Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2015/02/09 11:12 p.m.277 views

WhatsSpy - Trace the moves of a WhatsApp user

WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you've setup this application you can track users that you want to follow on Whatsapp. Once it's...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2020/11/26 11:30 a.m.276 views

Bunkerized-Nginx - Nginx Docker Image Secure By Default

nginx Docker image secure by default. Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself. Non-exhaustive list of features : HTTPS support...

6.7AI score
Exploits0References7
Kitploit
Kitploit
added 2020/02/24 11:30 a.m.276 views

Liffy - Local File Inclusion Exploitation Tool

LFI Exploitation tool A little python tool to perform Local file inclusion. Liffy v2.0 is the improved version of liffy which was originally created by rotlogix/liffy. The latter is no longer available and the former hasn't seen any development for a long time. Main feature data:// for code...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2020/01/01 8:17 p.m.276 views

SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References9
Kitploit
Kitploit
added 2019/03/22 12:8 p.m.276 views

Xerxes - DoS Tool Enhanced

Xerxes dos tool enhanced with many features for stress testing. Features Xerxes has many features, some of these features are: TLS Support HTTP header randomization Useragent randomization Multiprocessing support Multiple Attack vectors etc... Not only that but also we are aggressively developing...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2016/01/01 10:32 p.m.276 views

Sublist3R - Fast Subdomains Enumeration Tool For Penetration Testers

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu,...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/09/25 9:2 p.m.275 views

SharpSploit - A .NET Post-Exploitation Library Written In C#

SharpSploit is a .NET post-exploitation library written in C that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. SharpSploit is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port...

7.7AI score
Exploits0References10
Kitploit
Kitploit
added 2019/09/13 8:30 p.m.274 views

DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User

DetExploit is software that detect vulnerable applications and not-installed important OS updates on the system, and notify them to user. As we know, most of cyberattacks uses vulnerability that is released out year before. I thought this is huge problem, and this kind of technology should be mor...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2025/04/11 12:30 p.m.273 views

Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library

A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library. Features include real-time continuous scraping, media downloading, and data export capabilities. \ / / / / | | / \ \ \ | | \ \ / \ || \ / / / / Features 🚀 Scrape messages...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/02/07 8:30 p.m.273 views

Instaloctrack - An Instagram OSINT Tool To Collect All The Geotagged Locations Available On An Instagram Profile In Order To Plot Them On A Map, And Dump Them In A JSON

A tool to scrape geotagged locations on Instagram profiles. Output in JSON & interactive map. TL;DR : ascineema, video of the project requirements sudo apt install chromium-chromedriver && chmod a+x /usr/bin/chromedriver ️ installation git clone https://github.com/bernsteining/instaloctrack cd...

6.9AI score
Exploits0References6
Kitploit
Kitploit
added 2020/04/03 11:30 a.m.273 views

Jackdaw - Tool To Collect All Information In Your Domain And Show You Nice Graphs

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2024/04/15 12:30 p.m.272 views

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser BITB without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I...

6.7AI score
Exploits0References3
Kitploit
Kitploit
added 2021/05/21 9:30 p.m.271 views

DivideAndScan - Divide Full Port Scan Results And Use It For Targeted Nmap Runs

DivideEt Impera And Scan and also merge the scan results D ivideA ndS can is used to efficiently automate port scanning routine by splitting it into 3 phases: 1. Discover open ports for a bunch of targets. 2. Run Nmap individually for each target with version grabbing and NSE actions. 3. Merge th...

7.1AI score
Exploits0References9
Kitploit
Kitploit
added 2019/07/05 9:56 p.m.270 views

Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone

Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/03 9:54 p.m.270 views

ANDRAX v3 - The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphones. Thanks to Jessica Helena she made ANDRAX v3 possible. What is ANDRAX ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2020/04/11 12:30 p.m.269 views

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2019/03/19 11:52 a.m.269 views

Freevulnsearch - Free And Open NMAP NSE Script To Query Vulnerabilities Via The cve-search.org API

This NMAP NSE script is part of the Free OCSAF project - https://freecybersecurity.org. In conjunction with the version scan "-sV" in NMAP, the corresponding vulnerabilities are automatically assigned using CVE Common Vulnerabilities and Exposures and the severity of the vulnerability is assigned...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2019/03/09 12:32 p.m.269 views

AutoRDPwn v4.8 - The Shadow Attack Framework

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply...

