Internal networks

As with other blockchain networks, TON has Mainnet and Testnet. They are isolated from each other to prevent users from accidentally sending real coins to a test address or vice versa.

• Mainnet - the main network with real coins.
• Wallet addresses start with UQ or EQ
• Testnet - the test network. Coins here have no value.
• Wallet addresses start with 0Q or kQ

Address formats

Each TON wallet address has 3 writing variations:

• Non-Bounceable (without Bounce flag)
• Address starts with UQ
• Non-returnable, suitable for transfers between wallets, as well as for working with modern dApps and advanced smart contracts (e.g., Wallet v5)
• Bounceable
• Address starts with EQ
• Historically standard format
• Returns the transaction back if the target address does not exist
• Raw format
• Raw technical format in hexadecimal representation
• Structure: workchain:hash

The Non-Bounceable and Bounceable formats are called Friendly formats because they are designed for user convenience. In reality, they are still the same technical format, simply encoded in Base64 with additional definitions.

Внутренние сети

Как и в других блокчейн-сетях, в TON есть Mainnet и Testnet. Они изолированы друг от друга, чтобы пользователи случайно не отправили реальные монеты на тестовый адрес или наоборот.

• Mainnet - основная сеть с реальными монетами.
• адреса кошельков начинаются с UQ или EQ
• Testnet - тестовая сеть. Монеты здесь не имеют ценности.
• адреса кошельков начинаются с 0Q или kQ

Форматы адресов

Каждый адрес кошелька TON имеет 3 варианта написания:

• Non-Bounceable (без Bounce-флага)
• адрес начинается с UQ
• невозвратный, подходит для переводов между кошельками, а также для работы с современными dApps и улучшенными смарт-контрактами (например Wallet v5)

• Bounceable
• адрес начинается с EQ
• исторически стандартный формат
• возвращает транзакцию обратно, если целевой адрес не существует
• Raw формат
• Сырой технический формат в шестнадцатеричном представлении
• Структура: workchain:hash

Форматы Non-Bounceable и Bounceable называют Friendly форматами, поскольку они созданы для удобства пользователя. На деле это всё тот же технический формат, просто закодированный в Base64 с дополнительными определениями.

Core Terms and Rewards

1. Types of Rewards:

• USDT
• OLR (internal balance)

2. Earnings:

• You earn 33% of the spending of users you referred, which is credited to your Affiliate Program balance. Once the minimum withdrawal amount of $10 is reached, you can withdraw it to your internal balance or in USDT.
• Withdrawals to the internal balance are processed instantly.
• Withdrawals in USDT are processed using the third-party service @xrocket (with no fees). The withdrawal request will be processed within 7 days after submission.
• The reward is credited for the entire period of each referral's activity. The program's duration for each referral is three calendar years, after which rewards for that referral will no longer be credited.

3. Activation of the referral system:

• The system activates once you have attracted 10 users, each of whom has topped up their balance with $1 or more.
• Users also have the option of instant activation of the Affiliate Program for a fee.

4. Statistics and Motivation:

• The “Affiliate Program” section includes a calculation of potential earnings based on the average activity of 100 referred users.

5. Bot Settings and Management:

• The ability to create referral bots with individual settings, including control over scanning regions, tool management, support bot configuration, and more.
• Each bot owner can choose between public or private usage of their bot. In private mode, other users can access the bot only via invitations created in the bot's settings.
• The owner of a referral bot bears full and sole responsibility for the distribution and usage of their bot.

6. Additional Features:

• Users can link their channels to promote their bot.
• Users can upload their own logo, which will be used in HTML reports generated by the referral bot.
• The Affiliate Program supports scalability and multi-bot functionality, with aggregated statistics across all referrals.

7. Personal Link:

• Users can purchase a personal link in the "Affiliate Program" section.
• The personal link is provided on a special domain and guarantees access to an up-to-date working mirror of the bot. It is convenient for placement on personal resources to attract referrals.
• If the user has referral bots, they are automatically linked to the personal link. When accessed via this link, the system will provide one of the linked referral bots of the user who created the link.
• If the user does not have referral bots, the system will provide one of the official bots of the Project and will automatically add the referral code of the user who created the link.
• Thus, regardless of whether the link owner has a referral bot, the personal link always functions as a referral link.
• If the user has uploaded their logo in the settings of the referral bot, the system will display this logo when accessing the personal link.

