JD

Hackers need to learn so much, it's spicy.

This collection is divided into three parts:
(1) Hacker-related forums and websites
(2) Domestic and international penetration search engines
(3) Hacker-related eBooks

(1) Hacker-related forums & websites
In addition to searching for hacker-related content on Google, Twitter, YouTube, (if you are particularly averse to non-Chinese content, Bilibili is highly recommended), you can learn more hacking techniques from the following sites.

1. Hacker technology news
   Thehackernews: https://thehackernews.com/
   Freebuf: https://www.freebuf.com/

2. Hacker forums
   Cracking Address: https://cracking.org/forums/cracking-tools.16/

Offensive Community Address: https://ww1.offensivecommunity.net/

3. GitHub sites
   <1> Bug Bounty Reference
   Address: https://github.com/ngalongc/bug-bounty-reference

<2> PayloadsAllThings
https://github.com/swisskyrepo/PayloadsAllTheThings

<3> Get the latest vulnerabilities: https://github.com/rapid7/metasploit-framework/pulls

<4> Hacker tools: https://github.com/Z4nzu/hackingtool

<5> List of hacker-related resources: https://github.com/Lifka/hacking-resources

<6> A set of resource lists prepared for hackers, penetration testers, and security researchers
Address: https://github.com/Hack-with-Github/Awesome-Hacking

4. Two cloud storage resources

5. Over 100 types of tools, cracking, hacking attacks, etc.
   Address: https://mega.nz/folder/A8BxjKSK#AQiOE0jm95XOevYqhx4F-Q

6. Advanced ANDROID hacking course
   Address: https://drive.google.com/drive/folders/1_G6kt5leGkmzMs_hveS0oUya591gVso2

7. 5000G network technology resource links
   Address: http://blog.haozi.org/post/107.html

8. A Russian hacker resource sharing website
   Address: https://lrepacks.ru/

9. AdminTony's Blog (Hacker blog, penetration web security)
   Address: http://www.admintony.com/

10. The top ten tools commonly used by hackers and security personnel
    Address: https://zhuanlan.zhihu.com/p/75475279

11. Sploitus vulnerability search engine
    A vulnerability search engine that can help you find publicly available vulnerabilities quickly
    Address: https://sploitus.com/

12. Introduction to hacker tools
    Address: https://www.kitploit.com/

13. Exploitation tool Metasploit
    Address: https://www.metasploit.com/

14. Media
    A great platform to search for what you need and gain knowledge.
    Address: https://media.ccc.de/

15. pentesterland
    If you are a penetration tester, this site will be immensely useful to you.
    Address: https://pentester.land/

16. A collection of all classic exploitation processes from the past to the present.
    Address: https://pentester.land/list-of-bug-bounty-writeups.html

17. RAT downloader
    Address: http://ww7.connect-trojan.net/

18. Some practice websites that can enhance hacking skills

19. CoderWall (A community providing a platform for global hacker communication)
    Address: https://coderwall.com/

20. pwnable.kr
    https://pwnable.kr/

21. hack-me
    https://hack.me/

22. ctflearn
    https://ctflearn.com/

23. root-me
    https://www.root-me.org/?lang=en

24. Web Application Exploits and Defenses
    https://google-gruyere.appspot.com/

25. hackthebox
    https://www.hackthebox.eu/

26. hacking-lab
    https://hacking-lab.com/index.html

27. gameofhacks
    http://www.gameofhacks.com/

28. overthewire
    https://overthewire.org/

29. microcorruption
    https://microcorruption.com/

30. xss-game
    https://xss-game.appspot.com/?utm_source...dium=email

31. hackthissite
    https://www.hackthissite.org/pages/index/index.php

32. crackmes
    https://crackmes.one/

33. pentest
    https://pentest.training/

34. hellboundhackers
    https://www.hellboundhackers.org/

35. hax.tor
    http://hax.tor.hu/

36. thisislegal
    https://thisislegal.com/

37. tryhackme
    https://tryhackme.com/

38. vulnhub
    https://www.vulnhub.com/

Some website sources: How I entered the hacker world (https://www.freebuf.com/articles/neopoints/190895.html)?

