### Basic XSS Alert Script Example Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm Demonstrates a simple JavaScript payload used to test for Cross-Site Scripting (XSS) vulnerabilities. When executed in a vulnerable browser, it displays an alert box. ```javascript ``` -------------------------------- ### Install Nmap on Linux using Yum Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This command installs the Nmap network scanner on Linux systems that use the YUM package manager. Nmap is a crucial tool for network discovery and security auditing. ```bash $yum install nmap ``` -------------------------------- ### Identify OS and Open Ports with Nmap Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This command uses Nmap to detect the operating system of a website and list all open ports associated with its domain name or IP address. It's a fundamental step in understanding a target system's vulnerabilities. ```bash $nmap -O -v tutorialspoint.com ``` -------------------------------- ### SQLMAP Command for SQL Injection Detection Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This command uses SQLMAP to test a specific URL for SQL injection vulnerabilities. It specifies the user agent, cookies, target URL, testing level, risk, the parameter to test, and a suffix. The output indicates if the 'id' parameter is vulnerable. ```bash ./sqlmap.py --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u ' http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' - level=5 risk=3 -p id --suffix="-BR" -v3 ``` -------------------------------- ### Find IP Address using Ping Command Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This snippet demonstrates how to use the 'ping' command to find the IP address associated with a domain name. The 'ping' command is a common network utility available on both Windows and Linux operating systems. It sends ICMP echo requests to a target host and displays the IP address and response times. ```bash $ping tutorialspoint.com ``` -------------------------------- ### DNS Configuration for DDoS Protection Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This section details the DNS record configurations (A Record and CNAME Records) required to protect a server from DDoS attacks by routing traffic through a CDN. It emphasizes keeping the server IP and A record identifier secret. ```DNS Configuration A Record: ARECORDID CNAME Record: www -> cdn.someotherid.domain.com CNAME Record: @ -> cdn.someotherid.domain.com ``` -------------------------------- ### Scan a Specific Port with Nmap Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This Nmap command performs a TCP connect scan (-sT) to check if a specific port (e.g., 443) is open on a given domain. It helps in verifying the accessibility of services running on a target. ```bash $nmap -sT -p 443 tutorialspoint.com ``` -------------------------------- ### XSS Vulnerability Scanner Payload Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm A common JavaScript snippet used by vulnerability scanners to detect Cross-Site Scripting (XSS) flaws. This script triggers an alert box, indicating a successful injection. ```javascript ``` -------------------------------- ### Block ICMP Echo Requests with iptables Source: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_quick_guide.htm This iptables command creates a firewall rule to block outgoing ICMP echo requests, effectively disabling ping sweeps originating from the system. This is a defensive measure to prevent network reconnaissance. ```bash $iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.