 Hello, everyone. I am Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. So this is day 11 of Cyber Security Boot Camp, and I have Sumit with me. So welcome Sumit on the platform. And Sumit will be sharing some more insight related to cyber security in today's session. So I hand over my to Sumit. So Sumit, please start the session. Again, on the Cyber Security Boot Camp day 11, but today I'm going to discuss about how to install some scripts in your Kali Linux operating system, which we have learned in yesterday's session how to operate Kali Linux, some of the basic command we see. So I hope you, everyone, read some of the commands and practice. So today, we are installing some more scripts related to our security, how to when we are going to penetrate a target, when we are when we are going to testing a target, we need some of the scripts, some of the tools, so how to install these scripts and tools. So before starting this, let me introduce myself. So you already know my name. My name is Sumit Jain, and I'm an ethical hacker and cyber security expert. I'm working as a Cinec Red Team and Pentabug Red Team. Apart from that, I'm a security specialist at GTO Networks. I have 10-plus years experience in cyber security. Previously, I'm working as a guest instructor in Central Detective Training School. Right now, I'm helping students, freshers and professionals to build their career in cyber security. And I'm guiding to how to make career in this cyber security stream. So you can follow me on my YouTube channel. The channel name is Cyber Security Zone, where I'm regularly creating and posting content related to cyber security and various areas of cyber security. You can follow the Sanjay Gupta Tech School as well for where I'm conducting this cyber security bootcamp. And you can connect me on these below platforms. I'm available on LinkedIn, Twitter and Telegram group as well. The important links or all these handles links will be available in video description. So go check that out. So today we are going to install some of the scripts according to our session tracker. Our session tracker, we have a recon in day 11. We have recon using scripts, subdomain collections, link collection and filtration. So to do this, we need some of the tools related to cyber security. So first tools we have is subfinder. I already told you how to find subfinder in your Linux stream. So here is the link to download the script. You need to click on that. Remember that scripts we have we are going to use is available on GitHub, all the security related tools available on GitHub. So you need to install this. So subfinder is a subdomain discovery tool created by Project Discovery. And this is the tool. This is the script. It is written in Go. So you need to install Go as well. I already told you in yesterday's session how to install Go language in your Linux operating system. So you need to first install this subfinder and to do do this, you need to use this command. This is the installation command. So go install. This is the installation command. Go install hyphen v and then the find path name, which you are going to see with up.com slash project discovery slash subfinder v to CMD subfinder and latest. Copy this command and pasted pasted into your Linux terminal. So this tool will be installed. So this is our Linux terminal. And if you want to install this, so let's move into another directory because I already installed and pasted here the command subfinder. It up open the link again and open the installation command pasted here and then click on your tool will be installed in short while this script is installing. Let's check out that how we will use this script. So this is script basically find some subdomains related to your target. So how to use this tool. You can check the manual. Here is the manual of this tool. So we have hyphen D flag D4 is for domain and the domain name to find subdomains for hyphen DL file containing list of domains for subdomain discovery. If you have a multiple domains, you want to collect subdomains. So you will use hyphen DL flag. And these are some more commands related to a subfinder. We can use hyphen for output. We can use hyphen config for our configuration files. We can use hyphen up for update subfinder to latest version. We can use hyphen RL for rate limit. Rate limit basically is maximum number of STTP request to send per second so that your web application firewall will not block you in first place. So let's use these commands. So my subfinder will be installed. Let's check out this. This is installed or not. So subfinder is installed. You can specify that the flag. You can write subfinder specify that the flag is hyphen D. We are giving hyphen D is for our domain. So I'm giving giving here Tesla dot com. And then click on enter. When you click when you enter this script will find all the domains and display the result here. So subfinder is running. And in short in short process, you can see all the domains related to Tesla dot com. This will take some time to find subdomains. So you need to wait. Here is the all the subdomains. Subfinder will find. So you can see Tesla, ACD, PNA, EHS, Tesla dot com, studio dot sandbox, courses dot com, ww tesla dot com, referral dot tesla dot com. So all the subdomains we have for Tesla is displayed here. So total 620 subdomains for tesla dot com is find it via this script. Why we use these script because when we manually collect the subdomains, some subdomains will be missed. So we use different, different scripts to collect all the subdomains. If you want to store the result in a file, you can use hyphen O flag and give a file name like tesla dot txt. All the results will be stored in this file. Let's run the command again. And see if our collected data will be stored or not. So let's open the file of tesla dot txt and you can see all the all the data will be stored. So with the help of hyphen O command, you can easily store your collected data now. Let's use some more flag. So basically we have a hyphen DL flag, which is used for if we have multiple domains in our list. So let's create a list and give some data in it. I'm giving testing dot txt and giving