Lucene search
K

98 matches found

Kitploit
Kitploit
added 2021/01/06 9:12 p.m.129 views

Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

6.7AI score
Exploits0References2
Kitploit
Kitploit
added 2020/11/15 11:30 a.m.69 views

FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need

FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/28 8:30 p.m.457 views

Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android's Google Play Cor...

8.8CVSS9.1AI score0.02883EPSS
Exploits1References59
Krebs on Security
Krebs on Security
added 2020/10/08 7:42 p.m.48 views

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Theres an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2020/10/04 8:30 p.m.43 views

OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

Manual Port Scanning Enumerate Potential Service If you like the tool and for my personal motivation so as to develop other tools please a +1 star INTRO This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally onl...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/09/22 9:0 p.m.61 views

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A Distributed Evolutionary Binary Fuzzer For Pentesters

FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will no...

5.3CVSS7.1AI score0.04082EPSS
Exploits0References9
Kitploit
Kitploit
added 2020/09/13 11:30 a.m.52 views

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/08/26 9:30 p.m.72 views

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

6.8AI score
Exploits0References2
Hacker One
Hacker One
added 2020/08/14 3:12 a.m.93 views

HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

Hi team, I don't know your policy about pentestersabout their visibility on the platform, But I couldn't find any other pentesters before. 1 For example: GraphQL has the h1pentester attribute that would explicitly point us to the pentester, but if we make a query, it doesn't reveal the pentester ...

6.8AI score
Exploits0
0day.today
0day.today
added 2020/05/12 12:0 a.m.70 views

Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...

0.1AI score0.0312EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/05/12 12:0 a.m.216 views

Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting

Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Date: 2020-04-16 Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...

5.4CVSS5.2AI score0.0312EPSS
Exploits4
Gitee
Gitee
added 2020/04/28 10:53 p.m.7 views

PowerSploit

This is an offensive tool for Windows PowerShell. It is a module for PowerSploit, a PowerShell framework for penetration testing and red teaming. The module contains several functions for code execution, including reflective DLL injection and DLL injection into a process. The functions can be use...

7.5AI score
Exploits0
Metasploit
Metasploit
added 2020/03/04 4:2 a.m.45 views

Install Python for Windows

This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2020/02/21 12:0 p.m.1725 views

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...

8.8CVSS9.2AI score0.63917EPSS
Exploits21References1
Kitploit
Kitploit
added 2020/01/30 9:0 p.m.70 views

S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters

s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub. Installation Binaries Find the binaries on the Releases page. Go go get...

7.1AI score
Exploits0References5
Hacker One
Hacker One
added 2020/01/22 9:48 p.m.22 views

HackerOne: HackerOne Pentesters can access any structured scope object through GraphQL node interface

A missing authorization check in the StructuredScope protector class app/protectors/protectedstructuredscope.rb:42 enables any HackerOne Pentester to access structured scope objects of programs they aren't invited to or aren't running a penetration test through HackerOne. ruby class...

2.4AI score
Exploits0
Kitploit
Kitploit
added 2020/01/20 11:30 a.m.81 views

Grouper2 - Find Vulnerabilities In AD Group Policy

What is it for? Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2020/01/09 11:30 a.m.211 views

Stowaway - Multi-hop Proxy Tool For Pentesters

Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes multi-layer PS: The files under demo folder are Stowaway's beta version,it's still functional, you can check the detail by README.md file under the demo folder...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2019/10/25 8:0 p.m.195 views

JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites

A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found here not sure why format of the slides is screwed :D:...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/09/10 8:33 p.m.313 views

Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers

BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post...

8.6CVSS8.2AI score0.9857EPSS
Exploits34References9
Rows per page
Query Builder