Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2019/10/04 12:0 p.m.147 views

ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/09/03 9:59 p.m.147 views

mpDNS - Multi-Purpose DNS Server

Simple, configurable "clone & run" DNS Server with multiple useful features Should work on Python 2 and 3 names.db - holds all custom records see examples Simple wildcards like .example.com Catch unicode dns requests Custom actions aka macro: shellexec::dig google.com +short - Execute shell comma...

7.9AI score
Exploits0References2
Kitploit
Kitploit
added 2019/08/20 1:25 p.m.147 views

goDoH - A DNS-over-HTTPS C2

godoh is a proof of concept Command and Control framework, written in Golang, that uses DNS-over-HTTPS as a transport medium. Currently supported providers include Google, Cloudflare but also contains the ability to use traditional DNS. Installation All you would need are the godoh binaries...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2019/04/20 10:39 p.m.147 views

FTPBruter - A FTP Server Brute Forcing Tool

Brute forcing tool for FTP server. FTPBruter can work in any OS if they have and support Python 3. Feature Brute force a FTP server with a username or a list of usernames That's all. Install and Run on Linux You have to install Python 3 first: Install Python 3 on Arch Linux and its distros: sudo...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/03/06 8:13 p.m.147 views

Gitleaks - Searches Full Repo History For Secrets And Keys

Searches Full Repo History For Secrets And Keys. Installing go get -u github.com/zricethezav/gitleaks Usage and Explanation ./gitleaks options Gitleaks audits local and remote repos by running regex checks against all commits. Options usage: gitleaks options / Options: -u --user Git user mode -r...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2017/08/07 3:16 p.m.147 views

PcapViz - Visualize Network Topologies and Collect Graph Statistics Based on PCAP Files

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

6.7AI score
Exploits0References1
Kitploit
Kitploit
added 2014/09/30 12:30 a.m.147 views

MASSCAN - Mass IP port scanner (fastest Internet port scanner)

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2022/04/14 9:30 p.m.146 views

vAPI - Vulnerable Adversely Programmed Interface Which Is Self-Hostable API That Mimics OWASP API Top 10 Scenarios Through Exercises

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios in the means of Exercises. Requirements PHP MySQL PostMan MITM Proxy Installation Docker docker-compose up -d Installation Manual Copying the Code cd git clone...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2021/10/20 11:30 a.m.146 views

Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones

A tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/17 12:30 p.m.146 views

ReverseSSH - Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such

A statically-linkedssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges, CTFs or similar. Has been developed and was extensively used during OSCP exam preparation. Get the latest Release Features Catching a reverse shell with...

7.7AI score
Exploits0References5
Kitploit
Kitploit
added 2021/07/30 9:30 p.m.146 views

LightMe - HTTP Server Serving Obfuscated Powershell Scripts/Payloads

LightMe is a Simple HTTP Server serving Powershell Scripts/Payloads after Obfuscate them and run obfuscation as a service in backgroud in order to keep obfuscate the payloads which giving almost new obfuscated payload on each HTTP request Main Features Obfuscate all powershell files within a...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2020/11/29 11:30 a.m.146 views

Talon - A Password Guessing Tool That Targets The Kerberos And LDAP Services Within The Windows Active Directory Environment

Talon is a tool designed to perform automated password guessing attacks while remaining undetected. Talon can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform a password guessing attack against the Kerberos and LDAPS LDAP Secure services. Talon c...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2019/08/23 9:45 p.m.146 views

Covenant - A .NET Command And Control Framework For Red Teamers

Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. Covenant is an ASP.NET Core, cross-platform application that includes a...

7.8AI score
Exploits0References3
Kitploit
Kitploit
added 2019/05/20 1:6 p.m.146 views

Flashsploit - Exploitation Framework For ATtiny85 Based HID Attacks

Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible .ino Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary : Automat...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/01 12:35 p.m.146 views

XIP - Tool To Generate A List Of IP Addresses By Applying A Set Of Transformations Used To Bypass Security Measures E.G. Blacklist Filtering, WAF, Etc.

