Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2020/02/27 8:30 p.m.191 views

Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop

Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn't intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time. MultiJuicer gives you the...

6.9AI score
Exploits0References9
Kitploit
Kitploit
added 2020/01/16 8:30 p.m.191 views

Lsassy - Extract Credentials From Lsass Remotely

Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python = 3.6 pypykatz = 0.3.0 impacket Installation From...

7.8AI score
Exploits0References7
Kitploit
Kitploit
added 2019/06/12 10:0 p.m.191 views

Intensio-Obfuscator - Obfuscate A Python Code 2.X And 3.X

Takes a python source code and transform it into an obfuscated python code, replace name of variables - classes - functions to random chars and defined length, removes comments, line breaks and add to each line a random script with an always differents values. Requirement Python = 3.5 Files...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2019/03/03 11:54 a.m.191 views

Faraday v3.6 - Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.6: WelcomeService Now A new way to send vulnerabilities is available! We integrated Faraday with Service Now, giving you more options to work with. Burp plugin was totally revamped We have been working hard to make several changes to...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/02/16 8:41 p.m.191 views

DCOMrade - Powershell Script For Enumerating Vulnerable DCOM Applications

DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2016/01/07 11:21 p.m.191 views

Winpayloads - Undetectable Windows Payload Generation

Undetectable Windows Payload Generation with extras Running on Python2.7 Getting Started git clone https://github.com/Charliedean/Winpayloads cd WinPayloads sudo ./setup.sh python WinPayloads.py Menu 1 Windows Reverse ShellStageless Shellter 2 Windows Reverse MeterpreterStaged Shellter, UacBypass...

9.8AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/11 9:8 p.m.190 views

CHAPS - Configuration Hardening Assessment PowerShell Script

CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/24 12:30 p.m.189 views

SlackPirate - Slack Enumeration And Extraction Tool - Extract Sensitive Information From A Slack Workspace

This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising - the integration and 'ChatOps' possibilities are endless and...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/08 8:30 p.m.189 views

Solarflare - SolarWinds Orion Account Audit / Password Dumping Utility

Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/ Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================================ | Collecting RabbitMQ...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2020/05/29 9:30 p.m.190 views

DroidFiles - Get Files From Android Directories

Get files from Android directories, internal and external storage Pictures, Downloads, Whatsapp, Videos, ... Legal disclaimer: Usage of DroidFiles for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/03/28 12:0 p.m.189 views

InQL Scanner - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension. InQL Stand-Alone Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata informatio...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2019/12/08 11:0 a.m.189 views

Functrace - A Function Tracer

functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO http://dynamorio.org/. These are some implemented features based on DynamoRIO: disassemble all the executed code disassemble a specific function dump if these are addresses get arguments of a...

9.8CVSS9.6AI score0.09487EPSS
Exploits3References2
Kitploit
Kitploit
added 2019/07/25 9:31 p.m.189 views

O365-Attack-Toolkit - A Toolkit To Attack Office365

o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information. Some of the implemented features are : Extraction of keyworded e-mails from Outlook. Creation of Outlook Rules. Extraction of files from...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/04/05 11:56 a.m.189 views

PowerShellArsenal - A PowerShell Module Dedicated To Reverse Engineering

PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyze/scrape memory, parse file formats and memory structures, obtain internal system information, etc. PowerShellArsenal is...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/12/16 11:30 a.m.188 views

Nim-Shell - Reverse Shell That Can Bypass Windows Defender Detection

Reverse shell that can bypass windows defender detection $ apt install nim Compilation nim c -d:mingw --app:gui nimshell.nim Change the IP address and port number you want to listen to in the nimshell.nim file according to your device. and listen $ nc -nvlp 4444 Download Nim-Shell...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2023/07/30 12:30 p.m.188 views

LFI-FINDER - Tool Focuses On Detecting Local File Inclusion (LFI) Vulnerabilities

Written by TMRSWRR Version 1.0.0 Instagram: TMRSWRR How to use LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion LFI vulnerabilities. Local File Inclusion is a common security vulnerability that allows an attacker to include files from a web serv...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2021/06/12 9:30 p.m.188 views

Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS

Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/26 1:9 p.m.188 views

Cutter - Free And Open-Source GUI For Radare2 Reverse Engineering Framework

Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Downloading a release Cutter ...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2013/08/21 1:33 a.m.188 views

[Nmap v6.40] Free Security Scanner For Network Exploration & Security Audits

Nmap “ Network Mapper ” is a free and open source license utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses...

7.5CVSS8.4AI score0.99449EPSS
Exploits21
Kitploit
Kitploit
added 2025/04/17 7:48 p.m.187 views

PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data

PANO is a powerful OSINT investigation platform that combines graph visualization, timeline analysis, and AI-powered tools to help you uncover hidden connections and patterns in your data. Getting Started 1. Clone the repository: bash git clone https://github.com/ALW1EZ/PANO.git cd PANO 2. Run th...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2021/06/19 9:30 p.m.187 views

FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

7.5AI score
Exploits0References11
Kitploit
Kitploit
added 2021/06/07 12:30 p.m.187 views

RedWarden - Flexible CobaltStrike Malleable Redirector

RedWarden - Flexible CobaltStrike Malleable Redirector previously known as proxy2's malleableredirector plugin Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2021/05/01 12:30 p.m.187 views

Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already...

7AI score
Exploits0References6
Kitploit
Kitploit
added 2019/05/16 10:11 p.m.187 views

Miteru - An Experimental Phishing Kit Detection Tool

Miteru is an experimental phishing kit detection tool. How it works It collects phishy URLs from the following feeds: CertStream-Suspicious feed via urlscan.io OpenPhish feed via urlscan.io PhishTank feed via urlscan.io Ayashige feed It checks each phishy URL whether it enables directory listing...

