay. Like if I want to add the payload like SQL injection payload or any other payload. Simple. We're going to add it. You can also append it and you can also remove the duplicates from it. Right? So you can go for it. So simple. Let me copy this. Let me open new terminal here. Let me paste. Just execute this command. Hit enter. Now just type QS replace is there. Yeah. So how to use it? Let me show you. Let's go back here. So we successfully installed it. So you need to mention the scat URLs then you can able to remove the duplicates from here and if you want to replace it then you can able to replace it only target those URLs which have the parameter in it. Now let's

automate the strips. Basically there is a script okay which can able to detect uh excss. So simple do one thing how I created this script. This is also one of the most important thing simple by using charg. Okay. So what you need to do just tell shad gb that I want to automate the steps. I have a list of urls or domains. I want to uh get all parameters from way back urls. Okay. From internet archive and it's need to detect the steps which we which you are looking for and it must be 100% valid. Okay. Then it will create a script for you. Basically create the script in bash or python language. So this is very important. So see here there is a script. What it does mean? First of all, we have the wayback URLs test ASP. 1 uh oneweb. com is here. So, first of all, let me run the script. Mostly you guys are asking about uh courses related to programming languages such as Python or something like that. It's not necessary. Simple thing. Mostly people say that it's necessary or something like that. But according to me it's not necessary because we created a complete course on this channel only related to chat GBD for ethical hackers there just see the concept okay then you will get that okay why it's not necessary to learn that much programming just focus on pentesting first okay there is a very huge in pentesting only you need to learn about each and every tool clearly okay so you can able to use it in your own way so that's why it's necessary to learn pentesting red taming before jumping on this developing part. So, hit enter now. So, basically what we are doing, we just mentioned this one and also we added grip here. Okay. No, basically let's go back what it does. See, get URLs first one which we just saw here. Way back URLs test uh ASP1eb. com is here. So, way back uh collects old and current URLs from archive. example something like this with parameters filter only URLs with parameters okay so that's why we used here grip okay then keeps only URLs that have is equal there why because parameters input uh input points input means where we can inject the payload there in our last web pen testing classes also I just told you about this thing now then we use Qs replace I told you about QS replace one of the excellent tool so simple it going to replace with uh this payload. Okay, just provide any payloads. It's totally depend upon you. Replace parameter value with payload. Simple sorry guys. ID is equal 1 to uh something like this. Okay, loop through each URL where we use this one. Well, read URL do take one URL at a time and store it in variable which is a URL here. So send request to website. So that's why we use this one response which uh this one sends request to server save response in uh response then the options are this okay - s for silent dash path as is don't modify URL okay dash insecute that means it's ignore SSL issues okay check uh if payloads payload is reflected or not so simple here we are using there are three types of excss out there right uh reflect is also there simple we are checking for that one each echo response grip- fq and we are looking for this one see look for the look for your payload in response basically we are saying in response - f exact match dash q no output just true all false this is how it will see so print results if found then it's vulnerable and the vulnerable color is red if not found then not vulnerable And the color is green. So that's why we use this color there. So let's go back here. See here we got this results. Only this one is vulnerable. Okay, we got some we got three URLs here. Let me copy it and let me paste it here. Hit enter now. Now it uh if it's vulnerable then it will show the alert there. See it's successfully showing the alert. So this is how we can able to automate the shifts very easy man no need to worry okay because now things are very easy in programming ways okay you can able to create exact script in chatg as well uh sorry in python by using chatg right or you can also use our script as well we created a complete uh framework on xss to find the it automatically find the parameters it's do the complete stuff simple what you need to do you Just need to add the domain. That's it. It going to find all uh vulnerable parameters for you and it automatically inject it as well. So here it is. You can also use this one advanced access scanner. So we just created this for uh for a fun purpose. Okay, you can also use it. This is a one of the good one. People are getting good results from it. But still uh we're going to develop it. Okay. If we get some time then we're going to add some more features. So hope you guys enjoy this class. Thank you. Have a nice day. Hello guys. Hope you're fine. In this

class we are learning about what is fuzzing. See fuzzing is a process of sending a large number of unexpected random or crafted inputs to a target to see how it behave. Instead of manually testing one input at a time, fuzzing automates testing covers thousands of cases. Helps discover hidden vulnerabilities. See why fuzzing is important? Modern application are complex. You cannot manually test it. Okay? Every endpoint, every parameter, every input, it's impossible to test. You know that you will uh just spider the website. Just see the steps there. Okay? You will see a lot of parameters. So it is impossible to test each and everything. So that's why we automate the steps. Right? So fuzzing help you find hidden attack surface, detect unexpected behavior, discover vulnerabilities at scale. This is why fuzzing is heavily used in bug bounty red taming automated scanning. Right? What vulnerabilities fuzzing can find by performing fuzzings? What fuzzing? What we can able to find? See we covered this uh this in BSU course as well which is two hovers. There also you can able to watch it right about how we can uh how we f this XSS SQL this all stuffs you can able to see there see fuzzing is extremely versatile it can help discover excss which is cross-ite scripting inject payload into parameter okay it will automatically do the steps for you SQL injection you can able to look for this the payload payloads. There are a lot of payloads. Okay, basically we are just taking this example open redirects, right? And content discovery mostly people use for content discovery. This f uh f is there right? You know about fuff there is a tool by using this we can able to perform fuzzing and also there is a wuff is there. Uh by using that one also you guys can able to do the same process. But here I'm going to teach you how you can able to find anything like uh brute force attack how you can able to perform brute force uh brute force attack on login and also you will learn how you can able to find this SQL injection vulnerabilities this all stuffs right okay see content discovery finding hidden uh admin page backup or dev okay development page CVS you can able to uh by doing fuzzing you can find known vulnerabilities. If a specific endpoints or software is vulnerable, fuzzing can help identify it. Example outdated plugins, APIs etc. see misconfiguration, exposed files, debug endpoints and internal APIs. So basically how fuzzing helps in enumeration. Fuzzing is not just for exploitation. It's powerful in recon and enumeration. It help you discover new endpoints, find parameters, identify technologies, expand attack surface, right? Hello guys, hope you're fine. In this

class, we are learning about fuzzing process. First of all, what you need to do? Step one, identify input points. Okay. How we can able to identify the input points? We use way back URLs here. Simple. We just found the parameters. Exact technique you need to do. You need to find the parameters and replace with fuzz. Okay. Now you can able to do the process. I covered how you can able to replace it and also I'm going to show you one another tool by using the tool also you guys can able to replace the uh what we say this uh parameters. Okay. The keywords, okay, where we need to test it. First of all, remember it? We need to test it in input and also after the is equal there. That means it's a parameter here. Instead of one, we need to test our pay uh instead of there is a one. Uh here is a one, right? So instead of one, we need to add our payload there. That's it. We need to automate this all shifts. So in the next classes, I'm going to teach you about this technique as well. how we can able to automate this all steps. But first of all, let's learn about fuzzing. After learning fuzzing, then it will be easy for you. See, and the second step is choose word list. Word list is what? List of inputs to test. In that word list, it might be the word uh username and the password. It might be sorry guys, it might be payloads related to XSS, okay, or SQL, something like that. Example, let's take uh the word list which have the username like admin, login, backup, test, right? And step three, send request automatically. Tool replaces in input with each word like fuzzer. Okay. And step four, analyze response. Look for status codes such as 200, 403, 500. Okay. Uh and also focus on content length. Okay. And keyword and errors as well. Why errors are very important. If you're looking for SQL injection uh error base one, then this errors play very important role. Now here we have the and now let's start some practical classes here

you can see is there f yeah f is there so what you need to do you can read more about this f just type here f dash d-help then you can read a lot of shs here so but let's cover that much only which is necessary for Now if I want to perform directory fuzzil then what I need to do just type here fuff and mention uh the URL is for URL uh what is our URL here let's go with this one okay you need to go with the protocol http is here right just copy it and paste it here then what you need to do you need to add this keyword there fuz that means here it going to fuzz the strips and going to look for the directories. Now w Now we need to use a word list. Which word list we can able to use? Let me show you. So here are the most important repositories which are uh for fuzzing. Okay. So see there is a username is there. Web shell is there. Okay. Now we are doing fuzzing, right? So open this fuzzy and here just focus on directories right now we are looking for a what directory for zing so we need to find the directories here before finding the directories we need to know that which technology it's using okay so we going to uh okay in the next classes I'm going to cover about this one as well so you need to go with the uh the technology as well. Now assume that uh your target website is using WordPress then you need to go with WordPress. Just search for WordPress here. See there is a lot of things related to WordPress like CMS WordPress fuzz is there. So simple you need to go according to your target uh technology. Now here content is there right? Let me type here say okay let me discover there. Okay, in discovery there is a web content you guys will see there is a lot of things. Okay, you can see the password first big there is a common txt but you need to just open anything. Okay, just open the file and just try to read it. So right now let me download this common. txt here. Just download here it is common. phpx. Let me drag and drop here and hit enter. Now see what it does. It's going to look for directories. Let's go back here. So basically we just use a word list there in your word list you need to add uh is there admin pages there then it going to find it okay so basically is there anything related to backup then it going to find it for you so we just use the most common one here see here I got one uh images and something like HTML so focus on the status code here what is the status code 3. 1 if I copy this one this images or HTML again I got something here let me paste it this images forward slash images is there anything so I can able to access it and here I got avatar ASP net_client is there so see it's forbidden It's there but I don't have a permission to access it one right. So what is the status code here? It's 3. 1 there is avatar and here there is a CGI B is here but still it's I can't able to access it. It's 403. So there is a ways to do to bypass this one. We need to change the header something like that. So there is a way basically in real world these are the juicy things which you need to focus on. See CJ bin you need to take this one ASP. NET_client is this is important for you and also there is a one another one which is T right. So you need to focus on this kind of shifts. See 200 uh admin 200 and backup 43 showing. Now let's see word list and why they matter. Fuzzing is only as good as your word list. Important rule use specific word list for specific goal. Now what you are finding there assume that if you are finding excss then you need to focus on excss based word list. Okay, you need to find the excss payloads and you need to do the process there. Content discovery word list used for directories and files. Example something like this. Okay, word list always important. Okay, what you need to do? You need to focus on this websites. Okay, don't forget about this one sec list and this one payloads all the things. So you can go for there is a lot of shifts. Okay. So 5 days ago they updated it and also there is a this one parameter word list used for finding hidden parameters. Example uh ID user redirect token something like that. XSS payload word list is it. Now see what is this? This is also very important. Now assume that if you want to find the parameters so simple you can focus on a specific parameter. See in Bshoot we have this feature we no need to worry about this one. Bubsuit simple we can use a search feature there and we can able to identify it. See XSS payload word list is there. So it will look like this right. SQL injection payload this is how it will look like and CMS based word list is there. Different CMS have different path. Example for word list if you are looking for admin uh location then here it will be admin in Jumla this is a admin page right so special character word list is here used to break application now this one is very important okay so uh if you use any random characters here like a lot of uh kind of special characters at the time what will happen it's trigger error okay in that error it will reveal a lot of informations Okay, sometimes it will reveal the AWS key as well. This is very important thing which you need to focus and here there is a large and long input word list. Now assume that there is input there you just type a lot of things lot of characters. See used to detect buffer overflow memory issue dose behavior. If you add a lot of characters sometimes it will take a huge time to load. Okay. So this will happen. So let's learn how we can uh find this endpoint. We successfully did this one. Now let's focus on this one. Finding parameter using fuzzing.