Additional Terms

• The Project reserves the right to amend Affiliate Program terms without prior notice to participants.
• Responsibility for complying with the law and the bot's terms of use lies with the user.

Основные условия и вознаграждения

1. Типы вознаграждений:

• USDT
• OLR (внутренний баланс)

2. Вознаграждение:

• Вы зарабатываете 33% от трат привлечённых вами пользователей, которые зачисляются на баланс Партнёрской программы. По достижению минимальной суммы вывода $10, вы можете совершить вывод на внутренний баланс или в USDT.
• Вывод средств на внутренний баланс происходит моментально.
• Вывод средств в USDT происходит с использованием стороннего сервиса @xrocket (без комиссий). Заявка на вывод будет обработана в течение 7 дней после создания.
• Вознаграждение начисляется за весь период активности каждого реферала. Срок действия программы для каждого реферала составляет три календарных года, по истечении которых начисления за реферала перестанут поступать.

3. Активация реферальной системы:

• Система активируется при достижении 10 привлечённых пользователей, каждый из которых пополнил баланс на $1 и более.
• Пользователи также имеют возможность мгновенной активации Партнёрской программы на платной основе.

4. Статистика и мотивация:

• В разделе "Партнёрская программа" доступен расчёт потенциальной выгоды на основе среднего дохода от 100 привлечённых пользователей.

5. Настройки и управление ботом:

• Возможность создания реферальных ботов с индивидуальными настройками, включающими контроль регионов сканирования, управление инструментами, настройку бота технической поддержки и другими.
• Каждый владелец бота может выбрать между открытым или приватным использованием своего бота. В приватном режиме другие пользователи могут получить доступ боту только по приглашениям, которые создаются в настройках бота.
• Владелец реферального бота несёт единоличную и всю ответственность за распространение и использование своего бота.

6. Дополнительные возможности:

• Пользователи могут привязывать свой канал для продвижения бота.
• Пользователи могут загружать свой логотип, который будет использоваться в html отчётах, получаемых в реферальном боте.
• Партнёрская программа поддерживает масштабируемость и многоботность с общей статистикой приглашений.

7. Персональная ссылка:

• Пользователи могут приобрести персональную ссылку в разделе "Партнёрская программа".
• Персональная ссылка предоставляется на специальном домене и дает возможность гарантировано получать актуальное рабочее зеркало бота. Ссылку удобно использовать для размещения на своих ресурсах с целью привлечения рефералов.
• При наличии реферальных ботов у пользователя, они автоматически привязываются к персональной ссылке, то есть при переходе по такой ссылке, система выдаст один из привязанных реферальных ботов пользователя, создавшего ссылку.
• При отсутствии реферальных ботов у владельца ссылки, система выдаст один из официальных ботов Проекта, а также автоматически добавит к ссылке реферальный код пользователя, создавшего ссылку.
• Таким образом, вне зависимости от наличия или отсутствия реферального бота у владельца ссылки, персональная ссылка всегда работает, как реферальная.
• Если пользователь загрузил свой логотип в настройках реферального бота, то при переходе по персональной ссылке, система будет отображать этот логотип.

Прочие Условия

• Проект оставляет за собой право изменять условия Партнёрской программы без уведомления участников.
• Ответственность за соблюдение закона и правил использования бота возлагается на пользователя.

Answer: #OLR tokens are the internal currency used for paying for your requests within the bot. You can top up your account in the "Profile => Account Top-up" section. The current exchange rate is available there as well.

Answer: Yes, you can. However, there are certain limitations as described on the "Plans and Limits" page.

Answer: The daily limit is a restriction on the number of requests per day for users without a plan.

Answer: Our system does not provide for withdrawals, except for withdrawals from the affiliate program balance.

Answer: You can cancel the purchase or renewal of the plan through technical support, but only on the same day as the operation and provided that you have not made any requests in the free tools after this operation.