some data. Let's give tesla dot com and facebook dot com and let's give one more target like twitter dot com. Save this file and you can see if we open this file, we have three domains written in it. So if you want to find all the subdomains of all these three domains, you need to use subfinder hyphen DL. As you can see, we have hyphen DL for list, file containing list of subdomains for subdomain discovery. So we need to specify hyphen DL and then our file name. Our file name is this and let's store all the result with the help of hyphen O and give here some new name of our text file. This script will running and this script will collect all the subdomains of all your three targets and store the result in this file. So basically subfinder is used for subdomain discovery for collecting all the subdomains for our subdomains. Let's see all 620 domains of tesla is completed. Now it's animating subdomains for facebook dot com. After this process is complete, it will animate the target twitter dot com and store all the results in our giving output file. We need to use various scripts for checking our results because some of the discovery tools will collect these subdomains from different services. So we need to use more subdomain discovery tool to reconfirm our result. To do that, we have another tool in our pocket. The tool name is asset finder. You can also find the downloading link in your github type in the Google asset finder github. You need to find you have a file which is placed in github and then find the installation command. This is the installation command for asset finder go get hyphen you github dot com slash tom nom nom and asset finder. Let's see if our result is completed. So see 11,000 subdomains are collected for the domain of facebook dot com and right now it is animating for twitter dot com. While this process is running, let's install our another tool which is sub finder. So I am giving the command go install hyphen v and then asset finder click enter. This is our complete command. So your asset finder will be installed and you can see our sub finder result is also completed. So let's clear the terminal open the file with the help of cat testing test new and you see we have all the subdomains for twitter dot com. We have all the subdomains for facebook dot com. We have all the subdomains for tesla dot com. So sub finder process is complete. Now let's give this target over this file into another subdomain discovery tool which is asset finder. To find the subdomain using asset finder you need to run asset finder then give hyphen hyphen subs only. This is the flag which will find only subdomains related to your target and give the target name. If you want to store the result you can specify hyphen oak and then a file name in which you want to store all the results. I am not storing the result because I already have tesla dot com files so let's enter and when you enter you can see all the results will be displayed. These are all the subdomains of tesla dot com. Now if you want to find subdomains for a list of file you need to use the file is tesla this is our file use asset finder and then hyphen hyphen subs hyphen only. Now you will have all the subdomains related to your file which is facebook dot com tesla dot com and twitter dot com. So asset finder is also very useful when you are going to collect some of the subdomains for a given target. We have another tool which is going to collect subdomains the tool name is amass you can also find the amass package in github click on the link and you can find the installation command scroll a bit and here is the installation. So you can install with these different different commands and this is the command you need to copy and run in your terminal. So this amass tool will install in your Linux then you can give a subdomain or a domain name or a file to collect all the domains or subdomains. So let's install this as well and run amass. So I'm using another terminal and amass is already installed so let's check the command for running process. So you can type amass and then anam hyphen hyphen passive specify hyphen b flag d is for domain and then give your domain name. It enter and you will have all the subdomains of tesla dot com. So I'm using three different tools for collecting the same subdomains related to tesla and then we will sort all the domains with the help of a tool which will remove duplicate subdomains and sort all the three files into one. So we have a final file for our output or asset find the result is completed. You can see we have different different subdomains for Twitter and Facebook and tesla. Our amass is also running and it will give the result. The result is displayed so you can see all those different subdomains of tesla dot com. Now if you want to collect all the data and want to sort it out, we have a tool called a new a new will do all the duplicates and store the result in a single file so you can filter out all the results with the help of a new. It is also written in go you need to install it. The installation process is even here. So this is the command to install this is script you need to paste this in your terminal and then a new will be installed and how to run a new. So let's go back to our terminal and see how to run a new. First I need to put a target. I need to run a file. Subfinder hyphen D these for domain and then tesla.com and then use pipe and use a new using pipe. We can run two different tools at the same time. If you want to run two different tools in the same time you can use a function called pipe in Linux distribution. So right now what this will do subfinder will collect all the subdomains of tesla.com and then a new will filter that out and store the result into a new file. So let's give a final file name which is tesla final and then txt. This will enumerate the tesla and will store all the result in tesla final. Now let's collect the subdomains for tesla using asset finder. So this is our asset finder command and use a new and store the result in the same file. So our file is tesla final. Now a new will only store new domains which will be collected by asset finder. The previously stored subdomains