Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2019/03/07 8:27 p.m.197 views

Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase

A scripted pipeline of tools to simplify the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. Scope Chomp Scan is a Bash script that chains together the fastest and most effective tools in my opinion/experience for doing the long and sometimes tedious process o...

6.5AI score
Exploits0References6
Kitploit
Kitploit
added 2017/03/09 2:40 p.m.197 views

IntelMQ - A solution for IT security teams for collecting and processing security feeds using a message queuing protocol

IntelMQ is a solution for IT security teams CERTs, CSIRTs, abuse departments,... for collecting and processing security feeds such as log files using a message queuing protocol. It's a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2023/08/07 12:30 p.m.196 views

Browser-password-stealer - Get All The Saved Passwords, Credit Cards And Bookmarks From Chromium Based Browsers Supports Chromium 80 And Above!

This python program gets all the saved passwords, credit cards and bookmarks from chromium based browsers supports chromium 80 and above! Modules Required To install all the required modules use the following code: pip install -r requirements.txt Supported browsers Chromium Based Browsers ✔ Amigo...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/02/26 8:30 p.m.196 views

CornerShot - Amplify Network Visibility From Multiple POV Of Other Hosts

In warfare, CornerShot is a weapon that allows a soldier to look past a corner and possibly take a shot, without risking exposure. Similarly, the CornerShot package allows one to look at a remote host’s network access without the need to have any special privileges on that host. Using CornerShot,...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2020/12/04 8:30 p.m.196 views

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2019/07/22 9:42 p.m.196 views

Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers

Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order act as a anonymisation workstation-gateway set up. It's aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/26 8:20 p.m.196 views

Metasploit Cheat Sheet

The Metasploit Project is a computer security project that provides information on vulnerabilities, helping in the development of penetration tests and IDS signatures. Metasploit is a popular tool used by pentest experts. Metasploit : Search for module: msf search regex Specify and exploit to use...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/12/09 9:14 p.m.196 views

Cameradar v2.1.0 - Hacks Its Way Into RTSP Videosurveillance Cameras

An RTSP stream access tool that comes with its library Cameradar allows you to Detect open RTSP hosts on any accessible target host Detect which device model is streaming Launch automated dictionary attacks to get their stream route e.g.: /live.sdp Launch automated dictionary attacks to get the...

7.1AI score
Exploits0References9
Kitploit
Kitploit
added 2016/08/05 2:4 a.m.196 views

tplmap - Automatic Server-Side Template Injection Detection and Exploitation Tool

Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injecti...

9.7AI score
Exploits0References1
Kitploit
Kitploit
added 2013/02/27 4:30 p.m.196 views

[Netsparker Community Edition v2.5.2.0] Released!

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free. It shares many features with professional edition. It can...

10AI score
Exploits0
Kitploit
Kitploit
added 2022/05/14 9:30 p.m.195 views

NodeSecurityShield - A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

A Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability CVE-2021-44228 which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can hav...

10CVSS10AI score0.99999EPSS
Exploits354References5
Kitploit
Kitploit
added 2021/02/28 8:30 p.m.195 views

WdToggle - A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching

A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Credential Guard if enabled. Additional guidance can be found in this blog post: https://outflank.nl/blog/?p=1592 Background This PoC code is based on the followi...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2020/04/19 9:14 p.m.195 views

Flux-Keylogger - Modern Javascript Keylogger With Web Panel

Modern javascript keylogger with web panel Web panel: Logging: Keylogger Cookies Location Remote IP User-Agents Installation server files: Upload files from server directory to you server Change default username, password in flux.php Go to http://you.host/flux.php Click build Now inject script ta...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2019/10/25 8:0 p.m.195 views

JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites

A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found here not sure why format of the slides is screwed :D:...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/02 1:5 p.m.195 views

Vthunting - A Tiny Script Used To Generate Report About VirusTotal Hunting And Send It By Email, Slack Or Telegram

Virus Total Hunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be send via email, Slack channel or Telegram. The tool can also be used in cli to get a report anytime. The default number of result is 10 but it can be...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/11 12:9 p.m.195 views

Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler

Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter Getting Started Please follow these instructions to get a copy of Kage running on your local...

