Can open source software be bought? – Disposable mail news


Open-source softwares (OSS) are released under a special license that makes its source code available to the user to inspect, use, modify and enhance. It is a misunderstood term that these are not copyrighted, instead, they are copyrighted under a license that lets it users study, change and use its source code or services (depending upon the software) for commercial use. Some of the common open source softwares are Linux, Red Hat, Ubuntu, GitHub, FreeBSD, and fedora.

Just five years ago the tech world was quite critical and skeptical of open source softwares with Microsoft CEO Steve Ballmer calling Linux as ‘cancer‘ and open source software as ‘a communist threat’ but OSS since then have come a long way with the success of Red Hat and Linux. Open source has given a silver lining to the underdog developers and defied the monopoly of tech giants giving power to small businesses and individuals to grow using their open-source code.

But what the open-source devotees don’t know or don’t stress on is that open source softwares can be bought and acquired by other commercial companies. The fix being that if they are open source how could they be bought, but even these have copyrights that can be bought and changed to closed source.
And these OSS (open source softwares) are being acquired by lightning speed- IBM acquired Linux and Red Hat. Microsoft is portraying itself as “the open-source leader” by joining the  Open Invention Network (OIN) and acquiring GitHub.

Now, there are advantages if big companies take over these open-source software as these were not established with a business model and will run out but if companies like these buy out OSSs they can stay afloat and provide for their customers.
But there’s also a dark side to these acquisitions as these could mean the end of open source. With their rights sold, these open-source rights could be closed and their free service comes to an end. Though those who have used the open-source would not be affected as it is already licensed but any future version of the software could be closed.

Now, Microsoft says that “Microsoft is all-in on open source, we have been on a journey with open source, and today we are active in the open-source ecosystem, we contribute to open-source projects, and some of our most vibrant developer tools and frameworks are open source.” the same goes for IBM’s Linux but these are big and popular software but what about small software with less distributes and copyrights, the dark cloud still hovers over them.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Best Free A-Z Python Cheat Sheet 2020 (Basic to Advance PDF) – 10 minute mail

In Short Hacks: Cheat Sheets helps us to make our coding task easier. By using Python 3 Cheat sheet you can easily learn and write great codes. So Here, I’d share some useful and best Python cheat sheets a programmer must have on the desk.

Best A-Z Python Cheat Sheet 2017 (Advance)
Best A-Z Python Cheat Sheet

Python is an amazing programming language which most of the programmers learn first. The use of Python programming language has been on a rise in the data science industry. Though Python is a really easy language still you could use some help.

The Python cheat sheet can be extremely useful for beginners and professionals as well. It can prove to be a helpful quick reference while working using Python language for coding. The Python cheat sheets will guide you through variables and data types, Strings, Lists, and eventually help your Python programming language for scientific computing.

These reasons qualify enough for us to provide our users with the best cheat sheet for Python. And therefore, we have listed below a cheat sheet which you can use as a reference while working on Python language. Hence, take a note of it and thank us later.


Well, Here is the list of best 100+ Python 3 cheat sheet programs that would be very helpful for all programmers whosoever start to learn it.

Download Python Cheat Sheet PDF

You can easily download a PDF version of the above Python Cheat sheet from below link:

[icon name=”check-circle” class=”” unprefixed_class=””]Download

Wrap Up: So this is all about Python and Python Cheat Sheet Datacamp 2020. Many programmers and coders use such cheat sheets to simplify their task. And here we have also posted a PDF version of all Python Cheat Sheet. I hope you find this article helpful. If so, Do Share it with your friends. And do let us know if we missed any such cheat sheet.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

(2 Working Ways) How To Install Kali Linux on Android Without Root – 10 minute mail

Kali Linux is one of the best operating systems to work on and Especially for Hackers and Programmers. Installing Linux on an Android device unlocks a variety of features which include running web-based applications on your Android device, install and use Linux applications, rather you can run a graphical desktop environment on it.

How To Safely Install Kali Linux on Android Without Root (2 Methods)
How To Safely Install Kali Linux on Android Without Root (2 Methods)

Linux has the capability to turn an Android device into a portable network troubleshooting or pen-testing device. While installing Kali Linux on your Android device using the methods listed below, you need to root your device. Linux cannot be installed on your Android device if it is not rooted.