Answer: The use of tools related to such search features is available to users from the same country, in accordance with Project's internal policy.

Answer: Not all leaks contain passwords, so sometimes you might get results indicating a leak but without a password. This is beyond our control.

Answer: When accessing any tool through the category menu or quick access, you will see a page describing the tool, the cost of the request, and a "Start" button.

Answer: Contact the support team.

Answer: For tools like "Site Search," "Website Vulnerability Scanning," and some others, longer task execution times are normal. You will receive the results upon completion.

Answer: You can disable the plan's auto-renewal using the command /plan_renew

Answer: If an error occurs during a request, the bot will display an error message and no OLR will be deducted. If an error occurs after some time in a running task, the task is canceled and OLR is automatically refunded. You can view the statistics in the Profile => Operation history.

Answer: Auto-launch of tools is enabled in your account. Therefore, after entering a phone number, the "Phone Number Search" tool is automatically activated, deducting OLR from your balance. You can disable auto-launch of tools in the "Profile" section.

The list will be updated as questions come in.

Ответ: Токены #OLR - внутренняя валюта, с помощью которой вы оплачиваете запросы. Пополнить счет вы можете в разделе Профиль => Пополнение счета. Там же вы найдете актуальный курс.

Ответ: Да, можно. Но с определенными ограничениями, описанными на странице "Тарифы и лимиты".

Ответ: Суточный лимит - это ограничение по количеству запросов в день для пользователей без тарифного плана.

Ответ: В нашей системе не предусмотрен вывод средств, за исключением вывода с баланса партнёрской программы.

Ответ: Покупку или продление тарифа можно отменить через техническую поддержку, но только в день совершения этой операции и при условии, что после этой операции вы не сделали ни единого запроса в бесплатных инструментах.

Ответ: Использование инструментов, связанных с подобным поиском информации, доступно пользователям с одной и той же страны, согласно внутренней политике Проекта.

Ответ: Не во всех утечках есть пароли, поэтому иногда вы можете получить результаты с указанием утечки, но без пароля. Это зависит не от нас.

Ответ: При переходе в какой-либо инструмент через меню категорий или быстрый доступ, вы увидите страницу с описанием инструмента, стоимостью запроса и кнопкой "Начать".

Ответ: Обратитесь в службу поддержки.

Ответ: Для инструментов "Поиск на сайте", "Сканирование сайта на уязвимости" и некоторых других, длительное выполнение задачи является нормой. По завершению задачи вы получите результат.

Ответ: Вы можете отключить автоматическое продление тарифа с помощью команды /plan_renew

Ответ: Если во время запроса возникает ошибка, бот выдает сообщение об этом и списание OLR не производится. Если же ошибка возникла через какое-то время в уже запущенной задаче, то задача отменяется и автоматически производится возврат OLR. Статистику вы можете увидеть в разделе Профиль => История операций.

Ответ: У вас включен автозапуск инструментов, поэтому после ввода номера телефона автоматически запускается инструмент "Поиск по номеру телефона", который списывает OLR с вашего баланса. Вы можете отключить автозапуск инструментов в разделе "Профиль".

Список будет обновляться по мере поступления вопросов.

• The internal currency used for transactions within theProject bot is the OLR token. You can always find the current exchange rate in the "Profile => Account Replenishment" section when choosing any payment method;
• To use the bot, you need to fund your account as queries in the tools are paid with OLR tokens;
• The cost of a query for each tool is individual and is specified in the tool's description;
• Most of the bot's tools can be used without a tariff plan, however, in this case, certain limitations apply (see below);
• Some tools are not available for use without an active tariff plan.

