Also, know that in this article we are going to talk about maskphish. Then, you have not yet read the previous post about maskphish I suggest you to read it because in this article I won’t discuss about the installation.
Maskphish is a simple bash script that helps to hide a phishing URL under a normal URL. This amazing help you to hide phishing link under URL like Facebook.com. Also, to generate a phishing link you can read Zphisher best termux tool for phishing
Termux command to install Maskphish
First, before to continue with this article, let first remind about some installation commands.
git clone https://github.com/jaykali/maskphish
Then, I consider you have already clone Maskphish, Now open your termux terminal then navigate into maskphish folder by using commands.
Then, after running the command maskphish will open and ready to go. This is the main menu of maskphish.
After executing the maskphish command the process is quiet easy then copy your phishing link that you want to hide. also, know that can be whatever generated by tool like Zphisher.
Then, we have to put the trusted URL that you know can attract your victim to click on. You can choose any link like https://facebook.com or https://youtube.com
Now this is a sweetest part where you have to use your social engineering words depending on what the victim can be. Also, if you are not good in social engineering attack you can use this guide.
Eg: sometimes your victim might be a football player or a fun of football. Now you can use words like “hey this is new best football skills for CR7 “.
Then, as you see the tool has already generate a link . you can now copy your phishing link generated by maskphish and send it to your victim.
Maskphish is a simple bash script that helps to hide a phishing URL under a normal URL. This amazing help you to hide phishing link under URL like Facebook.com.
Nowadays people are smart enough than in past years. It seems like phishing links became common for them and not easy to get them trapped again. Then, if you are reading this article it’s because you want to know how you can hide your phishing URL. Now you are on a good way to continue reading and hope after reading this article you will get what you need.
Then, I consider you to be familiar with termux and know how you can generate a phishing link. But if not don’t worry we thought about and prepare for you what can help you.
Then, why you should use Maskphish, and who can install it. we are going to discuss all these questions in this article.
Why you should use Maskphish
As I mentioned people are smart enough and it’s hard to trap them with a phishing link. Because phishing links look suspect most internet users are scared to open untrusted links. But the good news is that let us thanks to the contributor (https://github.com/jaykali) of this amazing tool who thought about that problem and resolves it.
Then, with Maskphish you can hide your phishing link under a trusted link like google.com and with that technic, you can easily get the trust of your victim.
Maskphish is easy to use
Also, is available on many platforms
You can have a discussion Maskphisher tool with contributors
it’s also free
Who can install Maskphish
Then, as you are aware of why you should use Maskphish, let us discuss who can install it. Maskphish is available on many platforms such as:
Now, this is the time to get Maskphish and install it. consider using one of the platforms discussed above. Also, if you don’t have termux or don’t know how to start with it you might read How to hack with your smartphone using termux.
NB: in this article we are discussing about Termux installation even if it can be the same with other platforms.
Then, the first step you have to update termux repository
apt-get update -y
apt-get upgrade -y
Also, if you don’t have git installed on your termux you should install it with the command
pkg install git -y
Then, the last step is to clone Maskfish from GitHub. You can just copy this link in your terminal and press enter.
git clone https://github.com/jaykali/maskphish
Now, navigate into the Maskphish folder in order to install it.
Also, if you want to discuss about Maskphish or having issue with the tool follow the discussion now.
Conclusion and Legal Disclainer
This tool is for education purpose only. Usage of MaskPhish for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this tool. Use Responsibly!
Zphisher is an advanced phishing toolkit it is an upgraded version of Shellphish. It also has the main source code from Shellphish but ZPhisher is upgraded. Also, has removed some unnecessary codes from Shellphish.
Also, it is a beginner’s friendly, automated phishing tool with 30+ templates.
What are the features of Zphisher?
Then, it’s time to see Zphisher features.
Latest and updated login pages.
Mask URL Support
Multiple tunneling options (Localhost, Ngrok )
What are Zphisher dependencies?
Notice: All the dependencies will be installed automatically when you run Zphisher for the first time.
Usage of Zphisher for attacking targets without prior mutual consent is illegal. Also, It’s the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.
Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.
Additionally, a man in the middle attack requires three players. There’s the victim is trying to communicate, and the man-in-the-middle, who is intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the MITM.
How does a Man In The Middle Attack work?
Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. Then, you click on a link in the email received and are taken to what appears to be your bank’s website, where you log in and perform the requested task.
In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate.
This attack also involves phishing, getting you to click on the email appearing to come from your bank.