Now let's learn how we can able to find parameters using fuzzing. So simply here in search you can able to uh just search it parameter names is there uh and here we have that's it. Let's see. Now here we have parameter names. Just wait. You can use uh a normal this list as well which we used here common one but this is a this is for a specific one. Okay. So here we have this one, right? Basically this all are what the parameters names. Okay. So you can also use this one. How many we have? We have 6,453. So simple. Let me download it. Okay. Once you download this one, simple technique, execute the same command. Right? Now you just need to focus on the parameter. Just add uh a parameters here the word list. Okay. Just add first. Okay. Now is equal test. Okay. So basically here I am adding the u here whenever we add fuzz anywhere in this URL that means we are using the word list there. Okay. In that place and the value is a it's a simple value okay simple input you can also change this input to fuzz as well okay assume that you have one input okay you have one parameter just select that parameter just copy that URL with parameter and in that uh instead of this value add first z and use the payloads then at that time what will happen you can able to the ships Okay. Uh hit enter. Now let's see here you guys can able to see finding parameters using fuzzing simple hidden parameters like debug admin token will visible. If there is something like that then it will be visible. In our case we need to mention this question tag or something like that. Here we just mention that complete domain. Okay. This is not a right way right. So basically it's need to look like this page is dot PHP question tag or anything. Remember here don't think that it's always PHP or something like that. You don't need to worry about it. In our last courses also I just told you about this thing. Okay, you just need to focus on the parameter that's and header fuzzing is there. If you want to fuzz the header here it is. And how to detect vulnerabilities in fuzzing? See content length differences. If most responses length is 1200 but one length is 45 uh 4500 then interesting. You need to investigate it now. You need to open it. You need to check that one. Right? and also focus on the status code. 200 means success 43 is restricted 500 if it's through error in SQL injection or something like that at that time it's very important some vulnerabilities this one is very important okay and also keyword search for error SQL warning expectation etc okay response pattern look for reflections different page structure debug info and finding open redirects how we can able to find open redirects as well now see assume that if You got the parameter such as like this redirect easy code at that time here just add the first W and you just need to add the URLs there then what will happen it going to look for it okay if it redirect if the redirect happens then it's vulnerable now instead of doing this one what we can able to do we can add our uh what we say way back URL uh steps and we're going to add it here then it going to look for it You can also create scripts for it to do this process. Right? Finding excss. Simple. You can add a excss payload list there. You can't test only one specific payload there. Right? You need a multiple payload. Simple. You can add that whole payload in that list and you can able to test for it. Same for SQL injection. So first of all this is why I told you that uh focus on the word list. See there is a this one which play very important role right here there is for open redirect and prop injection and we are focusing on what XSS right. So let me search for XSS. See there is XSS injection. I open this one this way. See we have uh the tutorials as well. You can also focus it. And here we can able to see the common payloads. Simple. You can take this list and you can add it there. And in sec also you guys can able to see the excss payloads as okay. Here is fuzzing excss. So here we have human friendly. So if I open this one. So here we have sorry not this one. You need to focus on txt brute logic is there right? You can also check according to it. Okay. Just open the files. See XSS payload box is there. So you can check for it. Okay. So before checking it you need to know the concept here. How what is XSS? If you don't know what is XSS then how you can able to test it. This is also one thing. All right. So we created that course as well in web pen testing we covered about XSS SQL injection this all stuffs okay now mass hunting with fuzzing okay testing thousands of endpoints automatic bug discovery scaling bug bounty work right so if you watch our nuclear course see I'm attaching this course here nuclei just try to watch it okay this is also very important you can able to find excss you can able to and SQL you can find almost every critical vulnerability using nucle I covered how to find it how you can able to look for mos mass domains you have a lot of uh subdomain and you want to test on it simple you can also do that one so simple after covering this one uh I'm going to attach the nucleus section as well just try to watch it but thank you have a nice day now there is also one

another tool which is w fuzz hit enter is there Yeah. So here you will see a lot of features. It's same like fuff but it's a little bit different. See here we have w first dash c. Okay that means color. If you uh add something like this as a shell here, then you guys will see output right C for output with colors and -ash V for verbose and dash O for printer and D- field is there. -p is there use proxy in format. If you want to add this one, you can also add it. Script is equal. Okay. - U for URL. D- Z uh what is this? D Z for payloads. If you want to specify a payload for each first keyword used in the form of name, parameter, encoder, there is a lot. There is -b for cookie, dash d for post data. You can also add the post data there. And here we this one is very important. H c, hl, hw, h. What is this? Hide response with specified code. Now you just added d- sc and you want to add the hide the code such as you want to hide uh something like 44 status code one uh status code results simple you can able to hide it okay so it's play very important role so simple let me show you how we can able to use it just type here f of w first and dw for word list yeah I think dw is for word list only just wait just I know it's - W is for word list but still dash c is for color and dash s is zed is also there zed to mention the payload Okay, just let me add the word list of uh this one common. xt and then just mention your target domain here. This one just paste it here. Then where you want to fuzz? Simple. Just add fuzz here. Okay. Hit enter. Now it going to start fuzzing. See this is how it's look like. Now here I can able to see lot of 44 right so simple what I'm going to do just stop it now just type here dash h uh what is it dash just let let's see again there is a lot of results h c hlw let's see h there that means hide code uh let I had what is it? 44, right? Let me add 44 here. Okay. Here, let me add HS whenever you put the C need to be uh needs to work. Just wait. Okay, let's do one thing just let's open basically H C need to be used here. Just type here C. Okay, what if I add S C 44 in front of this? Yeah, now it's working. Basically at last you can't add this one. This is the reason. See there is also a once you visit the official site you guys will see one uh website there. Okay from I think from this uh developer there you guys will see a lot of results uh for this w happening here. So I could not resolve host. What happened? Yeah, here it is. See there is a wfuz. io is there. From here uh you need to visit here and you need to read about this one. This is very necessary for you. See my internet is little bit slow because I did a lot of fuzzing. They just banned my IP address. So every time whenever I try to serve the website uh any website they are asking for a recapture. So this is how we can able to do it right. So now it started. See it's not showing the results related to 4. 4. I got something images HTML t. Okay. Now see I want to hide this one as well. I don't want to see 3. 1. So simple just add here 3. 1. Now you won't see 3. 1 as well those results as well. Right? So it will only show you 200 or any other status codes. Hope you guys uh get it right. Let me stop this one. You want to learn more

then this is official website from W first. So simple just try to read it. Here you guys can able to find each and everything. See how you can able to use reax filter as well. See if you are using burpsuit then you don't need to worry about this all shifts right. So in bubsuit we have each and every option so you can able to use that one. This is a kind of alternate way to uh perform fuzzing. You don't have premium subscription or something like that then you can use this one. What w fuzz it's very fast. Okay by comparing to weboot insert if you do some changes you can also make it fast. No need to worry about it. So but still learning more tools are very important. So hope you guys enjoy this classes. Thank you. Have a nice day. Hello guys.

Hope you're fine. In this class we are learning how we can able to detect web application firewall. So this is a basic techniques to detect this one. You can also detect web application firewall using uh vapalizer as well. Right. So simple here just add n mapap is a tool. If you don't know about N map, we have a complete course uh on this tool. So simply you can able to watch it. So N map you can add domain or IP. If you have IP address then you can also add IP there and does your script is equal. I'm using script to detect web application firewall. This is the script. Okay, just add the script and the port. The port the default port of web application is 80. Okay. web server uh run on port 80. So simple we need to mention that one assume that if your target is running on port 8080 then you need to mention that one instead of port 80 right and 443 it's also having the SSL so that's why we need to mention the port 443 there for verbos hit enter now so is there any uh sometimes it won't show the results this is also one thing so now yeah it successfully detected ids this IPS WAF is detected that means web application firewall is there. So I want to know that which uh firewall is there. So simple what you can able to do is just add this exact command instead of detect just add here something like um detect right previous uh sorry here I need to mention fingerprint see now it's not showing that it's not a big deal just leave it http and here web v fingerprint like this. Just add this one. Now it going to show you which uh okay it's not showing uh right now. Basically what will happen means it will show you which fire uh firewall it's using like cloud fire or something like that. So don't worry it will show the results. See previously on port 443 it's having the IDS IPS detected. How it's detected? Simple. It just use this payload to detect that one. So simple. Let me do one thing. Just wait. Now let's execute the same thing again. So okay no problem here. Uh you guys can able to see it instead of Sony. Let me add something like another domain here. I'm using this one w. playation. com. Let's see. And also there is another script with the name of vaf. So it's not detected but still it's uh it's secure. Okay, it's having the firewall there. But I want to show you how it's look like. So simple uh let me show about this one. W off of is yeah you no need to install it. This is a uh what we say man it's a script uh which can able to detect the firewall. So simple just mention the what we say a domain here or IP as well. So simple mention like this hit enter. Now just wait. See the site is behind what firewall? This one. Kona site defender. And if I look for Sony. So just wait. It's saying no VF detected. Okay, no problem. So there is a firewall is there but still it's not detecting it. No problem because see previously we got the results on which domain on Sony. com only right see it's detected this IDs IPS but here what happening it's also a security okay it's not scanned uh it's not able to detect this one so you need to change IP what you need to do you need to change you need to use VPN just connect with VPN again and just do the same Okay. Then what will happen? You guys will see the results. Instead of doing this one uh this much process, you can also use vapalizer here and you can able to do this one. So simple click on that vapalizer uh icon that extension icon. Then you guys will see the results which firewall it's using which security it's using. Right? So hope you guys enjoy this classes. Thank you. Hello guys. Hope you are fine. In

day. Hello guys. Hope you are fine. In this classes we are learning how we can able to perform fuzzing using nuclear. This is very important class for you. Just complete this classes because uh without learning nuclei you can perform a complete fuzzing because nuclei help you to identify the vulnerability. Okay. From info to critical. Here you will learn how you can able to find uh critical vulnerabilities as well. How we can able to use those templates which find critical vulnerabilities and also you will learn how you can able to write your own templates here. Hope you guys enjoy this classes. Thank you. Have a nice day. Hello guys, hope you're fine. Let's download this nuclear. This is the official GitHub page of nuclei. Okay, from project discovery nuclei. Just search it. Okay, you guys will see this one. This GitHub page. Now, how to install it? So, if you go down here this space, there is a installation. Okay, so simple you need to execute this command. Once you execute it, then this is a way to use this one. So first of all let me show you. Just open your terminal. Let me zoom it and let me change this color to green on black. Okay. Let me zoom it now. Just open it and click on just copy this command and paste it here. First of all you need to install go language here. Okay. How to download in easy way how we can able to install go. So simple here we have the commands. Okay to install this just copy it and paste it here and give and add and sign. Okay. And then again copy the second command and paste it here. So this is how you guys can able to download go language. Just type there. It will take some time. You need to wait. Don't worry I'm going to teach you what is this nuclear this alls okay first of all let's install it then we will go to theory as well basically in this whole course we are learning only about nuclear okay same like uh in mapap or wireshark courses where we learn only about this tool right same like that now see now it's asking for do you want to install gcc go just type y and install it sorry it's removing and uh it going uh install this Golang- go. Instead of using this like this, you can simply execute the single command here. This one. Okay. Uh it will work. Okay. We successfully install Go language here. Now just copy this command and paste it here. Hit enter. Now you need to wait because the process will take a huge time. It going to download the latest version of this uh nuclei. Easy process, right? Just leave it. You successfully downloaded. Now what you need to do just type ls. Now if you run nuclei from here then it won't work. Okay? It will say that you need to install it again. So you need to set up it properly. What you need to do just type ls again here and here we can able to see go. Let me open file manager here. See there is a go folder in go we have bin. In bin we have nuclear nuclei. Okay. From here we need to run it. Okay. If I want to run nuclei then I need to navigate to this location. From here I need to execute it. But my I want to run it from anywhere. Okay. I just want to open the terminal and from there I need to execute it. So to do that one you need to set up it properly. just execute this commands which I'm showing you here. See, basically this is for Linux new versions. Okay, just execute this command. Then uh the second command is this. Hit enter. Now we successfully set up it properly. Now check this one. Okay, this is the command which I executed. You no need to navigate to that location, bin location or something like that. From anywhere you can able to execute it. Just open the terminal as a normal user. I'm not executing this as a pseudo. See, I didn't added pseudo here. Simple. I just executed as a normal user, as a Kali user here. Okay. You just need to execute this two commands. Okay. Now, let me run here nuclei and just type dash h. Now see, I can able to run this nuclei from anywhere. I don't need to navigate to this specific location and from here I need to execute it. So, this is for new