7AI score
Exploits0References8
Kitploit
Kitploit
added 2018/11/24 8:43 p.m.195 views

WPScan v3.4.0 - Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/07 11:39 p.m.195 views

pydictor - A Powerful and Useful Hacker Dictionary Builder for a Brute-Force Attack

pydictor is a powerful and useful hacker dictionary builder for a brute-force attack. Why I need to use pydictor ? 1. it always can help you You can use pydictor to generate a general blast wordlist, a custom wordlist based on Web content, a social engineering wordlist, and so on. You can use the...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2014/06/03 7:12 p.m.195 views

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....

8AI score
Exploits0
Kitploit
Kitploit
added 2013/08/29 12:48 a.m.195 views

[Linux Exploit Suggester] Grab the Linux Operating Systems release version, and return a suggestive list of possible exploits

Linux Exploit Suggester; based on operating system release number. This program run without arguments will perform a 'uname -r' to grab the Linux Operating Systems release version, and return a suggestive list of possible exploits. Nothing fancy, so a patched/back-ported patch may fool this scrip...

8.4CVSS7.5AI score0.81528EPSS
Exploits105References1
Kitploit
Kitploit
added 2021/06/06 9:30 p.m.194 views

Krane - Kubernetes RBAC Static Analysis And Visualisation Tool

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...

7.3AI score
Exploits0References16
Kitploit
Kitploit
added 2021/03/03 11:30 a.m.194 views

Threatspec - Continuous Threat Modeling, Through Code

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2021/01/23 8:30 p.m.194 views

Xnuspy - An iOS Kernel Function Hooking Framework For Checkra1N'Able Devices

Output from the kernel log after compiling and running example/open1hook.c xnuspy is a pongoOS module which installs a new system call, xnuspyctl, allowing you to hook kernel functions from userspace. It supports iOS 13.x and 14.x on checkra1n 0.12.2 and up. 4K devices are not supported. Requires...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/21 12:30 p.m.194 views

Zip Cracker - Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline

This Script Supports Only Zip File in This Version You Can Also Use This Script With crunch Cross-platform Supported Usage: zipcracker.py options Options: --version show program's version number and exit -h, --help show this help message and exit -f FILENAME, --file=FILENAME Please Specify Path o...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/03/16 11:30 a.m.194 views

shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2019/06/17 1:9 p.m.194 views

Prithvi - Report Generation Tool

Prithvi is a report generation tool specially made for Security Assessment which is free to use and easy to use. It will generate high quality vulnerability assessment report for security controls. It got various features and majorly made for security assessment. You can easily find security...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2019/05/26 10:2 p.m.194 views

H2Buster - A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2

A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster. Features Fast and portable - install hyper and run. Multiconnection scanning. Multithreaded connections. Scalable: scans can be as docile or aggressive as you configure them to be. h2 and h2c...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2019/03/05 8:25 p.m.194 views

Reload.sh - Reinstall, Restore And Wipe Your System Via SSH, Without Rebooting

Reinstall, restore and wipe your system from the level and in the place of the running GNU/Linux distribution without cd-rom, flash and other. Via SSH, without rebooting. How it works? Set your archive with system backup to restore: build="/mnt/system-backup.tgz" Set path to temporary system...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2019/03/01 12:43 p.m.194 views

VSHG - Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG's standared s2k key-derivation-function + a simplified interface for symmetric encryption . About VSHG VSHG Very secure hash generator is a standalone Addon for GnuPG Gnu privacy guard . It is written as a shell script and ...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2022/06/22 12:30 p.m.193 views

GooFuzz - Tool To Perform Fuzzing With An OSINT Approach, Managing To Enumerate Directories, Files, Subdomains Or Parameters Without Leaving Evidence On The Target's Server With Google Dorking

Credits Author: M3n0sD0n4ld Twitter: @DavidUton Description: GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories without making requests to the web server. Download and install: $ git clone...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/13 12:30 p.m.193 views

Snuffleupagus - Security Module For Php7 And Php8 - Killing Bugclasses And Virtual-Patching The Rest!

Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing...