will filter out and it will not store the already collected domains, already saved domains. Run asset finder. The result which will be discovered by asset finder will be stored in a new. Now run amass also in this domain. For using amass the command is amass hyphen hyphen passive hyphen d give the domain name and also store the result into tesla final. So we have a common file which is tesla final and it will have all the results which will be collected by subfinder, asset finder and amass. All these three different tools running and discovering our subdomains and store the result in a single file. So we have a final file which is tesla final.txt and in this file we have all the different subdomains which will be collected using all these three tools. We have some more tools related to subdomain discovery. The tool name is you can use these tools as well. So you can use knockpy is also a tool which is written in python and this tool will also help you to collect subdomain. So you need to install it. So the installation command is here. You can copy this and then use git clone to copy the file because it is written in python. So you need to clone it, you need to clone the git file into your terminal. So let's see how this will done. This is our directory where I am installing all the tools. So you need to git space clone and then give the path of the code which is this is the path of our code. So if you are going to install a python based tool, you need to clone it for cloning the file. You need to use git clone and then give the file name. The file name you can find here, click on this and you can find the cloning link here. So copy this and use within this git clone and your file, your git file will be cloned into your directory. So let's check out if our knock is present or not. So you can see our knock directory is created in this directory. We have the code for knockpy. How to use this? Let's go to this directory and then you can use python 3, knockpy.py and then give the domain name you want to find subdomains for. So knockpy will also find the subdomains of tesla.com. So we have multiple tools to do the task to find the subdomain discovery. You can use all these different tools or you can use one tool. But if you want some filter results or some more results of your domain, you can use all these tools related to subdomain discovery. We also have some more tools we can use. So I'm going to show you how those tools are but I'm not going to install it. You can install of your own. So we have a tool called find domain. This tool will also help you to collect the subdomains find domain. This is also used to collect the subdomains so you can use this as well. We have one more tool called sublister. This tool will also use we use for collecting the subdomains so you can use this tool as well. This is written in Python so you need to clone it with the help of this command and using git clone. Here is the installation command you can see git clone and the file path name. And then how to use it you can find the installation and the user uses hyphen d is for domain. You can specify with the help of hyphen d and specify your domain name and then run sublister. Sublister will be collecting all the subdomains and display the result. So we have six different tools for collecting the subdomains so I'm going to write once again. So if you are going to do our subdomain discovery we have a tool called subfinder. We have asset finder. We have a mass. We have sublister. We have not fire. We have find only these six scripts are used to find subdomains and with the help of these six scripts you can collect the various domain or various subdomains related to your target. And with the help of a new you can filter all these results and store them into a single file. Now if you want to collect the links or URL of a domain like these this is our domain. And if you want to collect the URLs of this domain like these are all the URLs like we have about we have contact. So if you want to collect all these links with the help of some of scripts so we have some link. Collecting scripts as well and the name of these scripts are first script we have is Katana. Then we use go and then we use way back URLs so you need to install it first. You can find the installation process in your GitHub. So let's check that out. So first install Katana you can type in your Google Katana GitHub. This will take you to the GitHub page of Katana. Katana is also developed by Project Discovery and it is Go based tools. It is written in Go so you can use the installation command here. The command is given here. You can paste this command into your terminal and then use Katana to grab all the links related to your target. So let's see how Katana will work how Katana will collect all the link related to your target. So for using Katana you can type Katana and then specify hyphen you why we use hyphen you because hyphen you is used for giving the URL. You need to give a domain name full domain name. I'm giving here Tesla dot com and then hit enter Katana will run. And then you're all the links of related to Tesla will be displayed. So you can see this is a link and it will be discovered by Katana. We have different different links. You can scroll down and you can see we have Katana. Sorry we have STTPS Tesla dot com slash ENAU. We have one more link solar roof. We have solar panels. We have energy slash design. We have model X design. Now if you want to find these links in depth Katana also have a flag to find all these links in depth. So for depth we use D and give the depth. I'm going to give you a five. So Katana will find more Katana will find more URLs. So you can see Katana is running and it will find more URLs related to your target. And if you want to store the result you can use hyphen O flag or is output always always used for output. So you can use iPhone O and give the file name you want to store the your result and you can use a new as well. Use a new and then give a file name you want to store your result and your result will be stored in this file name you are giving. So you can see Katana is running and it will find all the links related to your