A Cybersecurity scripts that allows anyone to check-attack-fix (CAF) on the site to make sure nobody can hack and steal information that you might not want to steal.
Do not misuse this software for illegal activity, this is for production testing purposes or educational use!
To load up the script:
<script type="module">
import {Cryptography, Hacking, Detections} from './cyber.min.js';
//Script goes here
</script>OR You can use the CDN
<script type="module">
import {Cryptography, Hacking, Detections} from "https://cdn.jsdelivr.net/gh/XHiddenProjects/CyberWeb@1.0.9/cyber.min.js"
//Script goes here
</script>Here is the current list of cryptographies
KEY
- Name: Name of the cryptography
- Encryptable/Encodable: If the cryptography can be encrypted/encoded
- Decryptable/Decodable: If the cryptography can be decrypted/decoded
- Forcable: If the cryptography can be brute-forced
- Description: A small description of what cryptography can do.
| Name | Encryptable/Encodable | Decryptable/Decodable | Forcable | Description |
|---|---|---|---|---|
| CaesarCipher | ✔️ | ✔️ | ✔️ | Encodes/Decodes string in Caesar Cipher |
| VigenereCipher | ✔️ | ✔️ | ❌ | Encodes/Decodes string in Vigenere Cipher |
| OneTimePad | ✔️ | ✔️ | ❌ | Encryps/Decrypts string using One-Time pad |
| Base64 | ✔️ | ✔️ | ❌ | Encodes/Decodes string in base64 |
| Base32 | ✔️ | ✔️ | ❌ | Encodes/Decodes string in base32 |
| MD2 | ✔️ | ❌ | ❌ | Hashes the string in MD2 |
| MD4 | ✔️ | ❌ | ❌ | Hashes the string in MD4 |
| MD5 | ✔️ | ❌ | ❌ | Hashes the string in MD5 |
| SHA-1 | ✔️ | ❌ | ❌ | Hashes the string in SHA-1 |
| SHA-224 | ✔️ | ❌ | ❌ | Hashes the string in SHA-224 |
| SHA-256 | ✔️ | ❌ | ❌ | Hashes the string in SHA-256 |
| SHA-384 | ✔️ | ❌ | ❌ | Hashes the string in SHA-384 |
List of ciphers
Caesar Cipher is a common cipher that shifts letters based on key value
To encode the Caesar Cipher write this code:
Cryptography.CaesarCipher.encrypt('Test',7); //Returns ALZATo decode the Caesar Cipher write this code:
console.log(Cryptography.CaesarCipher.decrypt('ALZA',7)); //TESTOR
Leave the key out to brute force through
console.log(Cryptography.CaesarCipher.decrypt('QYYQVO'));
/*
{
"1": "PXXPUN",
"2": "OWWOTM",
"3": "NVVNSL",
"4": "MUUMRK",
"5": "LTTLQJ",
"6": "KSSKPI",
"7": "JRRJOH",
"8": "IQQING",
"9": "HPPHMF",
"10": "GOOGLE", // Correct brute force
"11": "FNNFKD",
"12": "EMMEJC",
"13": "DLLDIB",
"14": "CKKCHA",
"15": "BJJBGZ",
"16": "AIIAFY",
"17": "ZHHZEX",
"18": "YGGYDW",
"19": "XFFXCV",
"20": "WEEWBU",
"21": "VDDVAT",
"22": "UCCUZS",
"23": "TBBTYR",
"24": "SAASXQ",
"25": "RZZRWP",
"26": "QYYQVO",
"27": "PXXPUN",
"28": "OWWOTM",
"29": "NVVNSL",
"30": "MUUMRK",
"31": "LTTLQJ",
"32": "KSSKPI",
"33": "JRRJOH",
"34": "IQQING",
"35": "HPPHMF",
"36": "GOOGLE",
"37": "FNNFKD",
"38": "EMMEJC",
"39": "DLLDIB",
"40": "CKKCHA"
}
*/To configure what can be loaded in use this code:
console.log(Cryptography.CaesarCipher.settings({chars: `${Cryptography.options.UPPERCASE_LETTERS}${Cryptography.options.LOWERCASE_LETTERS}`}).encrypt('Test',7)); //alzA
console.log(Cryptography.CaesarCipher.settings({chars: `${Cryptography.options.UPPERCASE_LETTERS}${Cryptography.options.LOWERCASE_LETTERS}`}).decrypt('alzA',7)); //Test
console.log(Cryptography.CaesarCipher.settings({chars: `${Cryptography.options.UPPERCASE_LETTERS}${Cryptography.options.LOWERCASE_LETTERS}`}).decrypt('alzA'));
/*
{
"1": "Zkyz",
"2": "Yjxy",
"3": "Xiwx",
"4": "Whvw",
"5": "Vguv",
"6": "Uftu",
"7": "Test", //Correct Brute force
"8": "Sdrs",
"9": "Rcqr",
"10": "Qbpq",
"11": "Paop",
"12": "OZno",
"13": "NYmn",
"14": "MXlm",
"15": "LWkl",
"16": "KVjk",
"17": "JUij",
"18": "IThi",
"19": "HSgh",
"20": "GRfg",
"21": "FQef",
"22": "EPde",
"23": "DOcd",
"24": "CNbc",
"25": "BMab",
"26": "ALZa",
"27": "zKYZ",
"28": "yJXY",
"29": "xIWX",
"30": "wHVW",
"31": "vGUV",
"32": "uFTU",
"33": "tEST",
"34": "sDRS",
"35": "rCQR",
"36": "qBPQ",
"37": "pAOP",
"38": "ozNO",
"39": "nyMN",
"40": "mxLM",
"41": "lwKL",
"42": "kvJK",
"43": "juIJ",
"44": "itHI",
"45": "hsGH",
"46": "grFG",
"47": "fqEF",
"48": "epDE",
"49": "doCD",
"50": "cnBC",
"51": "bmAB",
"52": "alzA"
}
*/Vigenère Cipher, just like Caesar Cipher, uses string length as a key.