Also, he created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. And the time you log in, you are not logging into your bank account, but you are handing over your credentials to the attacker.
Man In The Middle attack progression
Man In The Middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware.
Successful MITM execution has two distinct phases: interception and decryption.
The first step intercepts user traffic through the attacker’s network before it reaches its intended destination.
The most common (and simplest) way of doing this is a passive attack in which an attacker makes free, malicious WiFi hotspots available to the public. Typically named in a way that corresponds to their location, they aren’t password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.
When an attacker wishing to take a more active approach to interception, he may launch one of the following attacks:
IP spoofing involves an attacker disguising himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website.
ARP spoofing is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages. As a result, data sent by the user to the host IP address is instead transmitted to the attacker.
DNS spoofing, also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. As a result, users attempting to access the site are sent by the altered DNS record to the attacker’s site.
After an interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. A number of methods exist to achieve this:
HTTPS spoofing sends a phony certificate to the victim’s browser once the initial connection request to a secure site is made. It holds a digital thumbprint associated with the compromised application, which the browser verifies according to an existing list of trusted sites. The attacker is then able to access any data entered by the victim before it’s passed to the application.
SSL hijacking occurs when an attacker passes forged authentication keys to both the user and the application during a TCP handshake. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session.
SSL stripping downgrades an HTTPS connection to HTTP by intercepting the TLS authentication sent from the application to the user. The attacker sends an unencrypted version of the application’s site to the user while maintaining the secured session with the application. Meanwhile, the user’s entire session is visible to the attacker.
Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.
Also, with the amount of tools readily available to cybercriminals for carrying out Man In The Middle attacks, it makes sense to take steps to help protect your devices, your data.
make sure you always visit website with the HTTPS
Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser.
Never connect to public WIFI routers directly, if possible a VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public WIFI, like passwords or credit card information.
Avoiding WIFI connections that aren’t password protected.
For website operators, secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks by robustly encrypting and authenticating transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data, such as authentication tokens.
This guide is all about how to become an ethical hacker. Then, before we continue we have first to know who are ethical hackers and what they can do. Becoming an ethical hacker may seem easy in theory. But to become a good hacker you have to follow some steps.
Who is a hacker?
The word hacker originally defined a skilled programmer proficient in machine code and computer operating systems. Also, a hacker is a person who breaks into a computer system. The reason for hacking can be many: installing malware, stealing, or destroying data.
Hackers can be also there to find software vulnerabilities in order to fix them.
How does hacking work?
Hackers breach defenses to gain unauthorized access into computers, phones, tablets, IoT devices, networks, or entire computing systems. Hackers also take advantage of weaknesses in network security to gain access. The weaknesses can be technical or social in nature. Let also see some types of hackers.
Now as you already know who is a hacker let us see also what is ethical hacking.
what is ethical hacking?
Ethical hacking involves the legal use of hacking techniques for benevolent versus malicious purposes. Ethical hackers use penetration testing and other tactics to find software vulnerabilities and other security weaknesses so they can be promptly addressed.
Who is a penetration tester?
Many people think that a Penetration Tester is just a White Hat Hacker but this is wrong… White Hat Hacker is anyone who works or fight to protect the cyber security…
Penetration Testers are essentially Gray Hat Hackers. They are between the two worlds… this makes Penetration Testers be the most Advanced Hackers because they know how to attack and how to protect!
who is an ethical hacker?
The term ethical hacker includes all security professionals that provide offensive services, whether red team, pentester, or freelance offensive consultant. Also, an ethical hacker’s primary purpose is to view security from the adversary’s perspective in an effort to find vulnerabilities that could be exploited by bad actors.
Role of an ethical hacker
Ethical hackers can be independent freelance consultants, employed by a firm that specializes in simulated offensive cybersecurity services, or they can be an in-house employee protecting a company’s website or apps.
Possessing ethical hacker skills and knowledge is helpful for many other security roles
Now can see then how to become an ethical hacker as you already who he is and what he can do.
The skills required to become an ethical hacker
While there are plenty of anecdotal stories of blackhat hackers being converted to be whitehats in a bygone era, the most important requirement for becoming a successful ethical hacker today is to have, as is found in the name, high ethical standards.
Ethics are what separates the good guys from the bad guys. There are plenty of blackhat hackers that have adequate technical skills to be ethical hackers, but they lack the discipline of character to do the right thing regardless of the perceived benefits of doing otherwise.
A candidate for an ethical hacker job must be able to demonstrate advanced cybersecurity technical skills. The ability to recommend mitigation and remediation strategies is a part of the desired experience.