8.4AI score
Exploits0References7
Kitploit
Kitploit
added 2021/01/21 11:30 a.m.193 views

CDK - Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still unde...

9.8CVSS8.2AI score0.9857EPSS
Exploits37References36
Kitploit
Kitploit
added 2020/03/29 12:0 p.m.193 views

SauronEye - Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords

SauronEye is a search tool built to aid red teams in finding files containing specific keywords. Features : Search multiple network drives Search contents of files Search contents of Microsoft Office files .doc, .docx, .xls, .xlsx Find VBA macros in old 2003 .xls and .doc files Search multiple...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/10/05 12:0 p.m.193 views

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2019/08/13 9:0 p.m.193 views

Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. Comparision It comparision gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

7.5AI score
Exploits0References10
Kitploit
Kitploit
added 2018/03/13 1:12 p.m.193 views

Linkedin2Username - Generate Username Lists For Companies On LinkedIn (OSINT Tool)

OSINT Tool: Generate username lists from companies on LinkedIn. Works with Python2. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to login, it will create several lists of possible username formats for all employees of a company you point it at...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/13 8:43 p.m.193 views

Faraday v2.7 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you have alwasy been looking for! It maps and leverages all the data you generate in real time , letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the risks and impacts and risks being assessed by the...

9.3AI score
Exploits0References2
Kitploit
Kitploit
added 2016/10/10 1:57 p.m.193 views

4nonimizer - A bash script for anonymizing the public IP managing the connection to TOR and different VPNs providers

What is 4nonimizer? It is a bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different VPNs providers OpenVPN, whether free or paid. By default, it includes several pre-configured VPN connections to different peers .ovpn files and...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2025/04/15 12:30 p.m.192 views

Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames

Enhanced version of bellingcat's Telegram Phone Checker! A Python script to check Telegram accounts using phone numbers or username. ✨ Features 🔍 Check single or multiple phone numbers and usernames 📁 Import numbers from text file 📸 Auto-download profile pictures 💾 Save results as JSON 🔐 Secure...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/07/09 12:30 p.m.192 views

WFH - Windows Feature Hunter

Windows Feature Hunter WFH is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist in potentially identifying common “vulnerabilities” or “features” within Windows executables. WFH currently has the capability to automatically identify potential Dynamic...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/25 8:30 p.m.192 views

Shellex - C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor

C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor. Are you having problems converting C-shellcodes to HEX maybe c-comments+ASCII mixed? Here is shellex. If the shellcode can be compiled in a C compiler...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2019/12/03 11:30 a.m.192 views

Nessus Map - Parse .Nessus File(S) And Shows Output In Interactive UI

Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS parsing Generate Executive Summary of scan Export parsed .nessuss to JSON files Import JSON file in NessusMap How it works Create X...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/07/20 1:1 p.m.192 views

Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/05/18 10:49 p.m.192 views

Bandit - Tool Designed To Find Common Security Issues In Python Code

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2018/11/26 8:54 p.m.192 views

Infection Monkey v1.6 - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

9.8CVSS9.5AI score0.99906EPSS
Exploits19References5
Kitploit
Kitploit
added 2018/08/28 12:33 p.m.192 views

SQLMap v1.2.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References20
Kitploit
Kitploit
added 2013/11/25 5:23 p.m.192 views

[zAnti] Android Network Toolkit

Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2023/05/24 12:30 p.m.192 views

Jsfinder - Fetches JavaScript Files Quickly And Comprehensively

jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file e.g., src, href, data-main, etc. and extracts the URLs of the files to a text file. The tool is designed to ...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/20 4:38 a.m.191 views

Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046

Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046. It is able to even find instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! Currently reports log4j-core...

10CVSS10AI score0.99999EPSS
Exploits356References4
Kitploit
Kitploit
added 2020/03/17 11:30 a.m.191 views

Pypykatz - Mimikatz Implementation In Pure Python

Mimikatz implementation in pure Python. At least a part of it : Runs on all OS's which support python=3.6 WIKI Since version 0.1.1 the command line changed a little. Worry not, I have an awesome WIKI for you. Installing Install it via pip or by cloning it from github. The installer will create a...

7.1AI score
Exploits0References9
Total number of security vulnerabilities5000