If you do not wish to root your device, do not follow the methods listed below. Another precaution is to have enough free space in your memory. If you don’t have enough free memory, the installation if Linux will fail.

Also Read: Top 10 Best eBooks To Learn Kali Linux From Beginning (Free PDF)

Method #1: Install Kali Linux Using Linux deploy and VNC Viewer.

#1 Go to Google Play Store and Install Linux Deploy and VNC Viewer on your Android device.

Download Linux Deploy: [appbox googleplay ru.meefik.linuxdeploy&hl=en]

Download VNC Viewer: [appbox googleplay com.realvnc.viewer.android]

#2 Once downloaded, launch the Linux deploy an app. You will find an option looking like a download symbol at the bottom of the screen. Hit that option, and you will find a list of other options. Here, in ‘Distribution’ select Kali Linux.

#3 In the same list, go to GUI settings and enter the width and the height of your device’s screen.

#4 Then, go to the option ‘Install’ and hit it. You will notice that the process of installation has been initiated. This installation process might take approximately 10 to 15 minutes. So please maintain your patience till the process gets completed.

#5 When this process is completed, tap on the option ‘Configure‘.

#6 Post configuration, hit the ‘Start‘ option.

#7 Then, open the VNC viewer and enter the details required such as address, name, and password, etc.

#8 Once the data entry is completed, you will have successfully installed Kali Linux on your Android device which is ready to be used now.

Also Read: How to Download Web Series/Videos/Movies from Hotstar for Free

Method #2: Using Kali Linux i386 and Limbo PC Emulator.

#1 Download Kali Linux i386 ISO file and limbo PC emulator apk from their websites (links provided by us to ease your task). They can download either by directly downloading them on your Android device or a PC and then copy them to your Android device.

#2 First of all, install Limbo PC Emulator on your Android device.

#3 Then, launch the app. Here, in the ‘Load VM‘ option select “New” and enter your name. And in the ‘User Interface’ option select “SDL.”

#4 Then, select your CPU model, CPU cores, RAM memory from the drop-down choices.

#5 In the option ‘CDROM (*iso)’ select the “Kali Linux i386 iso file” which you had downloaded or copied from your PC. You will have to search for it which will be easy if you remember where you had copied it or the location of download.

#6 After the above steps, hit the ‘Start’ option which will open the page of Kali Linux.

#7 Select the ‘Install‘ option to initiate the installation of Kali Linux on your Android device.

Once the installation is over, you will have successfully installed Kali Linux on your Android device.

Recommended: 

Wrap Up: Now you can easily Install Kali Linux on any Android with these methods. With Kali you can easily gain some Geek Hacking Knowledge and make your mind extraordinary. So try out this today. Hope you like our work, do share with others too. Leave a comment below if you facing any problem at any step discussed above.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cybersecurity Research During the Coronavirus Outbreak and After – 10 minute mail

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware researchers, digital forensics experts and incident responders. At times like this, we all realize how important it is to be able to work remotely. However, the duties of a security researcher or a digital forensics expert pushes them to travel, visit victims or collect digital evidence in an ongoing hunt for malware artefacts. What can we do to reduce the need for travel? Of course, keep looking for replacement of our physical routines with remote ones.

It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Born while I was with Digital Forensics Lab at INTERPOL, the tool has evolved and helped us in many cyberinvestigations. Based on the widely popular Ubuntu Linux distribution, it is packed with forensics and malware analysis tools created by a large number of excellent developers around the world.

What can it do? Well, we have tried to identify what it is that it *cannot* do and other expensive commercial tools used in digital forensics can. We have not really been able to find anything! Moreover, we have built so many new interesting techniques that are not available in commercial tools that it has every chance to replace commercial solutions in your organization if it gets into the right hands.

Let me just remind you about the approach we use in Bitscout:

  1. Bitscout is completely FREE, which helps reducing your forensics budget! Yay!
  2. It is designed to be remote, which also saves your time and money spent for travelling. And of course you can use the same techniques locally! To be frank, in light of the powers of all those forensic tools that are part of the toolkit, Bitscout itself is the least important element: the true value is in the knowledge of the underlying tools that you get access to by using Bitscout, not the product they ship with.
  3. Mastering Bitscout follows a steep curve, which, in the end, reinforces your experts’ technical foundations.
  4. Bitscout records remote forensics sessions internally, which makes it perfect for replaying and learning from more experienced users or using as evidential proof of discovery.
  5. It is fully open source, so you need not wait for the vendor to implement a patch or feature for you: you are free to reverse-engineer and modify any part of it.

Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of Ubuntu 20.04, scheduled for April 2020.

So, what is new in Bitscout 20.04 other than extended hardware support leveraging new OS and updated forensics tools from Canonical Ltd official repositories?

First of all, we have launched a project website at bitscout-forensics.info.

The website should become the go-to destination for those looking for tips and tricks on remote forensics using Bitscout and whatnot. In reality, Bitscout had been our internal tool for a long time and had been used only by a limited number of highly skilled researchers, who knew exactly how to use it. Yes, like many researchers, we lacked proper documentation and manuals which we will address with our new website. We have already linked several presentation videos and slides with live demos seen by security conferences and meetups. It is true that some of those commands we used in our demos are crazy long one-liners. So, to make it easy for you to copy them and try them out, we have started recording terminal sessions in ASCII video casts. Kudos to the awesome folks at asciinema.org! This way, should you want to try some of our black magic recipes, you can copy and paste them from a browser or a terminal into your own session.

Second, to address a popular request, we have released demo versions of three flavors of pre-built Bitscout images: minimal, balanced and full. This way, newcomers can easily try Bitscout without going through the whole build process. The download URLs for the ISO image files are available on the project website. However, please note they must not be used in a production environment.

Third, our little community of contributors keeps growing. I am happy to highlight some of the features contributed by others. Kudos to Xavier Mertens aka @xme!

  1. The following new tools from the security community are now part of Bitscout (full build) by default:
    • RegRipper,
    • Bulk Extractor,
    • Loki.

    It is great to have modern scanners such as Loki with an updated rich collection of Yara rules that comes with it.

  2. Optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

And, if it feels hard for you to start using Bitscout, then join our training session on April 5-6 in the beautiful city of Barcelona, Spain. We will be demonstrating how to build your own Bitscout and customize it with your own tools, and of course walking you through the standard forensics procedure. Some of our advanced tasks include hypervisor debugging to overcome just about any type of proprietary full disk encryption. Our exercises will focus on the most popular platforms, covering Windows, Linux and macOS forensics challenges, along with some real malware. Stay safe and we hope to see some of you in Barcelona! Join us there!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Hackers Attack Amazon Web Services Server – Disposable mail news


A group of sophisticated hackers slammed Amazon Web Services (AWS) servers. The hackers established a rootkit that let them manually command the servers and directed sensitive stolen corporate date to its home servers C2 (command and control). The attackers breached a variety of Windows and Linux OS within the AWS data center.
A recent report published by Sophos (from Britain) last week has raised doubts and suspicions among the cybersecurity industry.

According to Sophos reports, the hackers were able to avoid Amazon Web Services SG (security groups) easily. Security Groups are supposed to work as a security check to ensure that no malicious actor ever breaches the EC2 instance (it is a virtual server used by AWS to run the application).
The anonymous victim of this attack had already set up a perfectly tuned SG. But due to the rootkit installed in AWS servers, the hackers obtained remote access meanwhile the Linux OS was still looking for inbound connections, and that is when Sophos intervened.
Sophos said that the victim could have been anyone, not just the AWS.

The problem was not with AWS, this piggybacking method could have breached any firewall, if not all. According to cybersecurity experts’ conclusion, the hackers are likely to be state-sponsored. The incident is named as “Cloud Snooper.” A cybersecurity expert even termed it as a beautiful piece of work (from a technical POV). These things happen all the time, it only came to notice because it happened with a fancy organization, he says. There are still unanswered questions about the hack, but the most important one that how the hackers were able to manage this attack is cleared.


About the attack 


“An analysis of this system revealed the presence of a rootkit that granted the malware’s operators the ability to remotely control the server through the AWS SGs. But this rootkit’s capabilities are not limited to doing this in the Amazon cloud: It also could be used to communicate with, and remotely control, malware on any server behind any boundary firewall, even an on-premises server.
By unwinding other elements of this attack, we further identified other Linux hosts, infected with the same or a similar rootkit,” said Sophos.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cybersecurity Research During the Coronavirus Outbreak and After – 10 minute mail

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware researchers, digital forensics experts and incident responders. At times like this, we all realize how important it is to be able to work remotely. However, the duties of a security researcher or a digital forensics expert pushes them to travel, visit victims or collect digital evidence in an ongoing hunt for malware artefacts. What can we do to reduce the need for travel? Of course, keep looking for replacement of our physical routines with remote ones.