To become an ethical hacker you have to understand the networks.
A hacker should be able to gather information about a network with the intent to secure the network system. He can also use various tools like Telnet, NS lookup, Ping, Tracert, etc.
Also an ethical hacker must know about the networking and how a network work. He must know about fundamentals of network such as: network models, IP address and network protocols etc. Networking skills is very important in ethical hacking field. Almost all devices are connected to the network.
An ethical hacker must be proficient with operating systems, especially Windows and Linux
Linux System hacking
Linux is an operating system that acts as an intermediary as a bridge between the physical device and the instruction code of the program. in our previous article, we discussed the Linux tutorial for beginners.
You may find that many people on the internet say that you don’t need to know how to program to be a hacker, I don’t judge them but programming is more important in hacking. Sure you may perform some attacks without programming skills by using other script, but at a given point it will require you to have skills in programming.
Programming languages that an ethical hacker need to know
How to get experience as an ethical hacker
Experience with vulnerability testing tools, such as Metasploit, Netsparker, and OpenVAS, is very helpful for ethical hackers. These tools and there are many more of them, are designed to save time when searching for known vulnerabilities. These or similar tools may provide a useful framework for vulnerability scanning and management but should represent only the starting point for an experienced ethical hacker. Also, get in hands with kali linux operating system.
What is the Outlook for Ethical Hackers?
Cyberwarfare is extremely common, and many high-profile enterprises have been subject to major hacking issues. In this day and age, spending on IT security on a global scale is reaching the trillion-dollar mark. What better way to combat the threat of black-hat hacking than by making use of an army of white-hat hackers?
The demand for ethical hackers is at an all-time high and rising. Many experienced, ethical hackers can expect to earn in excess of $120,000 per year, especially if they are running their own consultancies or penetration testing companies.
So do you want to learn Termux hacking or to improve your skills in hacking using your Android phone?. You are on the right way if you were having that need.
Knowledge is like a garden: if it is not cultivated, it cannot be harvested.
In our previous article, we have mentioned the Best android apps to learn programming in 2021. These android apps can help you in your journey as a software developer. In this article, we are going to see the best android apps Termux learner in 2021 from the play store.
Many people are using their mobile phones for chatting, calling, and messaging while others are transforming their Android phones as their library. Then, let us see how you can learn Termux hacking from your phone easily.
Best android apps you should install in 2021 from the Play store
Now, here is a list of all android apps we are going to discuss in this article, which will help you to have an idea of what we will discuss in this article.
Then, this is another app that we can’t forget in the list. With Termux guide app in tamil, you will easily learn how to use termux and all its tools and commands. Also, you can choose your language in order to understand the content provide by the app.
Also, with the Termux Command app, you can learn about all frequently using basic termux commands in detail.
Additionally, this app is very helpful for beginners in learning how termux works. After learning about these basic commands I am sure you will be able to install various termux tools so easily. These basic commands will help you to increase your ethical hacking & vulnerability analysis skills.
Then, let us see about the Termux tools installation guide, this app provides installation commands for install various tools in termux. Also, it provides a guide for modifying termux overviews and add features in termux. Additionally, with the help of this guide, you can install tools for penetration testing in termux. Commands for installing the different operating systems in termux like Ubuntu, Windows, Kali, Parrot, Other Linux Distro.
Finally, we have enumerated all the Best android apps you should install in 2021 from the Play store to learn termux, now it’s your turn to choose what will fit best for you. good luck but don’t forget to give your comment so that we can know what is your choice among these apps.
Termux is an Android terminal emulator and Linux environment application that works directly with no rooting or setup required. A minimal base system is installed automatically, additional packages are available using the package manager.
you can see that the environment setup in Termux is similar to that of a modern Linux distribution. However, running on Android implies several important differences. you can decide today to start with Termux and get familliar with it if not yet done.
Termux is not FHS compliant
The reason why Termux does not use official Debian or Ubuntu packages for its environment it’s because it does not follow FHS.
The Filesystem Hierarchy Standard (FHS) defines the directory structure and directory contents in Linux distributions. It is maintained by the Linux Foundation.
Termux does not follow Filesystem Hierarchy Standard unlike the majority of Linux distributions. You cannot find directories like /bin, /etc, /usr, /tmp, and others at the usual location. Thus, all programs should be patched and recompiled to meet the requirements of the Termux environment otherwise they will not be able to find their configuration files or other data.