(2) Domestic and international penetration search engines

International section

1. Shodan search engine

Address: https://www.shodan.io/
Shodan is a network search engine focused on searching for network devices and servers. Specific content can be found online, here is its advanced search syntax.

Search syntax
hostname: Search for a specific host or domain name, e.g., hostname:”google”
port: Search for a specific port or service, e.g., port:”21”
country: Search for a specific country, e.g., country:”CN”
city: Search for a specific city, e.g., city:”Hefei”
org: Search for a specific organization or company, e.g., org:”google”
isp: Search for a specific ISP provider, e.g., isp:”China Telecom”
product: Search for a specific operating system/software/platform, e.g., product:”Apache httpd”
version: Search for a specific software version, e.g., version:”1.6.2”
geo: Search for a specific geographical location, e.g., geo:”31.8639, 117.2808”
before/after: Search for data before or after a specified collection time, format dd-mm-yy, e.g., before:”11-11-15”
net: Search for a specific IP address or subnet, e.g., net:”210.45.240.0/24”

2. Censys search engine

Address: https://www.censys.io/
Censys search engine functions similarly to Shodan, here are some document links.

https://www.censys.io/certificates/help Help documentation
https://www.censys.io/ipv4?q= IP query
https://www.censys.io/domain?q= Domain query
https://www.censys.io/certificates?q= Certificate query

Search syntax

By default, Censys supports full-text search.
23.0.0.0/8 or 8.8.8.0/24 can use and or not
80.http.get.status_code: 200 Specify status
80.http.get.status_code:[200 TO 300] Status codes between 200-300
location.country_code: DE Country
protocols: (“23/telnet” or “21/ftp”) Protocol
tags: scada Tag
80.http.get.headers.server：nginx Server type version
autonomous_system.description: University System description regex

3. Dnsdb search engine

Address: https://www.dnsdb.io/
Dnsdb search engine is a query platform for dbs resolution.

Search syntax
DnsDB query syntax structure is condition1 condition2 condition3 …., each condition is separated by a space, DnsDB will return results that meet all query conditions to the user.

Domain query conditions
Domain query refers to querying all DNS records of a top-level private domain, the query syntax is domain:.
For example, to query all DNS records of google.com: domain.com.
Domain query can omit domain:.

Host query conditions
Query syntax: host:
For example, to query the DNS records of the host address mp3.example.com: host.example.com
The difference between host query conditions and domain query conditions is that host query matches the Host value of the DNS record.

Query by DNS record type
Query syntax: type:.
For example, to query only A records: type
Usage condition: type: query syntax can only be used if domain: or host: condition exists.

By IP restriction
Query syntax: ip:
Query a specific IP: ip:8.8.8.8, this query is equivalent to directly entering 8.8.8.8 for querying.
Query a specific IP range: ip:8.8.8.8-8.8.255.255
CIDR: ip:8.8.0.0/24
Maximum IP range limit is 65536.

Supplement: Google Hacking Database
Address: https://www.exploit-db.com/google-hacking-database