To encode the Vigenère Cipher write this code:
console.log(Cryptography.VigenereCipher.encrypt('Hello World','KickMeNowP')); //RMNVAABFHSTo decode the Vigenère Cipher write this code:
console.log(Cryptography.VigenereCipher.decrypt('RMNVAABFHS', 'KickMeNowP')); //HelloWorldRefer back to Ceasar Cipher (Configuration) One thing added is:
repeatMode - Automatically fixes the key to be added/removed characters based on string length.
console.log(Cryptography.VigenereCipher.settings({repeatMode:Cryptography.flags.KEY_MODE_REPEAT}).encrypt('AttackAtDawn', 'LEMON')); //LXFOPVEFRNHR
console.log(Cryptography.VigenereCipher.settings({repeatMode:Cryptography.flags.KEY_MODE_REPEAT}).decrypt('LXFOPVEFRNHR', 'LEMON')); //ATTACKATDAWNEncryption technique utilizing a one-time pre-shared key at least as long as the encrypted message
To encode the Vigenère Cipher write this code:
console.log(Cryptography.OneTimePad.settings({repeatMode:true}).encrypt('TEST', 'Lemon')); //EIEHTo decode the Vigenère Cipher write this code:
console.log(Cryptography.OneTimePad.settings({repeatMode:true}).decrypt('EIEH', 'Lemon')); //TESTRefer back to Vigenère Cipher (Configuration)
This is a list of encodings/decodings you can have.
Base64 is an encoded text by a group of binary-to-text using 64 symbols
Encode string using base64
console.log(Cryptography.Base64.encode('Test')); //VGVzdA==Decode Base64 string
console.log(Cryptography.Base64.decode('VGVzdA=='));Base32 is an encoded text by a group of binary-to-text using 64 symbols
Encode string using base32
console.log(Cryptography.Base32.encode('Test')); //KRSXG5A=Decode Base32 string
console.log(Cryptography.Base32.decode('KRSXG5A=')); //TestThis is a list of hash algorithms.
To hash MD2
console.log(Cryptography.hash.md2('A')); //08e2a3810d8426443ecacaf47aeedd17To hash MD4
console.log(Cryptography.hash.md4('A')); //d5ef20eeb3f75679f86cf57f93ed0ffeTo hash MD2
console.log(Cryptography.hash.md5('A')); //7fc56270e7a70fa81a5935b72eacbe29To hash SHA-1
console.log(Cryptography.hash.sha1('Cybersecurity')); //7b7a8d8e9435d1064967f8ba2a43eee1f7804f5eTo hash SHA-224
console.log(Cryptography.hash.sha224('Hello World!')); //4575bb4ec129df6380cedde6d71217fe0536f8ffc4e18bca530a7a1bTo hash SHA-256
console.log(Cryptography.hash.sha256('Test')); //532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25To hash SHA-384
console.log(Cryptography.hash.sha384('Google')); //2af172307e1317b9c04187cc7f664e5ea7907df8523c409bc2f226ab05f3ca031a966d86db52bc3a3600bd97bd8f2e50const algo = 'md2', str='String';
console.log(Cryptography.hash.hash(algo,str));These are some hacking tools that can be used
Google hacking, aka. Google Dorking, is an information-gathering technique used by an attacker leveraging advanced Google searching techniques. How to use:
- As an string
/**
* Opens a google hacking URL
* @param {String|{site: string|null, filetype: string|null, link: string|null, cache: string|null, intitle: string|null, inurl: string|null}} query Query search to hack
* @returns {void} Opens url in new tab
*/
Hacking.google(`${Hacking.flags.IN_TITLE('"Index Of"')} ${Hacking.flags.FILE_TYPE('sql')}`);- As an object
/**
* Opens a google hacking URL
* @param {String|{site: string|null, filetype: string|null, link: string|null, cache: string|null, intitle: string|null, inurl: string|null}} query Query search to hack
* @returns {void} Opens url in new tab
*/
Hacking.google({
intitle: '"index of"',
filetype: 'sql'
});ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network
/**
* Pings IP address
* @param {String} ip IP/URL Address
* @param {Function} callback Callback
* @param {Number} [count=4] How many times to call
*/
Hacking.ping('ip',(e)=>{
console.log(e);
},4);Data scraping used for extracting data from websites