You may have a problem executing scripts that have standard shebangs (e.g. #!/bin/sh). Use the termux-fix-shebang script to modify these files before executing. Recent versions of Termux provide a special package (termux-exec) that allows usage of standard she-bangs. Hope you can be happy to know these 6 best os for hacking and penetration testing
Most of packages have shared library dependencies which are installed to $ PREFIX/lib.
On devices before Android 7, Termux exports special variable ($ LD_LIBRARY_PATH) which tells linker to where find shared library files.
Also, on Android 7 or higher, DT_RUNPATH ELF header attribute is used instead of LD_LIBRARY_PATH.
If you still need a classical Linux file system layout for some reason, you may try to use termux-chroot from package ‘proot’:
$ pkg install proot
$ ls /usr
Termux uses Bionic libc
To have best compatibility with Android OS and remove the need of maintaining custom toolchains termux developper compile all their packages with Android NDK. Resulting binaries are linked against Bionic libc (files libc.so, libm.so, libdl.so from /system/lib or /system/lib64).
Usage of libc provided by Android and FHS incompatibility disables ability to execute native packages copied from Linux distributions:
Dynamically linked programs will not run due to linker expected in nonexistent location (/lib) and libc ABI mismatch.
Statically linked programs (only networking ones) will not be able to resolve DNS names. GNU libc normally doesn’t allow static linking with resolver. Also, the file /etc/resolv.conf does not exist on Android.
On non-rooted Android 8 or newer, statically linked programs will not run due to issues with seccomp filter.
However, these restrictions can be bypassed by setting up a Linux distribution rootfs with PRoot
what is PRoot?
PRoot is a user-space implementation of chroot, mount –bind, and binfmt_misc. This means that users don’t need any privileges or set up to do things like using an arbitrary directory as the new root filesystem, making files accessible somewhere else in the filesystem hierarchy, or executing programs built for another CPU architecture transparently through QEMU user-mode.
Root file system is stored as ordinary application data
Root file system and user home directory are located in private application data directory which lives on data partition. Paths to these directories are exposed as $ PREFIX and $HOME respectively.
You cannot move $ PREFIX to another location because all programs expect that it will not be changed. Additionally, you cannot have binaries, symlinks, and other files from $ PREFIX on sdcard. The reason is simple – file system there does not support UNIX permissions, symlinks, sockets, etc…
if you uninstall the application or wipe data, directories $ PREFIX and $HOME will be wiped too. Before doing this, make sure that all-important data is backed up.
Termux is single-user
Android applications are convenient and have their own Linux user id and SELinux label. Termux is not an exception and everything within Termux is executed with the same user id as the application itself. User name may look like u0_a231 and cannot be changed as it is derived from user id by Bionic libc.
All termux packages (except root-only ones) are patched to drop any multiuser, setuid/setgid and other similar functionality. termux developer also changed default ports for server packages: ftpd, httpd and sshd have their default ports set to 8021, 8080, and 8022 respectively.
Termux developers give you freedom of read-write access to all application components including $PREFIX. Be careful since it is very easy to break things by accidentally deleting or overwriting files in $PREFIX.
congratulation you have reached the end of the article hope now you know the differences between termux and modern linux. thankyou.
you may wonder how to install the hacking tool for termux named Tool-X don’t worry you are on the right place, by following this article step by step you will be ready to install Tool-X properly on termux.
Tool-X is a Kali Linux hacking tools installer for Termux and Linux system. Tool-X was developed for Termux and Linux based systems.
Since you are using Tool-X, you can install almost 370+ hacking tools in Termux (android) and other Linux based distributions. Now Tool-X is available for Ubuntu, Debian.
As well as now you know what is Tool-X, sometimes you may ask your self questions if you can install Tool-X on your mobile , or if your phone can support Tool-X. let me tell you the good news is that Tool-X is available for :
Finally, we have answered the question, Who can install and how to install Tool-X.let then see how to use it. In addition to use, Tool-X navigates through the app. Also, Tool-X gives 5 option that you can choose from. To open Tool-X type Tool-x OR Toolx on the terminal.
Did you know that you can hack with your smartphone?
When it comes to hacking tools, there are more than thousands of tools available for Termux. In this article, we are going to see important tools which are very powerful and used by professional security researchers, ethical hackers, and even black hat hackers.
The tools which are compatible with Termux (especially the tools available for Kali Linux) and finally those tools used by all kind of hackers.
Also, when it comes to hacking tools, mainly we should focus on information-gathering tools, vulnerability scanning tools, and exploiting tools.