version. If you are using new version of Kali machine then this will be the command for you. For old versions the command will be different. Okay. For old versions what you need to do mean you need to change the shell here. Okay. Uh there is a Z sh RC is there right? Instead of this you need to add bash RC. Okay. for old version. If you are using old version of Kali machines mostly people who are not using it but still if you are using then you need to type here bash rc instead of z shrc you need to type bash rc and the second command will be instead of z shrc you need to type bash rc right okay so this is how we can able to set up our what nuclear so easy right okay you can also install by just execute Executing this command as well. pseudoappt install nuclei. If you execute this command, it going to install nuclei for you. You don't need to do this all process. But I suggest you to go with the latest one. This is the latest one. Okay. You can al after downloading uh after installing using this command a command, you can also update it. It's totally depend upon you which you want to use. Okay. And once you type uh dash h then here you can able to see all the options. Okay. Mostly these are not necessary. This many are not necessary but I'm going to show you that much which is necessary in pentesting and ethical hacking and red teaming. Okay. Right. Hope you guys enjoy this class. Thank you. In the next class we are learning what is nuclear and this all the hope you are fine. In this class we are learning what is nuclear vulnerability scanner. See, nuclear is a fast vulnerability scanner used by ethical hackers and security teams to find security issues in websites, servers, APIs and cloud assets. Nuclear works using templates. These templates describe what to check and how to check it. Now, what is templates here? We're going to cover that one. Okay. How to create templates? We will cover this thing as well. By using a we going to create templates mostly you won't get that much uh it's not necessary to create templates for nuclei you know why because uh in uh in what we say in project discovery there is also another repository with the name of nuclei templates where you will see thousands of templates okay simple by using those mostly you guys can able to find uh there only okay you no need to create it but if you want to create any template, we going to cover that one as well. Okay, in a very easy way, we can able to create the template there. Okay, previously a is not there at the time. People used to type the stuffs and they need to mention the things there. But right now, A is it. So that's why we can able to create it within few seconds. Right? It's very easy to create. Again I'm saying see here instead of randomly attacking a system nucleus send specific request look for specific response confirm vulnerabilities using clear condition is there anything related to that vulnerability it going to confirm it okay it going to use some checks there okay in a simple words it going to check the uh in response okay it going to see look for specific response if it's match with the template match with that response then it going to tell that okay this one is vulnerable with this uh one okay this is how it going to tell you so see here because of this nucleus is very accurate and produce low false positive okay this is the main thing in nuclei you won't see lot of false positives here you will see but not that much by comparing to other tools okay we have some other tools such as oas zap is there are a lot of tools mostly oas zap if you use oas Zap then you will see a lot of false positive there. Okay, the vulnerability does not exist but still it will say that vulnerability is there. Mostly in free tools what will happen is the false positive will be appear in bub scanner as well you will see a lot of false positive but here what will happen you won't see that much okay very low by comparing to other vulnerability scanner but remember a good pentesture check manually okay once we get the results we need to check manually there you need to confirm the vulnerability you can't write report directory okay like you got the results using you found the vulnerabilities using nuclei and you returned the report there and you submitted it without checking then it's not valid. Okay. Once you see that there is a vulnerability then you need to confirm it manual manually. Okay. Even if you are using automated tools also you need to confirm it manually. This is a main approach here in real world. This is the thing which you need to remember. Okay. You can't rely on tools. Yeah tools play important role but you can you can't go with 100%. Okay. Once you get the vulnerability, you need to manually check that uh vulnerability then you need to confirm it and you need to mention the stuffs in report. First of all, I did this one. Uh you need to mention like if you're using nuclear, right? You need to mention that okay, I just use the nuclei, I use this one. Okay, this is a bug we got. vulnerability we got. You need to highlight that one. then you need to then I just uh you need to mention that okay uh we need to do uh we also check manually and we confirm that uh it's already uh it exists something like this in you need to write properly okay so this is very necessary right why nuclear is needed in real life see in real organization there can be thousands of IPs this is what I always tell you okay you will see a lot of IPs there okay lot of domains Okay, manually testing is slow and impossible at scale. If you have a lot of ips and client is saying that you need to submit in v or something like that at the time what you will do you can't able to check it okay you can't check manually at the time this kind of tools will useful okay now you will say that okay how you told it right uh I here I just told you that once we go get the domains we need to recheck it once we get the vulnerabilities right at that time here what will happen means the client will uh focus on checklist. Okay, they say that okay, assume that we need to submit it quickly. Okay, at that time they tell us to go with checklist. At that time we can able to mention it. But for critical, assume that here you will see in nuclei. I'm going to show you this thing as well. In nuclei it will show you the critical as well. Always remember check critical. Okay, if you get any critical results, manually check it. This is also necessary. Okay, so manual checking is necessary. Okay. But uh here in nuclear what we are doing it's it going to check the vulnerabilities. What I am saying means once you get the results of nuclei the vulnerable results then check it you won't see that much uh vulnerable results. Okay, this is also one thing. If it's a very h like vulnerable uh whole environment at that time, maybe you will see a lot of things but mostly if you got 1,000 IPs, okay, if you have 1,000 IPs, maybe 60 IPS will vulnerable, maybe 20 IPs will vulnerable. This is how it will work. Okay, so uh once you get the results, it's easy to check, right? This is also one thing because uh we have a very little amount of IP there. Now traditional scanner are heavy, noisy and inaccurate. Okay. And nuclear solve this by running lightweight checks testing only what is defined. Now uh you can also define it. This is also one of the excellent thing. Now if you want to look for SMB then simply you can mention the SMB template there and you can able to test for that specific thing. Okay. If you want to test for FTP then you need to use FTP template. Same like NS scripts in N map. In N map we have the NS script right. uh we use a lot of scripts. If I want to perform the SMB enumeration then I need to use the SMB scripts there. Okay. Same like that only in nuclear we have a lot of templates. Okay. For every service we have the template for it. Okay. So we going to go with it. Now here see giving repeatable and verifiable results. Okay. Now real world scenario. See imagine a company have 500 websites, 50 APIs, 200 cloud endpoints. Okay. Manual checking, missing security headoffs, old vulnerable softwares. Okay, expose admin panels. Okay, this would be take weeks. Okay, if you are looking for this one, mostly we need to check for these things, right? So if you only focus on this three things, then it will take weeks, okay, to check one by one. So with nuclei, you are scan everything in minute, okay, you get real lizards, you can verify each findings manually. This is excellent, right? Okay, let's go back. Now, there is a sorry, let's focus on key features here. See, nuclei based scanning nuclei does not guess. This is the main thing which you need to remember. It won't guess. Is scan use a template that say what request to send, what respond to ex uh expect, what condition confirms a vulnerability. These three things we need to mention in templates. Okay? then only it will show you the results. Okay. So that's why it's not a guess because we are mentioning each and everything which is necessary in manual checking also we mention the steps. Okay. Instead of in manual checking we are pasting those all things in templates and we are waiting for the response. Okay. This is also a kind of manual check only but by using tool. Right. This makes scans predict uh p predictable accurate easy to understand very low false positive most scanners report may be vulnerable possible issue suspicious behavior can nuclear reports only when condition are fully match the condition is fully match then only it will show that it's vulnerable right okay example if a vulnerability requires a specific response body nuclear check for that exact content And if the condition is not met, the vulnerability is not reported. Right? Okay. So extremely fast. Now this is a kind of advantage and disadvantage as well because u if there is any firewall is there or something like that at that time it will detect it and it going to stop it. So that's why you can also manage the speed in nuclei. Okay. You can u slow down the scan something like that. So nuclear is written in go language and it's optimized for speed. It can scan thousands of target, use uh concurrency safely, run on low resource systems. This make it perfect for bug bounty, red team, blue teams, CI/CD uh security testing. Now, uh this nuclear the project discovery community is very popular. You know that it's a very popular and they update the strips time to time, right? So community and official surfboards thousand I told you right thousands of readym made templates are there. So you no need to create your own because we have each and everything here right. Templates for CVS, misconfiguration, exposed panel, default credentials, cloud issues, API flaws. Okay? Templates are updated daily by the community and security researchers. Right? So this is excellent. This is what we are looking for. Right? So in the next classes we're going to cover about what is uh what are nuclear templates. Now see uh about this one if I want to run it then it's very easy to run okay let me show you from page only uh here only see if you want to run a single target see how easy it is simply you need to mention like this nucleate-t target and your target um what we say domain remember you need to mention the protocol here now see what will happen means this is the default scan. Okay, once you scan using this flag, you just mention nuclei and that's target and you mention the the domain here at the time it going to use each and every template. Okay, there are a lot of templates here. It going to use each and everything and it going to give the results but it's not necessary because some application won't use all uh technology, right? Assume that it's not using FTP then why we need to use FTP templates here. Okay. So this is how we need uh we're going to check the solves. We're going to run it uh which are required right now. See if you want to u scan the multiple targets here we have network scan. You can also mention the subnet as well. This is very excellent. Okay. Uh to me uh to give the if you want to scan the what we say the template uh we're going to download the template and we're going to mention those templates as well. Okay. then you're going to use a specific template which you provided there. Okay. You can also uh you can also run scans on your machine and upload the result to a cloud platforms from further analysis and now here you need to mention it. It's not necessary. Right? Let's see uh about the templates as well. In this class we are learning how we can able to use this nuclear templates. First of all just visit this repository uh from project discovery/nuclear templates. So this is what we need to download. So if you go down here we have a nuclear templates top 10 statistics here for a tag vulnerability we have uh basically these are the taxs. Okay. If you are looking for if you want to go with vulnerabilities at the time you need to mention this tax here. We're going to cover this all ships. Don't worry. So but what I am saying means for vulnerable this many uh templates we have 6,440 uh sorry 4 uh 68 templates we have okay for CV we have 3 587 this many templates it's a huge uh right so we can use it right so uh first of all you need to download it how to download just type here just copy this and just type Here get clone. Sorry. A simple paste URL. So here we have just let me type ls and here is nuclear templates. Just type here cd paste the directory name and just type ls and here we have the templates right so let's go with so simple you need to uh we are going with http right that means uh the what we say man the web based so simple just instead of going through this command line let's go from here ukate templates and there is also for network okay uh if you want to go for default login then here we have uh FTP anonymous login if you want to check okay for honeyotss this is for detection this all stuff okay but we are going with web hacking part so that's why let's go with http here now see here we have uh cnvd credential stuff link CV uh CVS if I open CVS from year okay like 2024 we have this many if you want to detect the CVS then you can able to detect Ed. Okay. Now technologies are there. Uh see here there is a technologies. Sorry takeovers. Where is our technologies man? Okay. Here is a technology. If you want to detect anything at the time you can able to detect it. Okay. So here we have uh takeover is there and for vulnerabilities we have this. So basically we can able to use this for uh LFI, SSRF, RC there are a lot okay uh like from VMware is there related to VMware. Now assume that if you want to use this all vulnerabilities at the same time then also you guys can able to use this all templates only the which are under this vulnerabilities you can able to use that one as well. Okay. So it's very easy. You will see a lot of things same like metasloit. In metasplit we have a lot of things which we which is necessary and which is not necessary as well but we have those okay outdated not necessary sometimes it works sometimes it won't say just think like this is also a meta like a metasloit okay where you have a lot of things you just need to explore it okay that's it now uh let's perform let's use one template here okay uh let me use let me uh first in pentesting in hacking And what we do? We perform the enumeration, right? So simple. Let's use some enumeration here. Right? So what we going to do means uh we going to how to use it. Just type here nuclei. Just type here dash u. You need to mention the URL here. Okay. Now here we I'm going to use this one. Just paste this here. Okay. And then what you need to do, you need to use -ash t for templates. Okay. Which templates you want to use? See in nuclear templates, uh there is a folder with the name uh with this name. Okay. With the name of nuclear templates. You need to mention this folder first. Nuclear templates. The hell? It's not detecting it. forward slash uh here we have http let's use http here okay I'm already in nuclear templates okay so this is why it's not detecting see I'm right now I'm in nuclear template only so that's why it's not detecting it just type here http okay now it go the hell man it going to scan for all HTTP switch all uh it going to use all templates which comes under this HTTP it going to use this all okay so that's why I'm going to do HTTP and is there anything uh let's go with technology let's perform enumeration okay technologies okay uh is there anything under technology if you want to detect so instead of providing uh this let's use each and everything which comes under uh which are in the technology folder. Hit enter. Now it going to use all this templates which are in this technology http is technology it going to uses all templates okay to detect this thing. Okay. Now see it successfully detected the waf has been detected which is nix generic. Okay. So this is how it going to detect for you and also tech detected which is a dream viewer. Okay. And tech uh it's a it's using PHP and this is a nix. Here we have the version which is uh 1. 