7.9AI score
Exploits0References6
Kitploit
Kitploit
added 2019/01/05 9:36 p.m.269 views

PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool

PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can ...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2018/05/24 2:30 p.m.269 views

Multitor - A Tool That Lets You Create Multiple TOR Instances With A Load-Balancing

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. The multitor has been...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2019/06/22 10:10 p.m.268 views

BoomER - Framework For Exploiting Local Vulnerabilities

BoomER is an open source framework, developed in Python. The tool is focused on post-exploitation, with a main objective, the detection and exploitation of local vulnerabilities, as well as the collection of information from a system, such as the installed applications they have. The framework...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/04 7:39 p.m.268 views

ripVT - Virus Total API Maltego Transform Set For Canari

Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees. No jokes in this repo. It's as serious as you are. Installation 1. Requires Canari, specifically this branch/version 2. Install Malformity 3. sudo python setup.py install canari create-profile rip...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2019/02/07 8:39 p.m.268 views

CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols

This software project is a result of a Bachelor's thesis created atSCHUTZWERK in collaboration with Aalen University by Philipp Schmied. Please refer to the correspondingblog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles feature...

6.7AI score
Exploits0References5
Kitploit
Kitploit
added 2019/05/25 1:7 p.m.267 views

HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. block ports, Hidden mode, rootkit functions etc. The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that bloc...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/12 9:19 p.m.267 views

GodOfWar - Malicious Java WAR Builder With Built-In Payloads

A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. try -l/--list cmdget filebrowser bindshell reverseshell reverseshellui Configurable backdoor. try --host/-port Control over payload name. To avoid malicious...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2020/10/20 11:30 a.m.266 views

PatchChecker - Web-based Check For Windows Privesc Vulnerabilities

This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application running on flask that provides output similar to that of Watson. However by using PatchChecker, one is not required to execute a binary on the target machine. Included in this...

7.8CVSS7.8AI score0.414EPSS
Exploits70References3
Kitploit
Kitploit
added 2016/03/09 10:0 p.m.266 views

HEVD - HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2021/03/16 11:30 a.m.265 views

Genisys - Powerful Telegram Members Scraping And Adding Toolkit

Powerful Telegram Members Scraping and Adding Toolkit Features ADDS IN BULKby user id, not by username Scrapes and adds to public groups Works in Windows systems You can run unlimited accounts at the same time in order to add members CSV files auto-distributer based on number of accounts to use...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/02/25 8:30 p.m.265 views

ScareCrow - Payload Creation Framework Designed Around EDR Bypass

If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Description ScareCrow is a payload creation framework for generating loaders for the use of side loading not injection into a legitimate Windows process bypassing Application...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2020/12/21 8:30 p.m.265 views

SharpMapExec - A Sharpen Version Of CrackMapExec

A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements. Besides scanning for access it can be used to identify...

7.8AI score
Exploits0References7
Kitploit
Kitploit
added 2020/02/15 9:0 p.m.264 views

Fuzzowski - The Network Protocol Fuzzer That We Will Want To Use

The idea is to be the Network Protocol Fuzzer that we will want to use. The aim of this tool is to assist during the whole process of fuzzing a network protocol, allowing to define the communications, helping to identify the "suspects" of crashing a service, and much more Last Changes 16/12/2019...

7.7AI score
Exploits0References3
Kitploit
Kitploit
added 2021/06/24 12:30 p.m.263 views

Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/25 9:39 p.m.263 views

EvilOSX - An Evil RAT (Remote Administration Tool) For macOS/OS X

An evil RAT Remote Administration Tool for macOS / OS X. Features Emulate a terminal instance Simple extendable module system No bot dependencies pure python Undetected by anti-virus OpenSSL AES-256 encrypted payloads Persistent GUI and CLI support Retrieve Chrome passwords Retrieve iCloud tokens...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/07 9:30 p.m.262 views

WordPress-Brute-Force - Super Fast Login WordPress Brute Force

WordPress Brute Force Super Fast Login .---. .----------- / \ / ------ / / \ / ----- ////// ' / --- //// / // : ★★ : --- // / / / '-- // //..\ WpCrack Brute Froce Tool™ ====UU====UU========================== '//||\ '' usage: python WpCrack.py options optional arguments: -h, --help show this help...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2021/04/19 12:30 p.m.262 views

Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...