Information Gathering Tools on Termux – hacking:
There are hundreds of tools that are available for information gathering, it varies from the need of hackers.
Gathering information is the first step where a hacker tries to get information about the target. Also, Hackers use different sources and tools to get more information, and some of them are briefly explained here. This information will be useful for you to become an ethical hacker.
Nmap – hacking tool
The first app is Nmap, it is a port scanning utility that can use a number of techniques to determine what ports are open, as well as complex information such as identifying the underlying operating system of the target system. This tool is also, available on Kali Linux if you are a user of Kali Linux or you want to learn it, you can use our guide on how to install kali Linux os in 2021.
Also, Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
Installation of Nmap Hacking tool on Termux.
As well as we discussed what Nmap is, now let us see how we can install it on termux. Installing Nmap on Termux is simple than you may think.
First, it’s very important to follow all steps, if you want to install Nmap properly. Now, open your terminal and type this command.
$ apt update && apt upgrade -y
This command will update all the previous installed packages on your termux.
Next, Now that Nmap is just a basic package in termux and it is easy to install.
$ pkg install nmap -y
Then, the installation will start then wait until it finishes to install. Then After installation, type Nmap, and it will be executed. If you are not familiar with the Nmap command go on the official page to learn some commands. Nmap.org
How to scan a website with the Nmap Termux app
Before trying to use this command make sure that you are the owner of the website. we are not responsible for your bad actions.
Man Nmap: Also, type this command if you want to view the different options and examples for the scanning.
Simplest Syn Scan: nmap -sS <target_ip>
Th3Inspector tool – hacking tool
The second is Th3inspector is an open-source information gathering tool available on Github through which you can easily find much information about the target such as Server details, whois info, target IP, Phone number, email, sub-domains, etc.
Let’s now see how you can get Th3Inspector on termux
First, open the termux terminal install git if not yet installed, then type this command down.
git clone https://github.com/Moham3dRiahi/Th3inspector.git cd Th3inspector
chmod +x install.sh && ./install.sh
Red Hawk is an open-source tool that is used for information gathering and certain vulnerability scanning. Also, it detects Content Management Systems (CMS) in use of a target web application, IP address, web server record, Cloudflare information, and robots.txt data.
Also, it can detect WordPress, Drupal, Joomla, and Magento CMS. Other scanning features of Red Hawk include WHOIS data collection, Geo-IP lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP, and MX records lookup. As a vulnerability scanner, Red Hawk looks for error-based SQL injections, WordPress sensitive files, and WordPress version-related vulnerabilities.
Let’s now see how you can get the RED_HAWK tool on termux
Open your Termux, then on the terminal type this command down. you should first update and upgrade termux, and if git is not yet installed you should first install it.
git clone https://github.com/Tuhinshubhra/RED_HAWK.git
Sqlmap is open-source software. Also, is one of the most powerful penetration testing tools available on the internet. Additionally, it is one of my favorite tools and it is coded in python. You can use sqlmap to exploit and extract database information from SQL vulnerable websites.
Let’s now see how you can get Sqlmap tool on termux
First, Open Termux and update it with the command pkg update then press Enter. After updating then follow the next step which is the installation of Sqlmap.
pkg install python2
install git if not yet pkg install git
git clone https://github.com/sqlmapproject/sqlmap
Metasploit is a penetration testing framework that makes hacking simple. Also, It’s an essential tool for many attackers and defenders. Point Metasploit at your target, pick an exploit, what payload to drop.
Hydra is a parallelized login cracker that supports numerous protocols to attack. Also, it is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
install hydra tool on termux
First, open your Termux terminal update and upgrade required then type this command down.
Tool-X is a Kali Linux hacking tools installer for Termux and Linux systems. Tool-X was developed for Termux and Linux based systems. Using Tool-X, you can install almost 370+ hacking tools in Termux (android) and other Linux-based distributions. Now Tool-X is available for Ubuntu, Debian, etc…
onex a hacking tools library. Onex is a kali Linux hacking tools installer for termux and other Linux distribution. Also, it is a package manager for hackers. Onex manages more than 370+ hacking tools that can be installed with a single click. Use onex install [tool_name] command to install any hacking tool.
There are many hacking tools that can be used on Termux as I mentioned above. Hope you will be able to use all these tools mentioned in this article when you will do deep research on how to use them. Also, Take courage you are almost in a good way. And if you have not yet read the first part I recommend you to read it, and if you are having a comment or a suggestion don’t keep it for yourself but share it with us. Thank you