19. 0. Okay. And here we have uh same the PHP EOL version is 5. 0 5. 6. 40. Okay. And here we have Nix version again the same. This is a NIX version it's using. Okay. And PHP is successfully detected. What is a version here? Here is a version. So this is how we can able to use this one. Okay. If you have any other let's you can go with Nokia as well. Let me go with Nokia. Nokia use HTTPS protocol. Okay. Type here Nokia. com. See we are not exploiting anything. We are just looking the SHs. That's it. To detect vulnerability, we have this vulnerable URL here. Okay, which is this uh which is this one. See it successfully detected. W application firewall is there. So here we have tech detected engineext. Uh that's it. Now I need to wait for this version. By using N mapap also you can able to do this right. Hope you guys know this. If you don't know about N map just try to watch our full course on N map. Okay on the same channel you guys will see that. See here I didn't get that much right. I can only see that uh tech detected WF web application firewall is there but I can't able to detect something like this. Okay. So this is also one thing at that time what we need to do just try to use map a filters something like that. Okay. But this nuclei is meant for to find the vulnerabilities not for this right. So we're going to use that right. So hope you guys enjoy this class. Hope you know how we can able to use template. This is how we can able to use it. Okay, there is no hard works nothing. You need to mention the folder that's it can able to use this. Right? Now let's learn how we can able to modify this templates. Okay. Basically when we perform the scan here what happened you guys will see it's using basically these are the template names. Okay, which it's using right see there is a PHP uh ol is there basically this is a template now where we can able to find it you can also use your terminal to find this one but um use this file manager okay which template we use uh this in HTTP there is a technologies folder in that folder we have the template okay open that here we have uh this one which what is the template name there it's nix generic let's go with this one nix genix okay let me find it engineext so here it is engineext X version is there. Now let me open. We also have the folder as well. So here if I open this let me open this one right here. You guys can able to see first of all there is a ID. What is this ID? ID is this one. Here you guys can able to see Nix version. Uh this one enginex version is there. Right? This one see this is a basically the ID here which you need to find. Okay. Once you get the ID here there is a info in name. You guys can able to see the name of this uh template. Author is this guy who developed this template who created this and this is a severity is info. Info means for informations. Okay. For information is there critical is there. Okay. Uh sorry uh basically uh severity levels are different. We're going to cover that one as well about info is for information. Uh medium is there. Uh there is a lot. Okay, we will see this. See descriptions and servers have the version on the response header. Useful when you need to find the specific CVS on your target. Now here there is a tax. We're going to cover about the tax. Remember just try to focus on the keywords. Okay, this will be useful in next classes. This tags this ids this all stuffs. Now see there is a HTTP method is get here and the path you know about path. Path is nothing but your target URL. Okay, here it going to take your target URL and it going to matches the results with this. It going to use a reax value reax to find this versions. Okay, see here you can also add anything. If you want to find the PHP version then you can also add it here. Okay. If you want to find any other thing like uh just wait like any other thing such as uh any version any uh any keyword which you want to look in that uh what we say in response. Okay. So you can also edit it. It's a very easy. Okay. Now let's go back and let's see the another one. Uh this is a technologist right now let's go to uh fuzzing is there honeypot is there credentials stuffing uh CVS let's go to 2025 and let's open this one see there is a this is OS command execution okay this is uh 20 CVA sorry guys CV ID is 20250 107 okay what see the seity here it's a critical Tim I just told you right there are different severities are there which you need to focus well using this uh nuclear we can mention those se severities as well okay like I want to look for info critical then we can able to mention it okay in the next classes I'm going to tell you about this now see the description here what it's saying an OS command injection vulnerability in paral network expenditation enable an unauthenticated attacker. That means for the attacker who doesn't have the a user just take like this a user who doesn't have the uh username and the password then he can uh even that user also can able to access that one. Okay. He can able to gain the access there. Okay. An authenticated attacker to run arbitrary OS command as a WW data user. Okay. We can able to interact in the uh parallel to network uh with this one as what as WW data user in exped uh d edition which results in the disclosure of username clear text password device configuration and device uh API keys for firewall running pan OS software right so basically these are the firewalls if you don't know it's a one of the most popular one Okay, like within like quickly they're going to patch it. Okay, even it's vulnerable. These guys are like patch it very quickly. Okay, if you want to find the vulnerabilities, if see whenever when you scan the network at the time what will happen means you will find this all stuffs. Okay. Like VPN uh what we say routers and VPN login portals here mostly what will happen they say that uh it will be vulnerable whenever you scan that one it say that it's vulnerable. Okay the scanner will say it's vulnerable but when we try to exploit it then it won't work. This is also one thing. Okay. And also due to honeypotss as well. Once the people install the honeypotss on their server just install the honeypot on your local server as well. Okay. At that time what will happen means it will create the fake stuffs there. Okay. Like outdated version whenever the attacker scan your machine at that time you will see the fake results there. So it's a kind of time consuming process. Okay. You need to soon we're going to create a complete course. Okay. Next our next course is uh about ethical hacking. Okay. where we are covering those stuffs about honeypot uh snot uh C2s this all stuffs we are adding there okay hope you guys will enjoy that one as well so here remediation see what the what he's suggesting he created very excellently see remediation upgrade to the latest patched version of Palo Alto networks expenditation as specified in the vendor security advisor so simple what you need to do you need to update it now he also added the CV CVS score here right 9. 8 update which is very crit it's a critical vulnerability right but it's good right now see how it's working it's there is a get API now it's looking for this interact s and there is a URL and it's going for the port 443 and it's looking for it okay see there is it's also using the username root and password as lalto right and here is a task ID this all and there is a host which you need to add here like if you are doing it on IP addresses then it will automatically detect it. Okay. Now see here type is word interact uh SS protocol is there and word is DNS the word uh here you can able to see started success true it going to filter out those things then it will say that it's warnable. Now if the responses didn't match with this template at the time it won't uh show you in a vulnerable s okay even uh if you miss anything here right at the time even the vulnerability is there still you can't able to detect it so it's very easy to u create this templates but it's a time uh sometimes it will take a good time okay and also uh right now AI is there so you no need to worry because within few clicks we can able to create the templates here what you are looking for right again I'm saying this all depends upon the request and the response which you added there so it going to compare with it then it going to show you the results this is how this things work let's close it now uh let's go to HTTP again there is a default login now see uh let's go with Uh Apollo let me open this one. See there is a Apollo default login is here. Now author is this guy paper pen. Uh severity is high right it's not critical it's high like uh there is uh info medium. Okay high critical. No this is high. The score will be around uh 8. 3. Yeah. Here it is. Yeah. Napole default login was discovered. So here you can able to see the reference and CVSS uh matrix is here and here you can able to see uh metadata this all shifts. Now if you go down now see the uh this one here the request. what it's saying a post request and it's using your host that means the target domain or IP then content is this and uh origin base URL uh sign in okay now here is a username and the password see it's using the username and the password right get user and here it's using the payloads okay where in this fields see there is a username The same thing he just added here and he's logging as a apple like he already mentioned the credentials there. Okay. Once it will test with it with this credentials and the panel is successfully log in there at the time it will show you the vulnerable it will show you the output there that this one is vulnerable. Okay. See he just mentioned this username as Apollo and the password is admin. Right. So here it is in this field. In this field it going to use this credentials. Okay. In password field in pass field it going to use this credentials as admin. Now it going to login. And there is also another one type word uh what's which has user ID or email condition DSL is status code 1. Uh 3. 2 is a status code of HTTP. You know this right? It's a redirect. HTTP redirect. Okay. and 200 it's for okay [ __ ] score 200 is for what it's okay it's right so this is how uh error canon is here let me open it now same thing here there is a reference you can also go for it now see here at starting only we can able to see there is a what do we say uh username variables are added. Username is administrator and password is what? 7654321. I added the username and the password here. And then there is a uh request right here. They're going to use the password username. This all shows basically there are matching the things here right. So this is how we can able to use it. Just you need to change it. Okay. You just need to analyze your traffic results, right? Uh let me show you. Me refresh it. Now if I click on inspect and click on network, just let me uh go here. Now you guys can able to see if you want to only extract this information. Now it's saying that nix. Okay. Now if I want to extract it then I need to paste it there. Okay. If I want to modify anything then I need to change that keyword to this keyword. Okay. This is how you need to think right. So we will also uh we're going to see how we can able to develop this as well. Sorry. So if you want to look for any specific thing then you can also mention it from here. And now see the status code uh in the template uh they also mention the status code okay 3 not2 and 200 okay this is also the comparison if the result is 200 okay at the time successfully login okay the uh it's vulnerable with that credentials okay we successfully log using that Apollo credentials which is uh username is Apollo and password is admin right so this is how we can able to figure out those things not that much hard it's a easy things just Try to open it and just try to look it. You will see a lot of things here. Okay. All right. Hello guys. Hope you're fine. In this class, we are learning how we can able to create a basic template. Okay. See why we need to learn this template. This template creation process. Uh in the last classes I told you we have artificial intelligence. Now we can easily give the prompt there and we can able to create the template. But why we need to learn this? See even a is there still you need to learn some things because if you want to uh maybe some things won't work sometimes. So if you know how the templates are being made at the time what will happen means you will get an idea here. Okay. See in ID whenever you create templates in ID you can't use space there. You can't use uh like what we say space or uh duplicate keywords as well. Now assume that you have one template with the same ID name. At a time what will happen? It won't work. So let me show you what I am saying. First of all let's create a document here. Let me uh let me create something like uh PHP uh yl extension is very important. Just open it. Now first of all what I'm going to do I'm just give id colon and give any ID name here. Okay. It must be unique. Okay. If you are using a duplicate one which already have in the template uh in your template at a time it won't work. Okay. So it must be unique and it doesn't have space. Okay. If there is a space then it won't work. So let me do one thing. Let me give the name such as PHP uh 5 5. 6 something like that because I'm going with the version here. What I'm going to do mean I'm going to create a template for to detect this version. Okay. PHP 5. 6 6. 40 version. Okay. So, what I'm going to do then uh I'm going to type info here. First of all, let me type that template. Okay. Then I'm going to explain you. Just wait. Now, see here what we have. We have ID and here we have info. Okay. Now, first of all, let's cover more about ID. This is a name. Okay. We are giving a name here. Nucle uses this name to identify the finding. Okay. Uh in a simple words in files also we provide the names right. Same like that only here we are giving this ID and here we have info. What is this info? See this section is only information. Okay. It does not scan anything. It's only for information. That means you are providing the stuffs. That's it. Think of it as a uh title. Okay. In pages in web pages we have the title right? Same like that only. Okay. Then here you guys can able to see name in the uh here we added the name. Okay. So the name will be uh you guys will see this name in output. Okay. In nuclear output you guys will see this name. Okay. So that's why name also play very important role. Just give a good name there. Okay. The version name something like that. See here I provided X provided by uh PHP 5. 