4. binaryedge
   Official website: https://www.binaryedge.io/

5. crt.sh
   Official website: https://crt.sh/

6. pinatahub
   Official website: https://pinatahub.incognita.tech

7. searchcode
   Official website: https://searchcode.com/

8. greynoise
   Official website: https://www.greynoise.io/blog

9. hunter
   Official website: https://hunter.io/

10. Project Sonar
    Official website: https://opendata.rapid7.com/

11. intelx
    Official website: https://intelx.io/

12. dnsdumpster
    Official website: https://dnsdumpster.com/

13. phonebook.cz
    Official website: https://phonebook.cz/

14. fullhunt
    Official website: https://fullhunt.io/

15. netlas
    Official website: https://netlas.io/

Domestic section

1. FOFA
   FoFa search engine focuses on asset search.
   Address: https://fofa.info/

Search syntax
title=”abc” Search for abc in the title. Example: Websites with Beijing in the title.
header=”abc” Search for abc in the HTTP header. Example: jboss server.
body=”abc” Search for abc in the HTML body. Example: Body contains Hacked by.
domain=”qq.com” Search for websites with the root domain containing qq.com. Example: Websites with the root domain qq.com.
host=”.gov.cn” Search for .gov.cn in the URL, note that the search should use host as the name.
port=”443” Find assets corresponding to port 443. Example: Find assets corresponding to port 443.
ip=”1.1.1.1” Search for websites containing 1.1.1.1 from IP, note that the search should use ip as the name.
protocol=”https” Search for specified protocol type (effective when port scanning is enabled). Example: Query https protocol assets.
city=”Beijing” Search for assets in a specified city. Example: Search for assets in a specified city.
region=”Zhejiang” Search for assets in a specified administrative region. Example: Search for assets in a specified administrative region.
country=”CN” Search for assets in a specified country (code). Example: Search for assets in a specified country (code).
cert=”google.com” Search for certificates (https or imaps, etc.) containing google.com assets.
Advanced search:

title=”powered by” && title!=discuz
title!=”powered by” && body=discuz
( body=”content=\”WordPress” || (header=”X-Pingback” && header=”/xmlrpc.php” && body=”/wp-includes/“) ) && host=”gov.cn”

2. Zhong Kui's Eye
   Zhong Kui's Eye search engine focuses on web application-level searches.
   Address: https://www.zoomeye.org/

Search syntax
app Component name
ver:1.0 Version
os Operating system
country:”China” Country
city:”hangzhou” City
port:80 Port
hostname Hostname
site.one Website domain
desc Description
keywords’blog Keywords
service Service type
ip:8.8.8.8 IP address
cidr:8.8.8.8/24 IP address range

3. 360quake
   Official website: https://quake.360.cn/quake/

4. Global Hawk (hunter)
   Official website: https://hunter.qianxin.com/

5. Diting
   Official website: https://www.ditecting.com/

6. Zhifeng
   Official website: https://zhifeng.io/web/new/

(3) Hacker-related eBooks & tools

20. Ultimate Facebook Scraper
    This bot can scrape almost all content from Facebook user profiles, including all public posts/statuses available on the user's timeline, uploaded photos, tagged photos, videos, friend lists, and profile pictures (including followers, followed, work friends, college friends, etc.).
    Address: https://github.com/harismuneer/Ultimate-Facebook-Scraper

21. Hacktronian
    A multi-in-one hacking tool for Linux and Android.

Official website: https://thehackingsage.com/
Project address: https://github.com/thehackingsage/hacktronian

18. Tool-X
    Tool-X is a hacking tool installer for Kali Linux. Developed for Termux and other Android terminals, Tool-X allows you to install nearly 370 hacking tools in the Termux app and other Linux-based distributions.

Project address: https://github.com/ekadanuarta/Tool-X

17. Instainsane
    Instainsane is a shell script that can perform multi-threaded brute force attacks on Instagram, capable of bypassing login restrictions and testing an unlimited number of passwords at a rate of about 1000 passwords per minute with 100 attempts at a time.

Project address: https://github.com/umeshshinde19/instainsane

16. SocialBox
    A brute force attack framework coded by Belahsan Ouerghi (Facebook, Gmail, Instagram, Twitter)

Project address: https://github.com/Cyb0r9/SocialBox

15. PhoneSploit
    Exploits Android devices by using open ADB ports.

Project address: https://github.com/aerosol-can/PhoneSploit

14. QRLJacker v2.0
    A new social engineering attack surface.
    Project address: https://github.com/OWASP/www-project-qrljacker

15. DNS Shell
    Interactive shell on DNS channel
    Address: https://github.com/sensepost/DNS-Shell

16. Shellphish
    Phishing tools for 18 social media platforms (Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest)

Project address: https://github.com/suljot/shellphish

11. OKadminFinder
    In short, a backend scanner.
    Address: https://github.com/mIcHyAmRaNe/okadminfinder
    Address: https://github.com/mIcHyAmRaNe/okadminfinder3

12. ScanQLi
    ScanQLi is a simple SQL injection scanner with some additional features. This tool cannot exploit SQLi, it can only detect them.