It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Born while I was with Digital Forensics Lab at INTERPOL, the tool has evolved and helped us in many cyberinvestigations. Based on the widely popular Ubuntu Linux distribution, it is packed with forensics and malware analysis tools created by a large number of excellent developers around the world.

What can it do? Well, we have tried to identify what it is that it *cannot* do and other expensive commercial tools used in digital forensics can. We have not really been able to find anything! Moreover, we have built so many new interesting techniques that are not available in commercial tools that it has every chance to replace commercial solutions in your organization if it gets into the right hands.

Let me just remind you about the approach we use in Bitscout:

  1. Bitscout is completely FREE, which helps reducing your forensics budget! Yay!
  2. It is designed to be remote, which also saves your time and money spent for travelling. And of course you can use the same techniques locally! To be frank, in light of the powers of all those forensic tools that are part of the toolkit, Bitscout itself is the least important element: the true value is in the knowledge of the underlying tools that you get access to by using Bitscout, not the product they ship with.
  3. Mastering Bitscout follows a steep curve, which, in the end, reinforces your experts’ technical foundations.
  4. Bitscout records remote forensics sessions internally, which makes it perfect for replaying and learning from more experienced users or using as evidential proof of discovery.
  5. It is fully open source, so you need not wait for the vendor to implement a patch or feature for you: you are free to reverse-engineer and modify any part of it.

Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of Ubuntu 20.04, scheduled for April 2020.

So, what is new in Bitscout 20.04 other than extended hardware support leveraging new OS and updated forensics tools from Canonical Ltd official repositories?

First of all, we have launched a project website at bitscout-forensics.info.

The website should become the go-to destination for those looking for tips and tricks on remote forensics using Bitscout and whatnot. In reality, Bitscout had been our internal tool for a long time and had been used only by a limited number of highly skilled researchers, who knew exactly how to use it. Yes, like many researchers, we lacked proper documentation and manuals which we will address with our new website. We have already linked several presentation videos and slides with live demos seen by security conferences and meetups. It is true that some of those commands we used in our demos are crazy long one-liners. So, to make it easy for you to copy them and try them out, we have started recording terminal sessions in ASCII video casts. Kudos to the awesome folks at asciinema.org! This way, should you want to try some of our black magic recipes, you can copy and paste them from a browser or a terminal into your own session.

Second, to address a popular request, we have released demo versions of three flavors of pre-built Bitscout images: minimal, balanced and full. This way, newcomers can easily try Bitscout without going through the whole build process. The download URLs for the ISO image files are available on the project website. However, please note they must not be used in a production environment.

Third, our little community of contributors keeps growing. I am happy to highlight some of the features contributed by others. Kudos to Xavier Mertens aka @xme!

  1. The following new tools from the security community are now part of Bitscout (full build) by default:
    • RegRipper,
    • Bulk Extractor,
    • Loki.

    It is great to have modern scanners such as Loki with an updated rich collection of Yara rules that comes with it.

  2. Optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

And, if it feels hard for you to start using Bitscout, then join our training session on April 5-6 in the beautiful city of Barcelona, Spain. We will be demonstrating how to build your own Bitscout and customize it with your own tools, and of course walking you through the standard forensics procedure. Some of our advanced tasks include hypervisor debugging to overcome just about any type of proprietary full disk encryption. Our exercises will focus on the most popular platforms, covering Windows, Linux and macOS forensics challenges, along with some real malware. Stay safe and we hope to see some of you in Barcelona! Join us there!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Malware-Jail – Tool For Javascript Malware Analysis, Deobfuscation and Payload Extraction

Malware-Jail - Tool For Javascript Malware Analysis, Deobfuscation and Payload Extraction

Malware-Jail is a sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. It is written for Node.js.

It runs on any operating system. Developed and tested on Linux, Node.js v6.6.0.

Note: Due to use of some ES6 features, you’ll need Node.js >= 6.x.

Malware-Jail is written for Node’s ‘vm’ sandbox. Currently implements WScript (Windows Scripting Host) context  env/wscript.js , at least the part frequently used by malware. Internet browser context is partialy implemented  env/browser.js .