6 disclosure. Okay. And here we have the author you can I just uh given the beginner here that means we are just you can also give any author name here such as uh white sec is there right so simple you can give anything but I don't want to give something like that so we are it's a beginner level one okay so severity is there which is info what is this info you know about this info I just told you right uh how serious it is like uh basically info is for information to get only the information from our target. Okay, we are not hacking anything. Okay, this is just a information leakage. That's it. Right now, here we have the description. What is a description? Uh you are explaining what this template do. Okay. Uh like what it it's going to in the last classes we covered there, right? That author created excellently about the description. This also simple. You can also add the C CVs score here. this all things. Okay. Now here we have now this is a main part request. Okay. Now here we have what method get. First of all let's focus on request. What is this request? See this tell nuclei how to talk to the website. Okay it just it's not a request. It's not a scanning. Simple. It's saying that how to talk with that website. That's it. Now here what we are doing we are using get method. Okay send what will happen means the nuclei will send the get request. Okay send a normal browser request. Okay like uh in a simple words opening a website in browser. Okay simple like that only it going to open the request. Now here what we have the path. What is a path? Here in path we can able to see it right base URL. So basically this is a website address. Okay. Uh in nuclear you mention the website address right? Nuclear dash and in double quotes you add the website same like that only but nuclear what it does means it going to replace it with your website. So you don't need to worry about this thing there. Instead of base URL automatically the nuclear uh nuclei will replace it with your uh website. Okay. So it's a complete automatic uh process. Now here we have the uh matcher section. Now this is a kind of important. Okay. From this only we can able to detect the stuffs here. Right. So see here there is a type is there. Word is there. Okay. And here part is there. In part we have header. And now before learning this if I go back here in response header see you uh we have the matcher here right what it does means it's do a very excellent work it going to match this result okay if there is any results here okay at that time only it will show you okay so matchers decide yes or no in a simple words if condition is true that means if he got that word okay which we mention here at the time it will show the results. If the word is not there which we are looking for, we are looking for this word. Okay, if it's not there in that result then it won't show the output. Okay, this is what matchers do. It matches the things in a simple words. Okay, now here we have the type word. What is this type word? Okay, basically here whenever you mention this type word that means we are matching the text with it. So we added the match matcher here. In matcher we have this one this feature which is a word. Okay. In type word is there, right? What it going to do? Means it going to match the results with this. Okay. If there is the steps in the uh header then only it will show the steps. Okay. Uh if the text is exist then it will show you the results. The template will trigger then it won't right. So that's why we use a word here. And there is a part header is there. What is this? This is a uh HTTP header. It going to look for this headers. Okay, not body. headers. Now assume that in this header we have something like PHP basically where we get this all versions in header only, right? So that's why we mention header here, right? So in this header if you match this keyword at the time it will show the result. Now what is a word? We are we now we are talking about the words. What is this words? See if this exact text appear in head then it going to match it the exact text okay this thing appears in here at the time it going to match the results okay or else it won't now how this nuclear how this template is thinking see first of all it going to send the request okay sorry send get request so that here we have the get request then once it send the request what will happen it receives response and it's going to check in header. Okay. Then in header, is there anything related to this word? Then it going to show the results. That's it. Okay. So it's a easy thing. So you don't need to worry about it. So let me save it and let me run this one. Sorry. Here it is. Right. Hit enter. I just told you. Right. First of all, what will happen? It going to send the get request. What? What is the issue, man? Put not run scan. No template. Just wait. Now here uh you can also check it. So our ID name is invalid. Okay. So what I'm going to do? So simple. Let me open that ID. See I just told you this is what I'm saying. ID play very important role here. Right. So again let me type here something like uh let me remove it. Let me copy this. Let me give the ID as you can't use space here. Right? So, is there anything else which we need to do? Um, and also in in ID you can't use upper letters. Okay. So, just change it to lower one. You can't use uh special characters as well. Just let me save it. Let now I want to check it. You need simply once you create that template just try to validate it. Yeah, now it's saying that all templates validate successfully. Yeah, great man. Now what I'm going to do, I'm going to run this one. See how important it is this ID. This is what uh the error I got. Okay. Could not run nuclear templates. Whenever you create nuclear templates, if you see this error, then you need to open your template there and you need to check you did anything wrong or something like that. If you did wrong, then you need to edit it. Now let me type here PHP yiml. Uh now see it successfully loaded and it successfully detected it. Okay. Explored by PHP and here we can able to see HTTP uh this one it successfully detected. But what I want in bracket okay previously we got in bracket we got the version right same like that only I want. Okay. How we can able to edit it. So in this cases what we can able to do mean we can use extractor. Okay. So in extractor what will happen means it going to pull extra information from the response okay and we're going to use reax to find the data and you need to mention the uh this one as well uh reax value okay what you want to extract instead of giving value also you guys can able to extract the results this is uh this also I'm going to cover right what I'm going to do mean just wait just let me open this file okay I'm going to add some lines here just right. So here it is. Okay, we are using here we are mentioning the type is reax. You know about reax, right? So it going to find the pattern then it will show the results. Okay, in the same header uh we are looking in header only. Okay, in that HTTP header the value will be this one the PHP something. Now this is a challenging part. If anyone don't know about projects the time the things will be uh kind of hard right so you no need to worry I'm going to show you some different method here first of all let me show you the result just what you need to do first you need to validate it wait man first of all let me clear it just validate it what it's saying uh could not load the desktop php ym ML line does not exist. Wait, I saved it, right? Yeah, this is the issue which I got in where in line 21. Just let me open where is that line 21? Here it is. Okay, this one. Want to remove this line here like this. See lines play very important role. Save it. Close it again. Validate this thing. Just wait. Hit enter. Now uh line 21. Now see here we are mentioning this one the uh specific version here. Let me remove it. Just mention like this. That's it. Because here if you go back see here we only have the uh this PHP forward slash. Okay. After this we need to extract the version. So that's why you can also remove that one or just remove it. Okay. Once you remove it and here we have the extractor and reject and some header. Right. Let me remove this 21. Okay. And now let me validate again. Yeah, now it's working. Now let me execute it. Hit enter. Now see it successfully detected PHP version 5. 6. 40. Now if you mention the exact version in this line at the time it won't work. Okay, here we mentioned the exact version but we forgeted and we added that one but you need to remove it. Okay, if you are using reax then you need to remove that one because it will take the exact one here. See now what happening here it's only taking this PHP forward slash is there right? Simple we added that only here then it going to extract the version I told you right instead of using reax what we can able to do there is also one another way okay instead of using just keep by default okay let me remove this one as well x powered y okay simple let me remove it because here we are going with the keyword now this keyword okay x powered y we are going with this keyword just add the keyword here right and in extractor let me use cable now it's very important okay it's play very important role as well so uh what I'm going to do in cable I'm going to use the same keyword here this keyword just copy the value and paste it here right something like this and remove this reax and replace cable What is this? I will tell you. Just wait. I'm going to explain you this thing. You know about uh extractor. Okay. It going to extract information in your output. What is a cable? See, basically cable is for value extractor. Okay. Uh simple meaning is you can say that you just need to mention the what we say the name there then you're going to extract the value. See here what we did we just only mention the header value here. Okay. Had sorry header name. Now what it going to do? It going to extract the value in it. Now in this uh what is the value? First of all what is the name here? See name is this one. Okay. And the value is this. Okay. Going to extract that one. So this is why we are using this cable. Okay. It going to pull informations from u your given names. If you want to extract anything okay instead of using reject simple in nuclear you can mention the names here. See content type is a name, content encoding is a name, connection is a name. What value is this? Okay, gzip is a value of uh content encoding this thing. Right? So we successfully created it. Let me save it and let me try to validate it. Hope it will work. Yeah, it's working. Hit enter now. See here can see the version right. So basically only rejects can able to extract the version. In cable you can't do that one. Okay. If you are using cable at the time you can't do this thing right. But you can there is a one alternate method here. What is that? By using debug. Just type here debug. Hit enter. Now you guys will see the results right? If you can able to see each and everything here. But once you focus on this thing where it is export see it's little bit uh dark uh sorry light green color. Right. So here we have the results. We can use the filter options here. Okay. So I can use something like uh just execute the same command. Let me paste it. Hit enter now to see what will happen. See it successfully detected this one. Basically we are doing the filter here. Right now uh what if I want to extract two lines before that header then also there is a command for it. Oh [ __ ] using reax is easy right? Uh cable is good but still see here I can able to extract the lines before that or you can also see the name or value. You can use this one. What happened? It can't be able to. It didn't capture. No problem. So, uh you need to play with that. But still, Ajax is good. Uh go with it. Evil is also good. See whenever you use template you know right why which template is for what purpose so you can able to analyze from by using those results as well by using the templates as well so it's not a big deal right and also I am I'm saying about reax as well uh for reax we have now we have AI okay we have artificial int intelligence simple we can able to create reax within few seconds okay if I want to create a rejects for bitcoin address okay if I want to find any bitcoin address in that value or IP addresses then simple within few clicks I can able to create reax for it okay to find the values like that so what I am saying no need to worry okay this is all for to understand the concept that's it you no need to do it okay what I suggest just understand the concept okay later we're going to do the steps we're going to create the things now let's learn nucle okay And now you got the idea about this templates. This all shs. Okay, it's only to detect. Okay. Now what we going to learn? We're going to learn how we can able to uh use the filters in nuclear. Okay. This all shifts. Okay. Then we at last we're going to learn how we can able to create using a right. Hope you guys enjoyed this class. Thank you. So hello guys. In this class we are learning how templates work internally. See these template contains target okay which is UR sorry guys URL IP or host and request as well and matcher okay we covered this all things in last classes right in request we will see the path or payload the specific path where you are checking or the payload which you want to execute in the target method like uh and also you will see the method like get or post request There matcher we covered about matcher as well. What to look for in response status code header value response body text. Okay. This all or what it's sorry this all comes under matches. Okay. What you want? Okay. What to look for? Right. Condition. All rules must match to confirm vulnerability. If the rules match then only the template will show you that the template will work. Okay. you will see that it's vulnerable or not. Now, now here we have some example. Example, let's go with exposed admin panel. Okay, mostly um uh you will mostly people know about this one. Okay, in real life many application expose admin. What I'm saying means um there are a lot of websites. Okay, just type the domain there. Domain or IP and forward slash just type admin. Okay, then you will see the admin page here. Okay. If accessible without login, it is a security issue. Okay. Template logic send request to admin. Check if response contains text like admin dashboard. Okay. If there is a text like that, check if status code is 200. Okay. If you are checking for this thing like forward/admin, if you see dashboard there in template, you added uh something like dashboard or something like that. at a time it will look for it. Okay, text and it will uh check using the text. Okay, it going to match with it. If it got 200 status code, then you will get the result. In a simple words, it's warnable. Okay, if all matches, vulnerability confirmed. If one fails, not reported. Now, assume that uh it got the status code 32 or something like that, then it won't report. Okay, now this is why false positive all low. Now finding a known CV see for known vulnerabilities the vulnerable version returns a unique error okay or exposed a specific endpoint. Now uh if you watch our previous web hacking courses what we did there if I want to look for SQL injection vulnerability basic thing first of all we need to type there single code. Okay once we type single code if the website will show error there. So simple you can also match with it. This is what we are saying it's written with the error. Okay. So or export a specific endpoint. Sometimes it will show the specific things there. Okay. Templates check specific path specific response pattern only vulnerable system respond in that way and so that's why we can able to capture it. So we can say that it's vulnerable. So this is all about uh template. Okay. How it's uh how this template work. So, hope you guys get it. Now, let's start some uh classes here. We're going to go with some uh CVS solves. We're going to scan through CVS. So, hello guys. In this class, we are learning about how we can able to uh use rate limiting in it. Okay. Now, first of all, you know about rate limiting, right? Uh see, rate limiting means you going to control this uh nuclei. Okay. So we can able to send specific amounts amount of request know some servers out there if you send a lot of request to it then it going to go down. Okay. So simple we can also manage using this request okay in nuclei. So let me open this guy nuclei right and also you guys will see the documentations here this nucle uh about this one here we have uh this all right so here only you guys can able to see the red limiting just wait so here it is red limit Right. So RL you can able to use for uh rate limiting. So here you can able to see maximum number of requests to send per second. By default nuclear sorry guys nuclear use 150 okay it going to send 150 request so we can able to manage it how simple uh just do one thing just use this one just execute this command nuclei and use the flag here what is the flag we can able to use this flag direct uh dash rate limit or dash RL like this or you can also use this one as well. Okay. Now what is ind here? That means you need to mention the integer value there. Uh by default let's go with 150. Right? Now if I add 20 here at the time it going to send 20 request in a simple words. Right? See it going to send 20 request per second. Now if I add something like one here then it going to send one request per second. Okay. How fast it is. Just see by default it send 150. Okay. Now the server is not that much uh it's small server. Okay. It's not that much powerful at the time it will go down. So that's why you need to focus on this rate limiting. Sometimes whenever you perform the scanning you won't see the result. Even the server is vulnerable with it because it can't able to handle that much steps. Okay. Mostly in internal network you guys will see this one. Now assume now this is just seconds. Okay. Now this guy is go with seconds dash uh what we say dash rate limit go with seconds. But how we can able to go with minutes as well? Here we have the minutes. See let's go with that. Now uh what it going to do mean it going to send now if I add here 150 okay send 150 request per minute in per minute it going to send 150 request so this is how it will work okay there is also a concurrency is there let me show you about this one you see I'm only covering the important stuffs uh there is a concurrency Now concurrency like you now if I add five here that means only five request runs at the