7.6AI score
Exploits0References5
Kitploit
Kitploit
added 2019/03/10 8:25 p.m.187 views

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2018/05/01 12:33 p.m.187 views

WSSAT v2.0 - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2016/01/14 10:30 p.m.187 views

RootHelper - A Bash Script That Downloads And Unzips Scripts That Will Aid With Privilege Escalation On A Linux System

RootHelper Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads four scripts. Two enumeration shellscripts and two exploit suggesters, one written in...

9.9AI score
Exploits0References4
Kitploit
Kitploit
added 2013/10/26 9:0 p.m.187 views

[Outlook Password Dump] Tool to quickly recover lost email passwords from all versions of Microsoft Outlook

Outlook Password Dump is the free command-line tool to quickly recover lost email passwords from all versions of Microsoft Outlook. Outlook stores passwords for all the configured mail accounts on your system. These passwords are stored in the encrypted format and only respective user can decrypt...

9.9AI score
Exploits0
Kitploit
Kitploit
added 2021/07/18 9:30 p.m.186 views

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2020/06/09 9:30 p.m.186 views

BabyShark - Basic C2 Server

This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2020/02/16 12:0 p.m.186 views

Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS

Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS beta written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" in/test python3 manul.py -i in -o out -n 4...

7.8CVSS7.7AI score0.03518EPSS
Exploits1References5
Kitploit
Kitploit
added 2019/09/25 8:47 p.m.186 views

Flare-Emu - Powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x86_64, ARM, and ARM64 architectures to reverse engineers

flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported...

6.5AI score
Exploits0References2
Kitploit
Kitploit
added 2019/09/16 8:58 p.m.186 views

Stardox - Github Stargazers Information Gathering Tool

Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view.It can be used for collecting information of your's/someones repository stargazers details. What data it fetchs : 1. Total repsitories 2. Total stars 3. Total...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2019/09/02 1:0 p.m.186 views

Barq - The AWS Cloud Post Exploitation Framework!

barq: The AWS Cloud Post Exploitation framework! What is it? barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/04/11 9:52 p.m.186 views

Chkdfront - Check Domain Fronting

chkdfront checks if your domain fronting is working by testing the targeted domain fronted domain against your domain front domain. Features Checking your domain fronted against the domain front. Searching an expected string in the response to indicate success. Showing troubleshooting suggestions...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2019/02/11 8:28 p.m.186 views

PF_RING - High-Speed Packet Capture, Filtering And Analysis

PFRING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties: 1. Available for Linux kernels 2.6.32 and newer. 2. No need to patch the kernel: just load the kernel module. 3. 10 Gbit Hardware Packet Filtering usi...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/06 8:31 p.m.186 views

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2017/12/08 1:37 p.m.186 views

V3n0M-Scanner - Popular Pentesting scanner for SQLi/XSS/LFI/RFI and other Vulns

V3n0M is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/03/13 10:29 p.m.185 views

Pickl3 - Windows Active User Credential Phishing Tool

Pickl3 is Windows active user credential phishing tool. You can execute the Pickl3 and phish the target user credential. Operational Usage - 1 Nowadays, since the operating system of many end users is Windows 10, we cannot easily steal account information with Mimikatz-like projects like the old...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/18 1:0 p.m.185 views

Konan - Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download Konan by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/05/28 1:6 p.m.185 views

Brutality - A Fuzzer For Any GET Entries

A fuzzer for any GET entries. Features Multi-threading on demand Fuzzing, bruteforcing GET params Find admin panels Colored output Hide results by return code, word numbers Proxy support Big wordlist Colored Usages Install git clone https://github.com/ManhNho/brutality.git chmod 755 -R brutality/...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/05/27 1:0 p.m.185 views

Sniffglue - Secure Multithreaded Packet Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2017/11/12 1:32 p.m.185 views

CredSniper - Phishing Framework which supports SSL and capture credentials with 2FA tokens

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. Benefits Fully supporte...

9.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/10 9:30 p.m.184 views

Karton - Distributed Malware Processing Framework Based On Python, Redis And MinIO

Distributed malware processing framework based on Python, Redis and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a robust pipeline with very little effort. We've been in the...

7.1AI score
Exploits0References13
Kitploit
Kitploit
added 2021/04/25 9:30 p.m.184 views

Tscopy - Tool to parse the NTFS $MFT file to locate and copy specific files

Introducing TScopy It is a requirement during an Incident Response IR engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system OS because they are in use, which is particularly frustrating with event logs and registry hives. TScop...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/19 10:19 p.m.184 views

mongoBuster - Hunt Open MongoDB Instances

Hunt Open MongoDB instances! Features Worlds fastest and most efficient scanner Uses Masscan . Scans entire internet by default, So fire the tool and chill. Hyper efficient - Uses Go-routines which are even lighter than threads. Pre-Requisites - Go language sudo apt install golang Masscan sudo ap...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/01/28 12:45 p.m.184 views

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...

7.6AI score
Exploits0References6
Kitploit
Kitploit
added 2018/09/15 12:53 p.m.184 views

HashPump - A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Help Menu $ hashpump -h HashPump -h help -t test -s signature -d data -a additional -k keylength HashPump generates strings to exploit signatures vulnerable...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2024/05/13 12:30 p.m.183 views

BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses

The original 403fuzzer.py : Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation. It will output the response codes and length for each request, in a nicely organized, color coded way so...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/03/13 8:30 p.m.183 views

HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request

I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...

7AI score
Exploits0References3
Total number of security vulnerabilities5000