How To Install Malware-Jail

You’ll need Node.js and npm installed. Because malware-jail is built on top of minimist, iconv-lite and entities.

Pull from GitHub

Pull the source with git:

Then install all the dependecies (minimist, entities, iconv-lite) with:

Usage

In the examples folder you may find a deactivated malware file. Run the analysis with:

Internet browser based malware you may test with

At the end of the analysis the complete sandbox context is dumped into a ‘sandbox_dump_after.json‘ file.

You may want to examine following entries of ‘sandbox_dump_after.json‘:

  • eval_calls – array of all eval() calls arguments. Useful if eval() is used for deobfucation.
  • wscript_saved_files – content of all files that the malware attempted to drop. The actual files are saved into the output/ directory too.
  • wscript_urls – all URLs that the malware intended to GET or POST.
  • wscript_objects – WScript or ActiveX objects created.

sandbox_dump_after.json‘ uses JSONPath, implemented by JSON-js/cycle.js, to save duplicated or cyclic references to a same object.

Sample Output

In the above example the payload has been extracted into output/_TEMP__49629482.dll and output/_TEMP__38611354.pdf

Examples

The malware folder contains real-world malware samples. Most of them downloaded from https://malwr.com.

Example: Analysing Wileen.js

Taking malicious script from malwr.com: Wileen.js
Apparently the malware does not execute if run from within a browser:

Therefore you may want to use an alternate config filem which does not load browser/DOM components:

Interesting use of Powershell:

Example: Analysing ORDER-10455.js

Taking malicious JavaScript from malwr.com: ORDER-10455.js

First run without interaction with remote servers:

you get something like:

Seems to be a “standard” behaviour of deobfuscation in order to finally download an exe binary and execute it.

If we want to get the real payload, run it with ‘–down=y’:

Example: Analysing Norri.js

Taking malicious JavaScript from malwr.com: Norri.js

Run:

you get: 

Behaviour is obvious from the log. Payload has been extracted into the output/TemporaryFolder_TempFile[15] file.

Example: Analysing Angler EK

Download and extract Angler EK from a pcap file at ANGLER EK SENDS CRYPTOWALL into a malware/angler/angler_full.html.

Strip the non Angler part and save as malware/angler/angler_stripped.html.

Remove 

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Gophish – An Open-Source Phishing Toolkit

Gophish - An Open-Source Phishing Toolkit

Gophish is a powerful, open-source phishing framework that makes the simulation of real-world phishing attacks dead-simple.

The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things:

  • Affordable – Gophish is open-source software that is completely free for anyone to use.
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!

How To Install Gophish

Gophish is provided as a pre-built binary for most operating systems. With this being the case, installation is as simple as downloading the ZIP file containing the binary that is built for your OS and extracting the contents.

Building Gophish from Source

Since Gophish is written in the Go programming language, it is extremely simple to build from source. All you will need is the Go language and a C compiler (such as gcc).

To build gophish from source, simply run go get github.com/gophish/gophish. This downloads gophish into your $GOPATH.

Next, navigate to $GOPATH/src/github.com/gophish/gophish and run the command go build. This builds a gophish binary in the current directory.

Understanding the config.json

There are some settings that are configurable via a file called config.json, located in the gophish root directory. Here are some of the options that you can set to your preferences:

Be careful: Since the config.json file contains database credentials, you will want to ensure it is only readable by the correct user. For Linux users, you can do this using chmod 640 config.json.

Exposing Gophish to the Internet

By default, the phish_server.listen_url is configured to listen on all interfaces. This means that if the host Gophish is running on is exposed to the Internet (such as running on a VPS), the phishing server will be exposed to the Internet.

If you also want the admin server to be accessible over the Internet, you will need to change the entry for the admin_server.listen_url to 0.0.0.0:3333.

Be careful: Exposing the admin server to the Internet should only be used if needed. Before exposing the admin server to the Internet, it’s highly recommended to change the default password.

Using MySQL

The default database in Gophish is SQLite. This is perfectly functional, but some environments may benefit from leveraging a more robust database such as MySQL.

Support for Mysql has been added as of 0.3-dev. To setup Gophish for Mysql, a couple extra steps are needed.