same time okay it will only go with five request it's not go uh it won't go with minutes second something like that okay if you want to send this many requests then it going to send that much only right okay so Uh wait wait just wait I want is there maximum number of templates to be executed in parallel okay this is a thing it going to only run this many requests okay that's it now there is also a tax okay now let's focus on tax as well Hello guys, hope you are fine. In this class, we are learning about tax. What are taxs? See, assume that I want to scan only for a specific vulnerabilities like I want to look for RC, SQLI or I need to perform a CV search there. Then I'm going to mention the tax here. So what are tax? Okay, let's open a random template. Just let me open this. And here you can able to see the tax. Okay. So what will happen means assume that if you are looking for excss or SQL then the nuclei focus on those templates which have tax SQLI in it. Okay. In the tag value is there SQLI then it going to use the all uh what we say templates. Okay. So simple just execute it. Execute like this. You don't need to mention the templates here. Simple it going to use each and every template which have SQL in it in the tax the template tax is Z SQL then it going to look for it see nuclei- and here we mention the URL and what we are using tax here now if I hit enter now it going to only look for the SQL templates okay same for RC as well but if you want to look for RC then go with RC just fit. If you want to go with LFI, RFI, XSS, then you can mention multiple tax here. Okay, let me show you that one as well. Let me stop it. Okay, now I want to mention RC as well. Okay, LFI. Okay, XSS. Then you can able to mention this all at the same time and you can able to scan it. Okay. Now there is also a uh in the next class we're going to cover about that one exclude include okay let's cover here only okay now see here is there any template which perform brute force attacks okay like there are some templates okay which will uh perform a brute force attacks on it at that time you can also avoid those templates okay such as just type here exclude if you want to avoid anything okay any tag here any template Okay, like any template category at the time you can mention that one exclude tax and mention something like the tax which have DOS in it. Okay, something like dose do in it because do is not necessary mostly the companies won't allow you to do this thing. Okay. And brute force. Okay. Like this you can able to mention the stuffs and you can able to exclude the tax. Okay. Now sometimes what willful again I'm saying see in templates uh you will see a multiple tax in one template. See here we uh sorry multiple values in tax. See here we have a CV 2005 XSS plugin. There is a multiple things in it. Okay. But maybe with this one it's also have DOS or sorry DOS is there. Okay. or uh brute force is there at that time what will happen is it will avoid it okay so this is how you can able to remove the steps if you want to uh remove a specific CV you can also remove it okay so we have a lot of things okay now if I want to combine each and everything like uh see here I don't want to exclude anything I want to add rate limit here like this five and let me use concurrency as five you can also use dash c okay like this and let me use three or something let's use three here then it going to combine each and everything and it going to perform the attack there same for if you are looking for a specific vulnerability again I'm saying you can mention that vulnerability no need if you don't want to look for multiple things then ignore it. Okay. Now if you have templates and now in our case we have templates if you remember we downloaded the templates from uh that nuclear. Okay. So where it is just first of all in templates what you going to do mean you need to drag and drop the whole folder here. Okay. You can't mention the specific folder or something like that. So it won't work. Okay. like it won't give you gives a good results for you. Okay. So that's why what you need to do you need to mention the whole uh directory there and just do it. Okay. Right. This is how we can able to see and how you can able to know how many taxs are there. So simple just type here nuclei dash uh I think TL is there. TL to show the tax how many uh the tax are there. Just wait. Okay. Here we have the things. It is a lot man. You need to since basically this all our tax. Okay. So you can see it. Uh it's a huge you need to use grip or something like that to see the shs. Okay. And here if you want to scan for multiple domains. Okay. If you have multiple domains how we can able to scan it simple you just need to use nuclei-l instead of u. Okay. then mention the txt file and scan it using nuclei just mention the tax if you are looking for SQL in the domains or something like then you can able to use that one okay so these are the main things which you need to focus because nuclear is one of the easiest tool it's not like SQL map it's not like bubsuit it's not like end map okay it's very easy okay stride to point so you no need to worry about this things Now you also we also covered how templates work right how we can able to create template these things but it's not uh a complete thing now we're going to learn how we can able to the prompts okay we going to go with a now okay now this things thing is necessary okay like it's kind of a basic thing for you which before creating templates you need to remember this all things okay now we are going with template generation Now let's see some prompts here. See here we have nuclei a prompts. Okay. So for recon we can go with this prompts. Okay. If you watch our chat GBD course then you will get it. It's the same concept basically. See first information gathering here what we are mentioning the nuclei here dash list and you need to mention the target list of it and - a that means you are using a here. Okay. Before using a you need to use the API key of it. Okay, you need to add the API key. Uh this all shves then you need to execute it. Okay, I'm going to show you uh I'm going to show how we can able to do that one. Now first of all just understand the concept what we are doing is see here ex extract page title detect tech and version direct they are using the keywords here under double quotes focus here. Okay, if you want to add more keywords then you can also add. Now see it's saying extract all links pointing to PDF dog XLS uh and other download downloadable documents. What they are doing uh they are doing basically extract all links pointing to this files. It's excellent. Right now there is another one extract link pointing to staging dev or beta environment from HTML. So here we have the lowhanging fruits like to detect the steps. See identify open FTP server allowing anonymous access. You no need to mention the template here. Direct the keyword and it will look for you. Okay. So advanced mix testing is see how excellent it is. Find misconfigured uh CS policies allowing white card origins. Detect export stack process in error message. Find misconfigure Apache and Nix security header. Now here we have the sensitive data exposure. Okay. See identify API endpoint leaking sensitive data. Scan for hardcoded credentials and source code comments. Excellent. Right. Okay. Now here we have the JavaScript file is there. Right. So uh if you want to find this uh this thing in JavaScript then we have the thing we have the prompt here. Right? So simple. You can also create your own prompts as well. It's not a big deal. Now, this is for SQL injection. So that's why I'm showing you this repository. Okay. Here you will see almost everything which is necessary for web hacking purpose. Okay. So see for SQL here we have the inject SQL payloads into HTTP header to detect header based injection points. Excel. Here in here they just mentioned this thing as well. Okay. where you need to look like user agent referer X forward for X forwarded host this all things. Now see here we have the probe JSON based API endpoints from injectable field suspend uh suspendable to SQL injection use time delay techniques to detect time based at SQL injection there is a lot of steps okay see for XSS for SSRF LFI RC XC host header injection cloud security issues okay web cach uh poisoning so you can use this prompts okay now if I go to Uh this one let me look for AI here you can able to see a pro uh template generation is there. So you can able to see nucleate support generating and running templates on the fly using a capabilities proed by project disco AP. These features allow you to perform quick targeted scan without needing pre-written templates by describing what you want to detect in natural language. Right? So you uh you no need to do that much hard work as well. First of all, what you need to do? So uh here is a method. Okay, you nuclear art enter your API key when prompt uh it will ask for the API key then you need to enter the API key of it. step. Once you enter the API, then you need to set the environment variable here like this. Export PDCP uh API key and your uh equal and your API key. You need to mention it here. Okay. Now, how uh this is also one thing how you can able to get the API key from here cloud project discovery. io from here uh I think it's paid. Okay. So here you need to login. Just try to login and look for it. Okay. You can direct uh add the domain here. Right? And you can also scan for it by using this uh discovery project discovery. It's a one of the excellent platform. Okay. If I go back from here only you need to purchase it. See everything is in front of you. Okay. Just try to read the documentation. If you want to learn more then go for it. Okay. And we can also use chat GBT as well. This is also one thing if you want to create I'm going to show you this thing as well how we can able to create using chat GBT. So see here nuclear list target detect export stack the same thing. Find admin login endpoint. This is how you need to mention see - a and mention it. Identify exposed. But here what you need to do you need to mention this flag which is - aa then only you can able to use it after dash aa in double quotes you need to mention your prompt okay so this is uh how you can able to go for it remember if you're not getting it then you need to watch our chat GPT course okay u here on this channel only you guys will see the chat GBP course uh a for this what we say man uh cyber security and for ethical hacking. There is a one video with three hours I think. Just try to watch it. There we imported the API key and we created the scripts using a we did the whole process. Okay. So this is about the prompts. Okay. Now there is also one uh excellent website from where you guys can able to get like uh every prompt okay which is necessary in pentesting. Just wait let me show you that one. This is a website. Remember this. This will help you a lot this one. Okay. Now here you also need to add prompts. Okay. Whenever you create any prompts, whenever you find it, just add it. Okay. See here there is a prompts. Okay. Authentication bypass is once you click for authentication bypass prompt. Here we have it. Identify from Leani. If I copy the prompt, see this is a prompt. Okay, nuclear target and you just need to mention the your website here uh the list of the target and here is a prompt. Uh they used to have a lot of prompts. Let's check the GitHub page as well. Yeah, here we have the this things but this is also useful for you just go with it just try to it's all about to get idea okay how the things will to search templates you can also use this one nuclear templates nlify app so here you can able to search for it okay search through uh issues and or pull request and search uh by template ID, name, tax or other. Now if I look for SQLI, then here we have the automate storage inlet limit configured by something. Okay, let me type here SQLI. Now here it is cyber power SQL injection. If I open this now, here we have the location of the template. It's in HTTP CV 2024 CV again the same thing, right? So by using this website what we can able to do mean we can able to find in a very good way okay if you're looking for any vulnerability with this name or something like that at that time we can able to go with it you can also use grip command there u in your terminal and you can able to find it but you can also use like this as well now there is a takeover is in takeover we have this all right uh see AWS bucket takeover detection is there. So this is one of the most popular one shopify takeover detection is there right there is a O and if you want to detect see darknet dark uh rat proion to detect uh red fishing detection is there best by fishing detection there is a lot of detections okay soon we going to create some fishing detection course as well okay you will see soon now uh there are a lot of things which going uh we will at okay we're going to create some courses on it. Now here we have the CV 2016 there is nothing. Now in RC we have this template is for RC. Okay. So here we have a lot of results. Now if you want to search through issues uh if you are looking for sorry search through issues. Yeah this one. So you can also go with it by just adding by just typing the issue name there. So hope you guys enjoy this one. Thank you. Have a nice Hello guys. In this class we are learning how we can able to create templates using chat GBD. Okay. So it's very easy simple. You just need to write the prompt. Okay that's it. It going to create template for you. If you don't know how to write prompt symbol, just say in chat GBT that I want to uh just create a prompt to create nuclear template for SQL injection to detect sorry to detect SQL injection. Then it going to create a very excellent prompt for you. See, I created this prompt using chargity itself. See, I want help creating a nuclear template that can detect SQL injection vulnerability only for learning and security testing. Now in charge what will happen mean there is a restrictions. Okay, if you direct say that I want to hack something then it will it won't uh it won't show you the results. Okay, so some so that's why this official keywords play a very important role. I do not want to exploit anything or cause any damage to the application. The template should be easy to understand because I'm a beginner and still learning. Okay, how nuclear templates are written? uh I want the detection to be based on common SQL injection signs such as database server messages simple true or false logic behavior and basic time delay behavior uh that is not aggressive it should try to detect SQL injection for a common databases like MySQL MSSQL something like that okay now once I given that prompt here we got the complete template see here I have a complete template you need to mention your name there and you can able to detect it. It's using the reax here to detect this thing. So very good template. Okay. So you can able to use this thing. This is how we can able to create templates using chat z. Now if I give direct like this. Now here I just given uh prompt here create a nuclear template to detect RC. Now let's see. So here it's creating the template. Okay. See it's creating the template for you. You don't need to worry about this thing. Now I'm creating template for to detect the eternal blue vulnerability here. So here is a template for it. Right. It's excellent man. Uh you need to test it. Okay. It's working or not. Just do it yourself. But this is uh the important thing is this is how we can able to create templates right using charging direct itself because uh nuclear won't exploit the strips. Okay. It's only for the detection but sometimes it won't create okay due to some restrictions I tried previously as well to create templates it won't create but you need to use official keywords there this is very important remember this point okay I know about jailbreaking chat GBD this all stuff but I won't focus on this things okay because sometimes it will work sometimes it won't it's not a stable process so you need to go with a long play okay like like which work for almost every time. Okay, it's need to work every time. So hope you guys learn how we can able to create u templates using chat GPD. This is a okay we are creating each and everything the stuffs using a and also in nuclear itself we have a future is there right so simple you can also yeah use that feature okay that that's also important okay play very important role in sometimes what will happen in assessments you can't use IGBD okay at that time these things will be useful so hope you guys enjoy this training thank you have a nice day so let's see you're going to practice it or Not okay. Right. Thank you. Hello guys.