XIP generates a list of IP addresses by applying a set of transformations used to bypass security measures e.g. blacklist filtering, WAF, etc. Further explaination on our blog post article Usage python3 xip.py --help Docker alternative Official image You can pull the official Drupwn image from th...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/18 9:29 p.m.146 views

SILENTTRINITY - A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET

A post-exploitation agent powered by Python, IronPython, C/.NET. Requirements Server requires Python = 3.7 SILENTTRINITY C implant requires .NET = 4.5 How it works Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also the...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2024/09/23 11:30 a.m.146 views

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/12 10:0 p.m.145 views

Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private

A free and portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private. Your preparation for the Net! The Windows 10 default privacy settings leave a lot to be desired when it comes to protecting you and your private information. Whenever I set up ...

7.4AI score
Exploits0References9
Kitploit
Kitploit
added 2020/06/26 2:0 p.m.145 views

Cloudtopolis - Cracking Hashes In The Cloud For Free

Cloudtopolis is a tool that facilitates the installation and provisioning of Hashtopolis on the Google Cloud Shell platform, quickly and completely unattended and also, free!. Requirements Have 1 Google account at least. Installation Cloudtopolis installation is carried out in two phases: Phase 1...

7.4AI score
Exploits0References5
Kitploit
Kitploit
added 2020/02/10 11:30 a.m.145 views

Pytm - A Pythonic Framework For Threat Modeling

Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...

10CVSS7.7AI score0.51878EPSS
Exploits0References2
Kitploit
Kitploit
added 2019/08/03 12:50 p.m.145 views

Usbrip - Simple Command Line Forensics Tool For Tracking USB Device Artifacts (History Of USB Events) On GNU/Linux

usbrip derived from "USB Ripper", not "USB R.I.P." is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts aka USB event history, "Connected" and "Disconnected" events on Linux machines. Description usbrip is a small piece of software written in pure...

7.1AI score
Exploits0References5
Kitploit
Kitploit
added 2019/05/19 2:2 p.m.145 views

OSIF - Open Source Information Facebook

OSIF is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to only me, Sensitive information about residence, date of birth, occupation, phone number and email address. Installation $ pkg update...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/31 9:18 p.m.145 views

IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays

IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro. The main features of IDArling are: hooking general user events structure...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2019/01/15 8:38 p.m.145 views

Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies

Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI Build system. Documentation Full documentation is available on snyk.io Installation 1. Install the Snyk utility using npm install -g snyk. 2. Once...

7.7AI score
Exploits0References6
Kitploit
Kitploit
added 2018/02/13 9:12 p.m.145 views

Pymap-Scanner - Python Scanner with GUI

Python-based port scanner with Pyqt4 user interface. Features Basic Gui Speed Scan Custom Services User Control Error Control Useful parameters And More. Installation Modules $ Pyqt4 $ Nmap RequirementsThird +xsltproc Download Pymap-Scanner...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/10/30 9:9 p.m.145 views

Lynis 2.5.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

9AI score
Exploits0
Kitploit
Kitploit
added 2014/06/16 8:54 p.m.145 views

wpbf - WordPress Brute Force

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames. When a correct username/passwords...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2022/06/23 12:30 p.m.144 views

WEF - Wi-Fi Exploitation Framework

A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, automated hash cracking, bluetooth hacking and much more. I recommend you my alfa adapter: Alfa AWUS036ACM , which works really great with both, 2.4 and 5 Ghz Tested and supported in...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2021/07/11 9:30 p.m.144 views

RemotePotato0 - Just Another "Won't Fix" Windows Privilege Escalation From User To Domain Admin

Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin. RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin. Briefly: It abuses the DCOM activation service and trigger an NTLM authentication of the user currently...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/16 12:30 p.m.144 views

Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/09/15 11:30 a.m.144 views

Rbcd-Attack - Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket

Abusing Kerberos Resource-Based Constrained Delegation TL;DR This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain. The difference from other common implementations is that we are launching the attack from outside of the...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2020/02/29 8:40 p.m.144 views

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/12 10:23 p.m.144 views

ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts

This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2019/07/11 1:14 p.m.144 views

Echidna - Ethereum Fuzz Testing Framework

Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...

7.2AI score
Exploits0References9
Kitploit
Kitploit
added 2019/02/21 8:27 p.m.144 views

Eraser - Secure Erase Files from Hard Drives on Windows

Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Eraser is currently supported under Windows XP with Service Pack 3, Windows Server 2003 with Service Pack 2,...