Update config.json:

First, change the entries in config.json to match your deployment:

Example:

The format for the db_path entry is

Update MySQL Config:

Gophish uses a datetime format that is incompatible with MySQL >= 5.7. To fix this, Add the following lines to the bottom of /etc/mysql/mysql.cnf:

The above settings are the default modes for MySQL, but with NO_ZERO_IN_DATE and NO_ZERO_DATE removed.

Create the Database:

The last step you’ll need to do to leverage Mysql is to create the gophish database. To do this, log into mysql and run the command

After that, you’ll be good to go!

Now that you have gophish installed, you’re ready to run the software. To launch gophish, simply open a command shell and navigate to the directory the gophish binary is located.

Then, execute the gophish binary. You will see some informational output showing both the admin and phishing web servers starting up, as well as the database being created. This output will tell you the port numbers you can use to connect to the web interfaces.

To run Gophish as a service in Linux distributions, you will need to setup a service script. You can refer to this Github issue for an example implementation.

Now that you have gophish installed, you’re ready to run the software. To launch gophish, simply open a command shell and navigate to the directory the gophish binary is located.

Then, execute the gophish binary. You will see some informational output showing both the admin and phishing web servers starting up, as well as the database being created. This output will tell you the port numbers you can use to connect to the web interfaces.

 If your phishing server is set to run on TCP port 80, then you may need to run Gophish as an administrator so that it can bind to the privileged port.

to reach the login page.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

V3n0M – An Open Source Vulnerability Scanner

V3n0M - An Open Source Vulnerability Scanner

V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability.

This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds.

It is very useful for executing:

  • Cloudflare Resolver[Cloudbuster]
  • LFI->RCE and XSS Scanning[LFI->RCE & XSS]
  • SQL Injection Vuln Scanner[SQLi]
  • Extremely Large D0rk Target Lists
  • AdminPage Finding
  • Toxin [Vulnerable FTPs Scanner]
  • DNS BruteForcer
  • Python 3.6 Asyncio based scanning

The official adoption of darkd0rker heavily recoded, updated, expanded and improved upon

  • Brand new, just outta the box!
  • Most efficient Cloudflare resolver around with easy to use interface.
  • Extremely quick “Toxin” Vulnerable IP scanner to scan potentially millions of IPs for known vulnerable services.
  • Largest and most powerful d0rker online, 14k+d0rks searched over ~ Engines at once.
  • Free and Open /src/
  • cross-platform Python-based toolkit
  • Release 425 Released on 18th February 2018
  • Licensed under GPLv3

Tested on: ArchLinux 4.14, Ubuntu, Debian, Kali, MacOS, BlackArch, Manjaro/ArchLinux ARM Ed. Android-Termux.

Note for Ubuntu users: Please make sure you have installed –> sudo apt-get install python3-bs4 and apt-get install python3-setuptools

      Otherwise you may get Syntax Error stopping the program from running.
Note for Kali users: Please make sure you have installed –> apt-get install python3-dev apt-get install python-dev

Install Note:

$ git clone https://github.com/v3n0m-Scanner/V3n0M-Scanner.git
$ cd V3n0M-Scanner/
$ python3 setup.py install --user


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

KillChain – A Unified Console To Perform The “Kill Chain” Stages of Attacks

Kill Chain Setup:

Installing Killchain.py:

sudo apt-get update
sudo apt-get install websploit openvas veil-evasion tor
sudo git clone https://github.com/ruped24/killchain.git
cd killchain
chmod +x killchain.py
sudo ./killchain.py

Once the installation is complete:
Go through the options on the menu:

OpenVas takes a while on first run. Go get a coffee or two. You can launch multi Kill 
Chain sessions. No need to watch paint dry. Once OpenVas setup has completed; Reset 
openvas web interface admin password by running the commands below in an external 
terminal.
sudo openvas-start
sudo openvasmd --user=admin --new-password=
Point your browser to https://localhost:9392

Login Username = admin

Login Password = Your_new_reset_admin_password
Note on Veil-Evasion: Veil will complete the setup upon launch. Accept all the defaults. 
This takes a while. Don't leave the screen tho, there's dialog you will have to click 
through. Once it’s complete, it will auto launch.

Websploit: To exit websploit, type exit.

Metasploit: To exit Metasploit, type exit.

WiFite: It’s for site survey within the framework of this console.

Run wifite in an external terminal to do wireless attacks against the target.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.