Project address: https://github.com/bambish/ScanQLi

9. SQLMap
   Automatic SQL injection and database takeover tool.

Project address: https://github.com/sqlmapproject/sqlmap

Official website: https://sqlmap.org/

8. EasySploit
   Metasploit automation (faster than ever).
   Project address: https://github.com/KALILINUXTRICKSYT/easysploit

Options
Windows
Android
Linux
MacOS
Web
Scan if the target is vulnerable to ms17_010
Exploit Windows 7/2008 x64 via IP (ms17_010_eternalblue) to enable remote desktop (ms17_010_eternalblue)
Exploit Windows Vista / XP / 2000/2003 via IP (ms17_010_psexec) to enable remote desktop (ms17_010_psexec)
Contact Windows via link (HTA server)

7. LOIC 1.0.8
   Network stress tester.
   Address: https://github.com/NewEraCracker/LOIC

LOIC performs denial of service (DoS) attacks on target sites by sending TCP or UDP packets to disrupt the service of specific hosts (or DDoS attacks used by multiple people). Many people voluntarily use LOIC to join botnets.

The software inspired the creation of an independent JavaScript version called JS LOIC and a web-based version called Low Lowbit Web Cannon, which enables DoS from web browsers for stress testing.

6. Sampler
   A tool for shell command execution, visualization, and alerts (configured using simple YAML files).
   Project address: https://github.com/sqshq/sampler
   Official website: https://sampler.dev/

Usage: Can sample any dynamic process directly from the terminal, observe changes in the database, monitor MQ real-time messages, trigger deployment scripts, and get notifications upon completion.
If shell commands can be used, Sampler can temporarily visualize them.

5. CQTools
   The latest Windows hacking toolkit.
   Documentation address: https://cqureacademy.com/

Starting from sniffing and spoofing activities, through information gathering, password extraction, custom shell generation, custom payload generation, antivirus solutions, code hiding, various keyloggers, etc., this toolkit can conduct comprehensive attacks within the infrastructure and use this information for re-attacks. Some of these tools are being released to the world for the first time by the CQURE team.

4. ANDRAX v4 DragonFly

5. EagleEye
   Friend tracker that uses image recognition and reverse image search to find their Instagram, Facebook, and Twitter profiles.
   Project address: https://github.com/ThoughtfulDev/EagleEye

Requires at least one photo of a friend (must be a .jpg file) and their name or nickname. (Can be installed with one click using docker)
Searches using facial recognition, which is quite useful. For example, if you want a certain girl's Twitter account, just take any photo of her and input some name or nickname to search. (Of course, there are many lookalikes too~)

2. Findomain v0.9.3
   The fastest and cross-platform subdomain enumerator. (Originally intended to promote it, but it was accidentally overlooked)
   Project address: https://github.com/Findomain/Findomain

Its biggest advantage is: fast, collecting 84110 subdomains in 5.5 seconds.
Features
Subdomain monitoring
API queries
DNS over TLS support
Determine if a domain resolves
Output to file, etc.

1. Hijacker v1.5
   A multi-in-one WiFi cracking tool for Android.
   Project address: https://github.com/chrisk44/Hijacker

Suitable for Android 5+ Aircrack, Airodump, Aireplay, MDK3, and Reaver GUI applications. (Requires root)
Features
View nearby WiFi and device lists
Get access point information

Disconnect others' connections
Capture packets, etc.