7AI score
Exploits0
Kitploit
Kitploit
added 2019/01/16 9:0 p.m.144 views

Stardox - Github Stargazers Information Gathering Tool

Stardox is an advanced github stargazers information gathering tool. It scraps Github for information and display them in list tree view.It can be used for collecting information of your's/someones repository stargazers details. What data it fetchs : 1. Total repsitories 2. Total stars 3. Total...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2018/09/26 9:17 p.m.144 views

Mail Security Tester - A Testing Framework For Mail Security And Filtering Solutions

A testing framework for mail security and filtering solutions. IMPORTANT: Don't do anything evil with this! Tests of cloud or otherwise hosted solutions should always be approved by the tested provider. Only use your own test accounts and don't annoy anyone with a load of test mails. Installation...

6.3AI score
Exploits0References2
Kitploit
Kitploit
added 2015/11/01 10:40 p.m.144 views

ARDT - Akamai Reflective DDoS Tool

Akamai Reflective DDoS Tool Attack the origin host behind the Akamai Edge hosts and bypass the DDoS protection offered by Akamai services. How it works... Based off the research done at NCC: https://dl.packetstormsecurity.net/papers/attack/thepentestersguidetoakamai.pdf Akamai boast around 100,00...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2014/01/21 12:10 a.m.144 views

[BlackArch] Linux Distribution with 600 Security Tools

BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. The repository contains 630 tools. You can install tools individually or in groups. BlackArch is compatible with existing Arch installs. Tool List: Name | Version | Description | Homepage...

8.3AI score
Exploits0References66
Kitploit
Kitploit
added 2023/03/06 11:30 a.m.143 views

Thunderstorm - Modular Framework To Exploit UPS Devices

Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future. CVE Thunderstorm is currently capable of exploiting the following CVE: CVE-2022-47186 – Unrestricted fi...

10CVSS7.1AI score0.0157EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/05/17 9:30 p.m.143 views

Corsair_Scan - A Security Tool To Test Cross-Origin Resource Sharing (CORS)

Corsairscan is a security tool to test Cross-Origin Resource Sharing CORS misconfigurations. CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. If this is not properly configured,...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2021/02/06 11:30 a.m.143 views

GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install them as below. Keep in mind it also instal...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2020/08/06 12:30 p.m.143 views

Taowu - A CobaltStrike Toolkit

TaoWu檮杌 is a CobaltStrike toolkit. All the scripts are gathered on the Internet and slightly modified by myself. You can use it under GPLv3. And all on your own risk. Any PR is appreciated. Or you can contact me on E-mail [email protected] Let's make TaoWu better than ever together. Any...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2020/07/27 12:30 p.m.143 views

HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website

Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...

7.4AI score
Exploits0References5
Kitploit
Kitploit
added 2020/04/17 9:30 p.m.143 views

PEASS - Privilege Escalation Awesome Scripts SUITE

Here you will find privilege escalation tools for Windows and Linux/Unix in some near future also for Mac. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2020/01/31 11:30 a.m.143 views

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

7.5AI score
Exploits0References6
Kitploit
Kitploit
added 2019/10/14 9:0 p.m.143 views

Postenum - A Clean, Nice And Easy Tool For Basic/Advanced Privilege Escalation Techniques

Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Be more than a normal user. be the ROOT. USE ./postenum.sh option ./postenum.sh -s ./postenum.sh -c Options : -a : All -s : Filesyst...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2019/04/05 8:45 p.m.143 views

Faraday v3.7 - Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.7: Now, you can include images to explain vulnerability steps, add tables, codes, and we also support: Title Bold and italic typography Click here to find out how to configure Markdown in Faraday: New vuln preview With Faraday v3.7 you...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2019/01/03 8:41 p.m.143 views

SiteBroker - A Cross-Platform Python Based Utility For Information Gathering And Penetration Testing Automation!

A cross-platform python based utility for information gathering and penetration automation! Output Sitebroker's Full Output Requirements Python 2.7. Python pip Python module requests Python module colorama Python module dnspython Python module lxml Python module bs4 Install modules pip install -r...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/01/25 9:13 p.m.143 views

Al-Khaser v0.72 - Public malware techniques used in the wild (Virtual Machine, Emulation, Debuggers, Sandbox detection)

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. Features Anti-debugging attacks IsDebuggerPresent CheckRemoteDebuggerPresent Process...

7.4AI score
Exploits0References4
Total number of security vulnerabilities5000