Limits:

• Users without an active tariff plan cannot use the following tools: Host Vulnerability Scanning, Website Vulnerability Scanning, Site Document Search, Link De-anonymization, Anonymous Email, Retrieve TG User Phone Number, and TG User Status Tracking.
• For users without an active tariff plan, many available tools have a daily limit set. You can find the current value in the description of such tools, for example: Daily Limit: 4. This means that you have 4 available requests remaining for this tool today. If there is no daily limit specified in the description of a particular tool, it means there is no limit for that tool.
• Users with an active subscription plan can access the tools included in their selected package without spending OLR. The complete list of available tools for each plan can be found in the "Plans" section of the bot.
• For certain tools, individual limits are set depending on the tariff plan:
• Website Search:
• Without a plan: parsing depth of 1000 pages;
• With a plan: parsing depth of 5000 pages;

• Search by CVE and country, Search by port and country, Search by country, RDP and camera scanner:
• Without a plan: access to 100 records from the database;
• With a plan: access to 1000 records from the database;

• Password by email, Email by username, Email by password, Email by password hash, Email by domain, Password by username, Password by phone number, Username by password, Phone number by password:
• Without a plan: up to 100 results available;
• With a plan: up to 1000 results available;

Plans:

You can find the cost of our plans in the /menu under "Plans".

Our tariff plans are designed to meet various needs and specializations in the field of information security:

• 1️⃣ «Freelancer» plan - The perfect choice for beginners and those looking to get acquainted with the basics of working in information security. It includes a basic set of tools for network resource analysis and monitoring.
• 2️⃣ «Leak Explorer» plan - Tailored for specialists engaged in data leak research and cyber intelligence. It includes tools for analyzing and tracking potential leaks.
• 3️⃣ «Pentest» plan - Ideally suited for professionals in pentesting and information security. Contains tools for in-depth analysis and penetration testing.
• 4️⃣ «Parser» plan - Designed for professionals dealing with large volumes of data, including SMM specialists and analysts. It contains tools for efficient parsing and metadata analysis
• 5️⃣ «Social Engineering» plan - Perfectly suited for specialists in social engineering and cyber intelligence. It includes tools for analyzing social behavior, deanonymization, and information gathering on social networks.
• 6️⃣ «Leak Engineering» plan - Combines the capabilities of the «Social Engineering» and «Leak Explorer» plans, providing a comprehensive toolkit for specialists in social engineering and data leak analysis. Ideal for professionals requiring advanced features in both areas.
• 7️⃣ «Deluxe» plan - Full access to all features and tools of the Project. Recommended for experts needing a comprehensive approach and maximum flexibility in resource utilization.

In this material, we will examine the process of Wi-Fi network security analysis, with a focus on the use of tools such as Wifite2 and Project bot, aiming to enhance users' awareness. We will provide a real example and conduct its analysis.

🛡️ Disclaimer: This material is provided solely for informational purposes and represents a fictional example developed by an independent editor. The information is not intended for use in privacy violations, illegal activities, or any other unethical actions. We strongly recommend respecting the privacy of others and using the skills and tools responsibly and in accordance with the laws of your country.

WPS Protocol Check:

Before conducting a password security analysis, it's worth checking the possibility of connecting to a Wi-Fi network using the WPS protocol. Within this bot, we can perform a request based on the MAC address and attempt to obtain the PIN code (similar examples were presented in the previous publication).

When we encounter a situation where we can't obtain the necessary data, we move on to the next method...

Wordlist Generation:

Creating a wordlist starts with defining the goal. Let's assume we have an access point and we need to guess its password. Now the question arises – how can we do this most effectively and conveniently? Tools like Wifite2 and the Project bot can help us with this.

For efficient password guessing, it's essential to use an up-to-date wordlist that is tailored to the specific goal. This means that passwords should be generated based on available information about the target, considering known security factors.

For instance, many people use their phone numbers, birthdates, names, and other personal information as passwords for their home access points. Often, such information can be sourced from publicly available data. When we have such target-specific data, we can use it to generate passwords.

The generated file

After launching Kali Linux, enter the following command to use the generated wordlist:

Help:

./Wifite.py --help 

This command will allow you to get help on using the Wifite.py tool, providing you with the necessary information about available options and functionality.

Command (the file was renamed beforehand):

./Wifite.py --kill --dict pass.txt

Next, from the list, select the desired WiFi network and stop the scanning by pressing the CTRL + C key combination:

After the setup is complete, the network security audit will be automatically initiated. In case of successful password detection, the program will provide a corresponding notification in the terminal.