Thank you. Have a nice day. Hello guys. Hope you're fine. If you want to learn more then check out our red team training. It's a complete dynamic training. Okay. We're going to update this training time to time and also it's a pre-recorded training. Once you enroll in this training you will get a panel access. From there you can able to access the whole training. Okay. And also it's a hands-on practical training. You will get labs as well. And also here you're going to learn both penetration testing and red teaming. If you don't have any knowledge about penetration testing then you're going to learn here. Okay. We're going to cover from basic to advanced level. Okay. See here road map to become successful red teamer. We're going to cover this all steps. Okay. Uh here first of all you will learn penetration testing training. It's a basic training. Okay. First student need to learn penetration testing because penetration testing is backbone of red teaming. Okay. In penetration testing training, student will learn common attacks and some CDF challenges like blackbox pen testing, white box pen testing, gray box pen testing. Okay. Then we're going to cover Wi-Fi penetration testing for red teamers. See in this training student will learn how to perform Wi-Fi penetration testing using different hardware such as Raspberry Pi, Wi-Fi pineapple, Android device and node MCU. Okay. Wi-Fi penetration testing is one section in MITER attack. Okay. which comes under initial assess Wi-Fi penetration testing is very important in terms of initial asses. Let me tell you this is a kind of section okay one topic in initial asses and also here we covered how we can able to use Wi-Fi pineapple for Wi-Fi hacking okay because Wi-Fi pineapple play very important role so that's why we covered the sols which are necessary for red teamer and pentesture and then we're going to go with red team training introduction to tools and miter attack here you're going to learn each and everything about those tools which are necessary for red teaming Okay, then we will move to active directory pentesting for red teaming for red teamers. Okay, here you will learn only those topics which are necessary for red teamer not everything about active directory. Okay, hope you are getting it. Okay, see in this training student will learn how to perform Windows active directory pent testing for intruder to get to uh to what they ultimately want your data. They need a plan in they need credentials. The active directory stores all the credentials. Okay. We will learn practically how intruders compromise AD active directory. Okay. Then we will move to penetration testing using metasloit. It's a complete section. Okay. Where you will learn how you can able to perform penetration testing using metasloit. Only metasloit. Okay. We are not using any other tool here. Simple. We going to use only metasloit to perform pentesting. Okay. Then we will move to external and internal red team operation training. Okay. In this training student will learn how to perform internal and external red team operations. Okay. Student will get a complete idea of red team operation like how to perform in real world. Right? Then we're going to go to complete hands-on hands on real world red teaming and pen testing. Now this is a different section. In this training student will learn how to perform red teaming and penetration testing on real world. It's a complete hands-on practical section with lot a lot of challenges. After completing this section, student will get complete knowledge on how to approach in real world. Okay. For which things you need to look okay. How we can able to perform uh this uh steps. Okay. In real world then we will move to blue team training. Still we are updating it because why we are delaying this blue teaming means here we are see we didn't added previously. Okay. I'm talking about uh like one year back or something like that. At that time we didn't uploaded a complete penetration testing. Okay. We just only updated that much only which is necessary for a beginner. But right now what we did mean in uh in latest updates we added a complete penetration testing. Okay. See here first of all this is a basic classes. Okay. Where you guys can able to solve some CTF challenges try hackme labs this kind of basic stuffs. Here you can able to see the bas uh the topics. Okay, here we have a complete topics. You will learn how to if you don't know how to install Linux then we have the complete video for it and set up VMware workstation. Then we're going to learn about metasloit framework and uh if you don't have a knowledge about Linux commands then we're going to cover those. Here we're going to cover all the basic things. Then what we did mean we added one another section penetration testing for red teamers version two. Here we covered some more advanced level attacks. Okay, which you will see in real world. Then here are the topics. Okay, here we going to cover uh how we can able to perform blackbox pentesting. Okay, even if you don't have any credentials, how to approach those network. Okay, if you don't have any knowledge, blackbox is what? Black box is nothing but you won't get any credentials there. you don't have any knowledge about uh this what is the technology is using uh in the machine or something like that. Basically we need to go from a blind attack there we need to perform the scanning we need to do uh see those things which are uh exposed we need to take advantage of those exposed stuffs okay if there is any vulnerability then we need to do the research exploit it. So this kind of service okay mostly we focused here related to blackbox pendest okay how we can able to perform initial assess where SQL injection this is a one of the popular attacks okay related to SQL injection mostly okay whenever we perform any assessment at a time this SQL injections okay play main role there like in 100 IPS maybe one to two IPs will be vulnerable with this SQL injection okay this is a thing which we covered okay now junkies also So this is a one of the kind of critical attack. Okay. Then we covered penetration testing for red teamers. Now these are the latest updates. Okay. Which we added recently. Now here what happened means mostly students are asking for uh topics related to OCP. Okay. Like offensive security. So they uh like see this topics play very important role in real world. If you won't learn these things then you can't approach in real world. you will get stuck okay in simple words you can't approach in real world you will get a knowledge but you don't know how to assume that if somebody sended you one IP okay your client just sended you an IP address okay to perform the pentest on it then how you can able to do it so those things okay how to approach in real world those all stuffs we covered here okay from again from starting okay even this is a kind of old topics okay like one year back we updated this training okay we added this training but right now in latest sections but again I'm saying you can't ignore this one this topics okay even this are old this section but you need to start from here if any student don't want then they can directly go from here only okay because this is also from a basic level okay see I'm not hiding anything simple I'm just I want to uh show you those things which are we are sorry which we will learn okay because Our aim is once student enroll in this training they can become a successful pentester and retran okay if they got any IP if uh sorry or any domain then they can able to approach it okay and find the loopholes in it so this is the main aim of this how to approach in real world okay now see in penetration testing for red teamer version three you will learn about the uh this all steps okay uh here we have the uh the topics. Okay, you can able to uh you can read it, right? Then what happened is then we covered a complete section about only Linux privilege escalation. Okay, how we can able to perform privilege escalation on Linux based machines. Here you will learn how we can able to make that system vulnerable and how we can able to test it. Not only exploiting the vulnerability but you will learn how to how the service will become vulnerable for that attacks. Okay, here you will learn the sols and also you will get a lab as well. You need to download that lab and you need to set up it. Okay, it's a private lab from white cyber security. Now then you will learn complete Windows privilege escalation for red team red teamers. Okay, see here we are not performing the attacks on lab environment. We're going to download the machine from internet the latest machines. Okay, like not a vulnerable machine, a normal machine which people use. Okay, then we going to approach attacks on it on that real machines. Now here you guys can able to see this topics in Windows privilege escalation. After completing this one, we're going to go to uh we're going to cover complete web penetration testing for rectimer. So here are the topics. Remember web penetration testing comes under initial assess. Okay, what is initial assess? You will see in this section. Now see after covering this all topics you guys can able uh you guys will become a successful penetration tester. Okay. So this is the main aim of this updates to make you a successful pentester and redteamer as well. Right. After completing this penetration testing, we're going to go to uh this one red team. From here, we're going to start our red team training. In red teaming, what in first section what you will learn means you will learn about the tools. How we can able to use the tools. I just told you in the last classes as well tools play very important role. Okay, it's not about tools. Okay, but learning about tools is very necessary. Okay, remember this point. Now see uh here in reconnaissance section you're going to learn about amas sniper recon multigo nikto shdon spider then we're going to go with resource development in resource de development we're going to set up lab okay and we're going to generate some payload listen for connections then we're going to go to initial assess in initial assess you will learn about lucky strike go fish okay SQL map pineapple We will learn about MIDM attacks as well. Then we're going to move to execution part. In execution, you will learn about unicorn. Okay. Then donut. Then we going to move to persistence. In persistence, you will learn how we can able to perform persistence using different techniques. Okay. Like by using impacted and empire basically empire is a C2 framework. Okay. Same like metasloit. Then we're going to cover uh privilege escalation. how we can able to perform privilege escalation using rubious sharp up okay now rubious play very important role in red teaming okay and then we're going to go with defensive vision credentials assesses in credential asses you're going to learn mimikards hashcat responder like here we're going to learn each and everything about those tools okay which are necessary for red teaming mimicards hashcat responder john the rier hydra lazy okay then we're going to move to lateral movement in lateral movement you guys can able to perform how we can able to perform the has a uh hash and paza ticket attack sorry Paza and we going we're going to learn how we can able to perform later movement in network okay then we're going to go with collection like in collection what you guys can able to learn mean how we can able to dump the secret files okay so we're going to use powerslo okay power of SQL as well okay then we're going to cover about commands and control in commands and control you guys can uh it's a C2 framework okay uh in it's a topic related to C2 here we're going to learn about coalent okay how we can able to install it those all uh which are uh those all C2s which are necessary in retaining then exfiltration then impacted sorry impact in impact uh we're going to see the popular attack okay dose and redux how we can able to detect and prevent it okay we're going to learn those thing and also now after learning this all tools we're going to move to active directory pent testing for red teamers learn those attacks which are necessary for red teamer okay it's a different section once you enroll in the uh in training you guys will see a different sections there in different section you will see a videos okay now see first you will become a master in active directory pentesting this all topics which we going to cover okay then we will move to metasloit for red Teamers in metasloit training you guys can able to see this all topics. Okay. What you going to what you will learn here this also then we will move to rectim analysis training how to approach in real world. Here you will see all the topics. Okay. Then uh like see carb roasting attack is there. Silver ticket attack golden ticket attack. Right? Then we will move to master in active directory. Okay. Here you will learn only about active directory pest only active directory. Okay. not other chefs. Again I'm saying we are approaching only active directory. See previously we covered only those topics which are necessary for red teamer. If you go back here we just covered only those which are necessary for red teamers. But here in this section you're going to learn a complete approach. Okay complete training related to active director appendage from introduction to like till here. Okay. Golden ticket attack. Sorry, till uh till here. Diamond ticket attack. Okay, it's a complete active director pent testing. Okay, still we are updating a lot of topics here. Time to time you will see a lot of new updates. Okay, then we will move to complete hands-on real world red teaming and penetration testing. This is a student demand training. Okay, here you will learn uh how we can able to deal in real world like introduction to the update section, vulnerability assessment and penetration testing, red team engagements, engagement structure. Okay. Uh red team engagements and also sorry here it's a deep drive. Okay. And then you will learn uh this windows penetration testing again as a red team perspective with on different labs. Okay. And here you will learn about NDI documentation which is very necessary for red teamer. Okay. Okay, if you are approaching any company to conduct the red team assessment there, then which things you need to focus on. Okay, what how to deal with the client this kind of stuffs we're going to cover here and then the are the same topics. Okay, here we going to approach AD pen testing blackbox approach, right? These are the topics which we are covering. Now this is updates. Okay, still we are updating this one. We added till around uh cloud fundamentals I think. Okay, still we need to update this alls. See remember as I told you it's all about the student demand okay like if student is asking for majority of students are asking about penetration testing then we need to update the penetration testing so that's why we added this topics okay if you go up if you watch our previous videos then you won't see this sections okay this sections this sections okay because students are asking for this mostly uh what will happen means student doesn't have the knowledge of penetration testing. Okay, a right knowledge. So that's why we also covered this topic. Okay, like how to approach mostly okay people have knowledge about penetration testing but they don't know how to approach it. Okay, where they need to look okay which vulnerability exist. So that's why we cover this topics okay and also it's a demand from our students as well. So if you are interested then contact our support team chat with them and to clarify your doubts. Okay. Again I'm saying it's a complete dynamic training. Time to time we update that training. Okay. Right. Thank you.