target. Then we can filter out and when we can read if some links are important or not we have we need to discover if some link is leaking some sensitive data or not. For example here we have a conflict file so you can use and open this file if see this have some valuable information or not. So let's copy this file and use this in your browser so you can see a configuration file will be displayed. So with the help of Katana we can find all the links related to your target and to do that process we have one more tool. The tool name is Wayback URL. This tool this script will also help you to find links and you can install with GitHub. Use Google to find the GitHub page type Wayback URLs GitHub click on the GitHub link and here you can find the installation command. So this is the installation command using this command install this script and then we can use we can use Wayback URL to find or to grab all the links. So let's use this way back URL as well. So I'm stopping this process forcefully and using the Wayback URL and I'm giving some of the domains like I want to find I want to find links for this domain. So I'm calling the domain and then give way back URLs and then hit enter your links will be displayed shortly. This will take some time to proceed so you need to wait some time and then all the result will be displayed. While this is running we can see one another tool the tool name is cow and it will also help you to collect us URLs or links. So you can find the GitHub page of go go is doubled by I see this is also a go base tool. So you need to install it. You can find the installation command here copy this command paste it in your terminal and then install this go script and how to use this go. You can find all the flags of how to use go go. Go go is also very helpful to collect all the links because it will find the links in way back machine and URL scan and from alien world. So go is get all URLs and go fetches known URLs from alien worlds open threat exchange the way back machine common cross and URL scan for any given domain. So we can give a domain name and then run go. So go will collect all the links from these all different different locations and will display all the result into your terminal. So let's see our way back URL is our way back URL result is finished and you can see way back URL can find some more links related to your target. Now use go for this the same URL you can use go. It enter and that and how we display all the result. So we have three these three script to get all the URLs to collect all the links all the links. So we have three more script to collect all the links and you can use a new to filter links or sub domains. You can filter anything with the help of a new. Let's go back to our terminal if see if going to see if we are our process is completed or not. So go is still running and connecting all the links. So go is basically much faster and much better tool. So you can go you can use go or collecting all the all the links related to your domain. We can find we can run go on different domains as well. For example if you have a file which have all the different different domains but you need to find all the links in a single file. So you can put the file as that's this is our file. This is our file we have three different domains and if you want to find if you want to collect all the URLs of these three different domains you can call the our file and then can use go. So go will first run on Tesla and then run on Facebook and then run on Twitter and will display all the result of the collected result in your display. You can use a new to store the result or you can use hyphen to collect or to store the result in a file. So we can run these different scripts to collect all the sub domains or to collect all the links. Then we can filter them and get what we want with the help of grab. So if you want to grab the link only for conflict you need to use grab command on this stored file and then use grab and then give some keyword. You want to filter like config files and admin files some of the database files as well as advice. So these links are important. Using these links we can find some sensitive data. We can find some configuration data. We can find some open panels. We can find some customer data. We can find some configuration files. We can find database files. We can find some API tokens. We can find access tokens. So these links are important. You need to collect all the links. As you can see, go is still running. So go can collect. More links. Compared to Katana and way back you are. You can find the. Using manual in the GitHub page. So these have some more commands like Katana is also have these flags are used for different different purposes. Like if you want to debt. If you want to if you want to crawl that process you can use hyphen D. If you want to crawl JS files you can use hyphen JC. If you want to get to crawl duration you can use hyphen CT. Hyphen KF is useful. Enable crawling of known files. So you can check the manuals of all these tools. These tools have different different commands. These tools have different different flags. And using these tools you can find some of the interesting results. So if you have any question you can comment down. If you have some problem in your installing these scripts you can comment down or you can ask me in the telegram. So I will wrap up this session here. Tomorrow on Monday we will learn. We will installing some more tools and find some vulnerabilities with the help of these tools. Okay. So I think we are done with today's session. So guys will connect Monday next week and summit will be explaining few more topics to you. So till the time whatever he explained and demonstrated this week. So you can practice in the remaining week and I hope you are getting lots of information. And if you want to watch like specific videos related to particular topic. So you can just follow his YouTube channel the cyber security zone and there you will find lots of stuff to study. Okay. Okay. With this note we take your leave. Thank you for sharing your knowledge and giving your time to the folks. Thank you everyone. Thank you. See you on Monday.