6.9AI score
Exploits0References5
Kitploit
Kitploit
added 2018/10/13 9:58 p.m.262 views

Censys Subdomain Finder - Perform Subdomain Enumeration Using The Certificate Transparency Logs From Censys

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA. See it in action: $ python censyssubdomainfinder.py github.com Searching Censys for subdomains of github.com...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2019/02/04 12:43 p.m.261 views

Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space a...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2019/01/12 8:46 p.m.261 views

Metasploit 5.0 - The World’s Most Used Penetration Testing Framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one...

7.1AI score
Exploits0References5
Kitploit
Kitploit
added 2021/08/11 9:30 p.m.260 views

Wsh - Web Shell Generator And Command Line Interface

wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2021/06/09 12:30 p.m.260 views

Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...

7.1AI score
Exploits0References5
Kitploit
Kitploit
added 2021/04/14 9:30 p.m.260 views

MoveKit - Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the executeassembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a...

8.1AI score
Exploits0References11
Kitploit
Kitploit
added 2018/10/19 12:51 p.m.260 views

LibSSH Scanner - Script To Identify Hosts Vulnerable To CVE-2018-10933

This is a python based script to identify hosts vulnerable to CVE-2018-10933. The vulnerability is present on versions of libssh 0.6+ and was remediated by a patch present in libssh 0.7.6 and 0.8.4. For more details:...

9.1CVSS9.2AI score0.91789EPSS
Exploits11References1
Kitploit
Kitploit
added 2022/11/06 11:30 a.m.259 views

Collect-MemoryDump - Automated Creation Of Windows Memory Snapshots For DFIR

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system in a forensically sound manner. Features: Checks for Hostname and Physical Memory Size before starting memory...

6.9AI score
Exploits0References7
Kitploit
Kitploit
added 2021/06/10 9:30 p.m.259 views

Neurax - A Framework For Constructing Self-Spreading Binaries

A framework that aids in creation of self-spreading software Requirements go get -u github.com/redcode-labs/Coldfire go get -u github.com/yelinaung/go-haikunator New in v. 2.0 New wordlist mutators + common passwords by country Improvised passive scanning .FastScan option that makes active scans ...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2021/04/23 9:30 p.m.259 views

IPCDump - Tool For Tracing Interprocess Communication (IPC) On Linux

Announcement post ipcdump is a tool for tracing interprocess communication IPC on Linux. It covers most of the common IPC mechanisms -- pipes, fifos, signals, unix sockets, loopback-based networking, and pseudoterminals. It's a useful tool for debugging multi-process applications, and it's also a...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2018/10/29 8:39 p.m.258 views

JQShell - A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

JQShell A weaponized version of CVE-2018-9206 Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0. Disclaimer Using this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use thi...

9.8CVSS9.6AI score0.97107EPSS
Exploits15References2
Kitploit
Kitploit
added 2018/04/17 8:49 p.m.258 views

ROPgadget - This Tool Lets You Search Your Gadgets On Your Binaries To Facilitate Your ROP Exploitation

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2021/07/06 12:30 p.m.257 views

TiEtwAgent - PoC Memory Injection Detection Agent Based On ETW, For Offensive And Defensive Research Purposes

This project was created to research, build and test different memory injection detection use cases and bypass techniques. The agent utilizes Microsoft-Windows-Threat-Intelligence event tracing provider, as a more modern and stable alternative to Userland-hooking, with the benefit of Kernel-mode...

7.8AI score
Exploits0References4
Kitploit
Kitploit
added 2021/06/14 12:30 p.m.257 views

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2017/03/17 2:22 p.m.257 views

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...

9.8CVSS10AI score0.99999EPSS
Exploits44References1
Total number of security vulnerabilities5000