Have a nice day. Hello everyone. If you want to learn Android hacking and Android application penetration testing then this training is for you. It's a complete dynamic training. Okay. time to time we're going to update this training with new topics and it's a complete hands-on practical training. The training duration is almost 50 plus hours. The training language is in English. You will get a 24 by7 support from me and from team as well. You will get a lifetime panel access. Once you enroll in this shining, you will get a panel access which is lifetime. Okay, there is no expiry. What are the requirements here? See requirements is you need 6 to 8 GB of RAM. It's enough. Okay, in your machine, in your PC or in your laptop, you have 6 to8 GB, then it's enough. Okay, basic knowledge about Android. You need a basic knowledge about Android like how to install the applications, this kind of stuffs. You must and should have internet connection. Be able to understand the concept here. The concept play very important role. Okay. So that's why you can able to understand the concept. Okay. If you are just following the training then you won't get anything. Okay. Here you need to understand the concept why we are saying about this thing again and again. See here you will see the topics related to binding and injecting. It's a kind of critical topics. Okay. Like you need to focus a lot there in that sections. Okay. So this is a thing and also in bypassing antiviruses section where you will learn a complete technique to bypass antiviruses there also you need to understand the concept. Okay. So even the technique is uh technique is patched it's not working still you can able to develop your own okay by watching those sections you guys can able to develop your own techniques as well this is the thing why we mention this to understand uh this requirement okay be able to understand the concept because we're going to teach you those topics which can make you a kind of pro okay by watching those topics you guys can able to develop your own concepts and own techniques. Okay? Like you need to combine those all topics. Okay? Like in a simple words, let me give you one example. Now see, we covered one technique. Later in another video, you will see another technique. Again, You will see a different techniques. Now you must and should be like this. Okay? Like you need to combine those both techniques to bypass ABS. Sometimes it can't able to bypass antiviruses. Again you need to uh like combine the different techniques to appro uh to bypass AV mostly okay like you guys can able to bypass AS okay this is a thing you guys will see a lot of proofs as well on our channel related to bypassing this ABC it's a kind of challenging techniques okay because Android is updating time to time so that's why you need to understand the concept this is a main thing in requirement you can't follow the training okay just watch it then develop your own concept. Okay. What we are saying we added those topics as well which can make you pro. Okay. By watching those topics you can develop your own concept but also it's depend upon you as well. We can hold your hands. Right. We can't say each and everything but we going to teach you each and everything uh which can able to do this kind of stuffs. Okay. Right. Advanced Android hacking highlights. Here you're going to learn advanced Android hacking black hat techniques. Okay. In this section we are learning about rats nets modifying source code of payloads. Okay. Binding and injecting payload in real application. Bypassing antiviruses. Bypassing Google play protect and creating virus to steal SMS. Developing ransomware to encrypt Android device. Okay. And adding back to our payload which avoid uninstall. Okay. Assume that you just install your uh payload in your target okay in any Android and he got that okay somebody hacked my device and he just click on uninstall button once you add the backer in it then he can't able to uninstall that one it will become like a virus okay like even if you try to uninstall it again it going to reinstall okay this is the thing now and also we going to learn developing our own spyware and key loggers attacking 2G towers to steal SMS on air and minimum now here we added section related to how we can able to steal SMS 2G on 2G mobiles. Okay, without touching that uh Android okay we're going to play with the towers there. See everything which we covered in this whole training on our own labs. Okay, we didn't attack the different devices or something like that real machines or something like that. Okay, we practice the whole sections on our own devices. Okay. So here we mentioned clearly okay any actions and activities related to the material contained within this course is solely your responsibility. The misuse of the information in this course can result in criminal charges brought against the person in questions question. The author and course tutorials will not be held responsible in the event any criminal charges be brought against any individual misusing the information in this course to break the law. The main aim of this course is to provide a right knowledge about Android hacking. Okay. So this is the reason why we created this training. Okay. And also here see here you will learn how hacker steal banking credentials. Okay. In this section we are learning how to code scam pages. Okay. student will learn how to code their own scam pages which black hat hackers used to steal credit cards and banking details. Now why this thing is important? Why any ethical hacker need to learn about this thing? See here once you install the payload on your target there are stealer features out there. If attacker execute the stealer feature on their panel the victim will see the fake pop-ups here. Okay. Like u they will see the popup something like enter your card information automatically. They can't able to close it as well. Okay. Now assume that I am an attacker. Okay. You are a victim. Now what I did I hacked your Android mobile. Now I want to steal your credit card information. Now as a attacker what I'm going to do is I'm going to execute a stealer feature there. Once I execute from my panel on your Android you will see a complete page. Okay which you can't able to remove. If you go back still you can't able to go back. If you click on the home button still you can't able to go to home until unless you need to type your credentials. Okay. If you type your credentials then you can able to use your mobile phone. This is a feature there. Okay. So that's why we need to cover this topic. So to show you how this things are happening. Okay. See you will get all private and clean official software with this training. Still you need to use those softwares on your virtual machine or on VPS or RDP. Don't execute any software on your real machine. This is a kind of notice for you. Okay. warning even it's a clean it's official softwares still you can't use it okay in your real machine. This is a kind of security okay for you because we can't trust hacking tools. Okay. This is also one thing right? Okay. So that's why we covered how to set up lab. Okay, you need to watch that one. Don't ignore it. Then we're going to learn about the security as well. How to uh end to end security for Androids. Okay, how we can able to uninstall any type of viruses. Even it's a backup. There are some techniques. Okay, by using those techniques, we can also remove those viruses which can't uninstall, which we can't uninstall. Okay, so this is a thing. Now, uh here we're going to learn how to provide rats and boatnet services. In this section, you will learn how to provide monthly yearly based subscription to your clients. Okay. We will share clean source code of a rat and we will teach you how to set up a server to manage subscriptions as well. Okay. Uh here we covered some examples as well. How the people are providing the rats and botnet services. It's for legal purpose only. Okay. For parental control this kind of stuffs. Okay. Then analyzing rats and payloads. Now we're going to learn reverse engineering. See in this section you will learn how to extract source code of RAT and how to analyze APK payloads. Okay, doing reverse engineering and unpacking RADS. We're going to take one RAT and we're going to unpack it analyze those RADs. Okay, and then we're going to learn Android application penetration testing. So here you will learn in the section student will learn how to perform penetration testing on lab environment like finding a box on Android application. Now this is also play very important role for Android hacker. Okay. So here these are the topics which we are going to cover. Okay. See this is just a topics. In every section you will see 10 to five videos. Okay. Just watch the demo video of this training. Okay. We added the demo video in this uh in description. Just watch it. Okay. Then you will see uh what we are going to cover. See we can't mention each and everything on this page. Okay. There are some topics which we can't mention. Okay, there are some keywords are there which website won't allow and also we didn't mention the updates here. Okay, time to time we update the rats boats in this training. So student can able to learn the different techniques, right? So we can't able to mention here we can't mention the rat names or something like that. So that's why you need to watch the demo video there. In demo video you will see each and everything what we are going to cover. But this is just a highlights. Okay. So here you guys can able to see the topics which you uh which you will learn. Then here we have the how we can able to code scam page. Okay. Then here we going to cover how we can able to use banking boatets. See here we are using the different banking bootnets to hack Android. Still uh we added a lot of banking bootnets. Okay. Uh which are very popular. Then here you will learn how you can able to perform monthly and uh monthly and yearly subscriptions of rats and boat nets. Then here you will see how we can able to perform end to-end security operations on Android. Then uh section of analyzing rats and payload. This is a reverse engineering section. Here we cracked the rear rats. Okay. And analyze the rats there. Now here we are learning about Android application penetration testing training. This is the Android application penetration. Here you will learn about Android about the app permissions. This all stuffs you will learn how we can able to use JX, JDG, GUI, APK tool, Android Studio, bite viewer. Okay. Basically these are the tools which are useful in Android analysis uh Android application analysis. And here we have a lot of topics which we covered. You can able to read it and then this is the latest section which we are going to cover related to android application reverse engineering and pentesting using AI. Right now AI is on peak right? So how we can able to use AI to perform reverse engineering and pentesting. So these are the topics which we are going to cover in our training. Okay. So you can also read it. See here you will see build secure hard to reverse Android apps secure development practice. Okay. PNP string fog and string OB uh off ofation decryting common strings in sometimes what will happen the APK will be encrypted okay the once you encrypt the APK you will learn how to encrypt the APKs as well in this training okay it's a complete section by encrypting APK you guys can able to bypass the there are different techniques as I told you start in starting as well we're going to teach you all the topics okay which are necessary which will make you pro in it okay but it's depend upon you how to use it Okay. So this is a thing. So that's why be able to understand the concept is very necessary, right? Okay. So these are the topics. Okay. Just try to read it. Okay. And here you will get tools as well. Okay. With this training you will get all those softwares which are paid. Uh okay which are paid uh you will get it for free. Okay. Because uh in this training we got we use those all softwares. Okay. those all rats, it's all sh. So you will get all those things. So it's all about Android hacking, penetration testing and reverse engineering. Okay. If you want to learn then check out our uh this training, contact our support team. If you want to enroll it, then you can click on this button. You're going to redirect to our WhatsApp support. Chat with them. Okay. Uh we accept PayPal payment through PayPal, Bitcoin, crypto, right? So again I'm saying it's all about knowledge okay the intentions are only provide how the attacker approach right so hope you guys get it remember our trainings are dynamic okay we update our training time to time it's not like only those okay which we provided here okay like we update it we update new topics time to time so hope you guys enjoy this classes Take over.