/**
* URL to scrape
* @param {String} url URL to scrape
* @param {Function} callback Callback
* @param {"html"|"xml"|"tree"} [format='html'] Format of the output
* @returns {JSON}
*/
Hacking.scrape('url',(e)=>{
console.log(e);
},'tree');Cross-site scripting is a common hacking technique here is the same tests and security measures to prevent this
XSS-Persistent is using a Script code inside of inputs, this will render a script value for any input to test out
/**
* Renders a js code to all inputs to make sure that it cannot
* @param {String} JS code to inject
* @returns {void}
*/
Hacking.xss.persistent('alert("test")');Injects a script code into the URL to inject
/**
* Injects JavaScript code through URL
* @param {String} JSCode code to inject
* @returns {void}
*/
Hacking.xss.dom('alert("test");');Injects a script code from backend XMLHttpRequest
/**
* Injects code through HTTP requests
* @param {String} url URL to target
* @param {String} key Key to return injection
* @param {String} JSCode code to inject
*/
Hacking.xss.reflected(URL,key,JSCode);This code will automatically sanitize URLs and inputs so it doesn't hacked
/**
* Sanitizes string
* @returns {String} Sanitized URL and inputs
*/
Hacking.xss.sanitize();This code will insert a basic SQL injection code into the textarea or textbox.
/**
* Checks for SQL Injection
* @param {String} [sql=`' OR 1=1;#`] SQL code
*/
Hacking.sql(sql);These are some detections to see the users' browser and device information
Here are ways to detect users' device information
/**
* Checks for virtual machine
* @returns {Boolean} True if VM, False if not
*/
Detections.device.isVM();
/**
* Get OS
* @returns {String} OS
*/
Detections.device.os();
/**
* Returns the OS architecture
* @returns {String} architecture
*/
Detections.device.arch();
/**
* Returns the screen information
* @returns {{height: number, width: number, depth: number, orientation: ScreenOrientation, extended: boolean}} Screen information
*/
Detections.device.screen();Here are ways you can get users' browser information
/**
* Get Full browser
* @returns {String} Browser information
*/
Detections.browser.get();
/**
* Get Browser name
* @returns {String} Browser name
*/
Detections.browser.browser();
/**
* Get Browser Version
* @returns {String} Browsers version
*/
Detections.browser.version();
/**
* Returns the browsers media
* @returns {{display: string, hover: boolean, orientation: "landscape"|"portrait", pointer:"fine"|"coarse"|"none", colorScheme: "dark"|"light"|"none"}} Browsers media information
*/
Detections.browser.media();
/**
* Returns the available Web APIs
* @returns {String[]}
*/
Detections.browser.apis();These are some options that you can use for parameters. Note: This only works for .settings(...) methods for any acceptable cryptography.
| Constant | Value | Type | Path |
|---|---|---|---|
| UPPERCASE_LETTERS | 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' | String | Cryptography.flags.UPPERCASE_LETTERS |
| LOWERCASE_LETTERS | 'abcdefghijklmnopqrstuvwxyz' | String | Cryptography.flags.LOWERCASE_LETTERS |
| NUMBERS | '0123456789' | String | Cryptography.flags.NUMBERS |
| SPACE | ' ' | String | Cryptography.flags.SPACE |
| SPECIAL_CHARS | '!@#$%^&*()_+-=[]{}|;:'",.<>?/~' | String | Cryptography.flags.SPECIAL_CHARS |
| KEY_MODE_REPEAT | TRUE | Boolean | Cryptography.flags.KEY_MODE_REPEAT |
| PARSE_URL | Function | URL | Hacking.flags.PARSE_URL |
| SITE | Function | String | Hacking.flags.SITE |
| FILE_TYPE | Function | String | Hacking.flags.FILE_TYPE |
| LINK | Function | String | Hacking.flags.LINK |
| CACHE | Function | String | Hacking.flags.CACHE |
| IN_TITLE | Function | String | Hacking.flags.IN_TITLE |
| IN_URL | Function | String | Hacking.flags.IN_URL |