Vulnerable Router Search:

As an additional feature of the bot, we can mention the ability to search for vulnerable devices, including routers. This feature allows detecting devices that may be susceptible to certain vulnerabilities, providing information for further analysis and taking appropriate security measures.

Google Dorks can help identify relevant queries for routers.

Similarly, you can search for vulnerable servers, cameras, and so on using this information. However, we do not advise using this information for malicious purposes.

This is where the Project bot comes to your aid, which has an extensive range of functionalities in the field of information security testing.

It offers features like scanning websites for vulnerabilities, searching and collecting information, and much more. However, we will focus on data collection in this context.

How to Start:

You can launch the bot using this link or simply go to Telegram and search for the bot:

Launch the bot and complete the authentication process. After that, you will see a list of categories available:

Let's choose "Information Gathering and Metadata" and then "Website Search":

For example, I will provide a link to my website and see what data the bot will gather:

In the end, we have 3 files. We skip the first 2 since there are no emails or phone numbers on my website, but social media links are available.

Parsing. Link Extractor:

Similarly, we can use the link extractor. As we know, Wikipedia pages usually contain a lot of different links, and manually collecting them would be difficult. Let's send the link to the bot, and it will do it all for us.

We open the file and see the result:

Conclusion:

There are numerous ways to use this bot. Its main advantage is the ability to quickly check your resource for security without spending excessive amounts on specialists.

Here are a few more materials on using the bot:

◾ Deanonymizing a pedophile via link

◾ Website security audit

Enjoy reading and goodbye to all!

🛡️ Disclaimer: This material is provided solely for informational purposes and represents a fictional example developed by an independent editor. The information is not intended for use in privacy violations, illegal activities, or any other unethical actions. We strongly recommend respecting the privacy of others and using the skills and tools responsibly and in accordance with the laws of your country.

Unfortunately, even some web developers ignore basic security principles. Today, we will examine in detail one such case.

For the example, we have chosen an English-language website built on the WordPress platform. We utilized the tools of the Project bot, specifically the "Vulnerability and Exploit Search" functionality, to conduct a basic vulnerability assessment.

In the response, we obtained information indicating that the website is using a vulnerable version of jQuery. You know what's great about the bot? When it detects vulnerabilities, it automatically searches for suitable exploits. If it finds any, it presents a ready-to-use command in the results, which you can copy with just one click and use to obtain the exploit.

As a result, using one of the provided exploits, it can be inferred that the outdated version of jQuery on the website is vulnerable to XSS (Cross-Site Scripting) vulnerabilities.

Next, let's take a look at the results of a full website vulnerability scan:

Inside the tool, let's select WordPress, as it's known that the website operates on this platform (this can easily be determined by viewing the page source code in a browser).

After waiting for the scan results, it's evident that this website is a "swiss cheese" in terms of vulnerabilities:

By selecting one of the detected CVEs and inputting the command into Project bot, we obtain an exploit for executing SQL injection on the website:

If the website owner doesn't update the engine, templates, and plugins to their latest versions in a timely manner, it can lead to serious security issues with the website.

We strongly recommend avoiding such mistakes and checking your websites using the Project bot!

But that's not all!

It might seem like the website is vulnerable, and that's already clear. But you can conduct another check using the following tool from the same category:

Which provided the following results:

By the third line, it can be immediately understood that posts on the website are being made at least under the username "admin". However, the most interesting part was in the "Directory traversal" section. Clicking on the link revealed the following:

A complete copy of the website's files was found in the downloaded zip archive.

The standard WordPress configuration file contains the database connection information and the salts used by the engine.

In addition to this, the archive contains templates and plugins used on the site.

In the open SQL database dump, there is one user of the site, "admin," and their email.

Knowing the email, you can try to retrieve their passwords using specialized tools from the "Data Leak Search" category.

Friends, we strongly recommend you to carefully maintain the software versions on your servers, as well as the versions of your website's engines, plugins, templates, and libraries to avoid exposing them to the risk of hacking. Also, always forbid directory listing on your website. For example, in Apache, you can solve this by adding just one line to your .htaccess file: Options -Indexes

Use Project bot to detect vulnerabilities and other issues on your resources!