on termux you use proot-distro for installing kali and blackarch linux.

install via apt install proot-distro

use podman over docker, since we do not need gpu here, and want faster pulling speed.

recent version of podman requires extra layer of domain/index specification before searching and pulling images.

1
2
3

podman search docker.io/kali
podman pull docker.io/kalilinux/kali-rolling

if you want to run network scanning commands like nmap, you would grant the container sufficient permissions:

1
2

podman run --cap-add=NET_RAW --cap-add=NET_ADMIN --rm -it docker.io/parrotsec/security

metasploitable2, parrot linux also have docker images. more cybersecurity/ctf related images to be found.

run this query in search engines:

1
2

site:github.com cybersecurity docker images

https://github.com/VaultSEC/osint

https://github.com/PberAcademy/Dockerimages

on ubuntu you use docker for pulling kali and blackarch linux images. latest images are pushed to docker hub.

1
2
3
4
5

sudo docker pull kalilinux/kali-rolling
# kali-rolling does not contain all packages
# run inside container: apt update && apt install -y kali-linux-headless
sudo docker pull blackarchlinux/blackarch

it is always recommend to update and upgrade the blackarch you installed.

1. Invicti

Invicti is a web application security scanner hacking tool to find SQL Injection, XSS, and vulnerabilities in web applications or services automatically.

2. Fortify WebInspect

It is used to identify security vulnerabilities by allowing it to test the dynamic behavior of running web applications.

3. Cain & Abel

It is used to recover the MS Access passwords

4. Nmap (Network Mapper)

Used in port scanning, one of the phases in ethical hacking, is the finest hacking software ever.

5. Nessus

Nessus is the world’s most well-known vulnerability scanner, which was designed by tenable network security. It is free and is chiefly recommended for non-enterprise usage.

6. Nikto

Checks web servers and identifies over 6400 CGIs or files that are potentially dangerous

7. Kismet

Kismet is basically a sniffer and wireless-network detector that works with other wireless cards and supports raw-monitoring mode.

8. NetStumbler

Identifying AP (Access Point) network configuration

9. Acunetix

Integration of scanner results into other platforms and tools

10. Netsparker

Uniquely verifies identified vulnerabilities, showing that they are genuine, not false positives

11. Intruder

Integrates with Slack, Jira, and major cloud providers

12. Nmap

Contains a data transfer, redirection, and debugging tool

13. Metasploit

Ideal for finding security vulnerabilities

14. Aircrack-Ng

It can crack WEP keys and WPA2-PSK, and check Wi-Fi cards

15. Wireshark

Allows coloring rules to packet lists to facilitate analysis

16. OpenVAS

OpenVAS has the capabilities of various high and low-level Internet and industrial protocols, backed up by a robust internal programming language.

17. SQLMap

Supports executing arbitrary commands

18. Ettercap

Live connections sniffer

19. Maltego

Performs real-time information gathering and data mining

20. Burp Suite

Uses out-of-band techniques

21. John the Ripper

Tests different encrypted passwords

22. Angry IP Scanner

This is a free tool for scanning IP addresses and ports

23. SolarWinds Security Event Manage

Recognized as one of the best SIEM tools, helping you easily manage memory stick storage

24. Traceroute NG

Detects paths changes and alerts you about them

25. LiveAction

Its packet intelligence provides deep analyses

26. QualysGuard

Responds to real-time threats

27. WebInspect

Tests dynamic behavior of web applications for the purpose of spotting security vulnerabilities

28. Hashcat

Supports distributed cracking networks

29. L0phtCrack

Fixes weak passwords issues by forcing a password reset or locking out accounts

30. Rainbow Crack

31. IKECrack

IKECrack is an authentication cracking tool with the bonus of being open source.

32. Sboxr

Checks for over two dozen types of web vulnerabilities

33. Medusa

One of the best tools for thread-based parallel testing and brute-force testing

34. Cain and Abel

uncovers password fields, sniffs networks, recovers MS Access passwords, and cracks encrypted passwords using brute-force, dictionary, and cryptanalysis attacks.

35. Zenmap

Administrators can track new hosts or services that appear on their networks and track existing downed services

openai says i should edit /etc/wpa_supplicant/wpa_supplicant.conf like this to connect to 5G wifi:

1
2
3
4
5
6

network={
ssid="<SSID>"
psk="<password>"
frequency=5180
}

also set frequency of wifi card like this:

1
2
3

sudo ifdown wlan0 && sudo ifup wlan0
sudo iw dev wlan0 set freq 5180

unplug ethernet, then we are golden.

1
2

traceroute baidu.com

how to check avaliable wifi ssids without network-manager:

1
2

sudo iwlist wlan0 scan | grep ESSID

default login (maybe not):

1
2
3

username: pi
password: raspberry

in order to start sshd, touch ssh under boot partition

recover dhcpcd service:

1
2
3

sudo systemctl enable dhcpcd.service
sudo systemctl restart dhcpcd.service

config the password with proot -S <path_to_rootfs> -b <boot_partition>:/boot -q qemu-arm /usr/bin/bash and passwd

you’ve installed raspap on this device. you use the default credentials. this shit will not connect to our wifi automatically, thus block your way of running docker containers on it with only macbook.

seriously? do you really need docker on macos? or just on raspberry pi?

change apt sources:

1
2
3
4
5

sudo sed -i 's|raspbian.raspberrypi.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|mirrordirector.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|archive.raspbian.org|mirrors.ustc.edu.cn/raspbian|g' /etc/apt/sources.list
sudo sed -i 's|archive.raspberrypi.org/debian|mirrors.ustc.edu.cn/archive.raspberrypi.org/debian|g' /etc/apt/sources.list.d/raspi.list

using nmcli to scan and connect wifi

1
2
3

sudo nmcli dev wifi rescan
sudo nmcli dev wifi connect <SSID> password <PASSWORD>

sharing network:

1
2

ssh -R 1080 pi@10.42.0.33

edit /etc/network/interfaces:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.42.0.33
netmask 255.255.255.0
gateway 10.42.0.1
allow-hotplug wlan0
auto wlan0
iface wlan0 inet dhcp
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
wpa-ssid "<SSID>"
wpa-psk "<PASSWORD>"

install packages:

1
2
3

sudo apt-get -o Acquire::http::proxy="socks5h://127.0.0.1:1080/"  -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false update --allow-releaseinfo-change
sudo apt-get -o Acquire::http::proxy="socks5h://127.0.0.1:1080/"  -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false upgrade -y

nmap python scripting

python3-nmap and doc

doc of nmapthon python scriptable nse

python-nmap