Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2019/03/13 8:30 p.m.134 views

Decker - Declarative Penetration Testing Orchestration Framework

Decker is a penetration testing orchestration framework. It leverages HashiCorp Configuration Language 2 the same config language as Terraform to allow declarative penetration testing as code, so your tests can be versioned, shared, reused, and collaborated on with your team or the community...

7.3AI score
Exploits0References20
Kitploit
Kitploit
added 2018/11/06 12:48 p.m.134 views

Robber - Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2018/10/13 1:12 p.m.134 views

Metadata-Attacker - A Tool To Generate Media Files With Malicious Metadata

With this small suite of open source pentesting tools you're able to create an image .jpg, audio .mp3 or video .mp4 file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data...

6AI score
Exploits0References4
Kitploit
Kitploit
added 2021/07/17 12:30 p.m.133 views

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/02/05 11:30 a.m.133 views

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2021/01/06 9:12 p.m.133 views

Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

6.7AI score
Exploits0References2
Kitploit
Kitploit
added 2020/06/15 9:30 p.m.133 views

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/14 12:30 p.m.133 views

DalFox (Finder Of XSS) - Parameter Analysis And XSS Scanning Tool Based On Golang

Finder Of XSS, and Dal is the Korean pronunciation of moon. What is DalFox Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2020/03/01 9:0 p.m.133 views

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/11/22 9:0 p.m.133 views

DNCI - Dot Net Code Injector

DNCI allows the injection of .Net code .exe or .dll remotely in unmanaged processes in windows. 1. Project Structure The project is structured in: DNCI.Injector.Library - Injection library. Contains all injection components and logic; DNCI.Injector.Runner - Command line utility for injection;...

8.1AI score
Exploits0References1
Kitploit
Kitploit
added 2019/04/22 10:0 p.m.133 views

Reverie - Automated Pentest Tools Designed For Parrot Linux

Automated Pentest Tools Designed For Parrot Linux. this tool will make your basic pentesting task like Information Gathering, Security Auditing, And Reporting so this tool will do every task fully automatic. Usage Guide Download / Clone git clone https://github.com/baguswiratmaadi/reverie Go Insi...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/11/02 1:17 p.m.133 views

Frida-Extract - Frida.re Based RunPE (And MapViewOfSection) Extraction Tool

FridaExtract is a Frida.re based RunPE extraction tool. RunPE type injection is a common technique used by malware to hide code within another process. It also happens to be the final stage in a lot of packers : NOTE: Frida now also supports extraction of injected PE files using the...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/22 9:7 p.m.133 views

WinSpy - A Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener

WinSpy: Windows Reverse Shell Backdoor Creator With ip poisener. Dependencies 1 - metasploit-framework 2 - xterm 3 - apache2 4 - whiptail Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/19 12:34 p.m.133 views

Gobuster - Directory/File & DNS Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just worked on the command line. 3. ... somethi...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/12/03 8:30 p.m.132 views

Aclpwn.Py - Active Directory ACL Exploitation With BloodHound

Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2020/07/07 9:30 p.m.132 views

Scant3R - Web Security Scanner

ScanT3r - Web Security Scanner / / / / / \ / / / / / / / / / / // // / / / / / / / / ///,// /// /// Coded By : Khaled Nassar @knassar702 Detect This vulnerabilities Remote Code Execution Linux XSS Reflected Template Injection Jinja2 ERB Java Twig Freemarker SQlInjection ScreenShot: GIF...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/02/24 11:8 p.m.132 views

Faraday presents the latest version of their Security Platform for Vulnerability Management Automation

Miami, February 19, 2020 - Faraday is opening 2020 by strengthening their releases using the featured cybersecurity worldwide events calendar, starting next week with BSides and RSAC in San Francisco. As a Blackhat Global Partner, the company will also participate as a sponsor in all BH’s global...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2020/01/19 11:30 a.m.132 views

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2020/01/18 11:30 a.m.132 views

Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals

Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup their environment while staying within their scope. Credit Inspired by Andrew Benson's hostfw iptable generation script. Features Bluewall...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/10 9:0 p.m.132 views

Mosca - Manual Search Tool To Find Bugs Like A Grep Unix Command

Mosca Manual analysis tool to find bugs like a grep unix command, Version 0.05 because is not dynamic... uses static code to search... don't confuse with academic views hahaha don't have graph here or CFG... is a simple "grep" egg modules is a config to find to vulnerabilities you can use at C,...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/24 8:18 p.m.132 views

Iptables Essentials - Common Firewall Rules And Commands

Tools to help you configure Iptables Shorewall - advanced gateway/firewall configuration tool for GNU/Linux. Firewalld - provides a dynamically managed firewall. UFW - default firewall configuration tool for Ubuntu. FireHOL - offer simple and powerful configuration for all Linux firewall and...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2016/01/06 9:59 p.m.132 views

ParanoicScan - Vulnerability Scanner

Old Options Google & Bing Scanner that also scan : XSS SQL GET / POST SQL GET SQL GET + Admin Directory listing MSSQL Jet Database Oracle LFI RFI Full Source Discloure HTTP Information SQLi Scanner Bypass Admin Exploit FSD Manager Paths Finder IP Locate Crack MD5 Panel Finder Console Fixes +...

9.7AI score
Exploits0References1
Kitploit
Kitploit
added 2015/04/13 11:1 p.m.132 views

Aircrack-ng 1.2 RC 2 - WEP and WPA-PSK keys cracking program

Here is the second release candidate. Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer. Airmon-zc is mature and is now renamed to Airmon-ng. Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP. Another big change is recent version of GPSd now...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2024/06/07 12:30 p.m.131 views

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT Open Source Intelligence and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/03/26 11:30 a.m.131 views

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/05/18 12:30 p.m.131 views

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2020/09/27 11:30 a.m.131 views

Wacker - A WPA3 Dictionary Cracker

A set of scripts to help perform an online dictionary attack against a WPA3 access point. Wacker leverages the wpasupplicant control interface to control the operations of the supplicant daemon and to get status information and event notifications ultimately helping speedup connection attempts...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/26 10:0 p.m.131 views

Sitedorks - Search Google/Bing/DuckDuckGo/Yandex/Yahoo For A Search Term With Different Websites

Search Google, Bing, Yahoo or Yandex for a search term with different websites. A default list is already provided, which contains Github, Gitlab, Surveymonkey, Trello etc etc. Currently, a default list of 231 dorkable websites is available. Current categories on file are: analysis10 cloud34 code...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/02/02 8:30 p.m.131 views

PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free Grammar PCFG = Pretty Cool Fuzzy Guesser In short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords honeywords, or help develop better password strength...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2020/01/10 9:1 p.m.131 views

IotShark - Monitoring And Analyzing IoT Traffic

IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily, setting up a man in the middle attack with proper configurations can take up quite a bit of time, and may seem dauntingly impossible for those with little to no...

6.7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/07/31 9:37 p.m.131 views

Buster - Find Emails Of A Person And Return Info Associated With Them

Buster is a simple OSINT tool used to: Get social accounts from various sourcesgravatar,about.me,myspace,skype,github,linkedin,avast Get links to where the email was found using google,twitter,darksearch and paste sites Get domains registered with an email reverse whois Generate possible emails a...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2019/07/25 12:49 p.m.131 views

Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework

A Python Module to interact with the Mitre ATT&CK Framework. pyattck has the following notable features in it's current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations All techniques have suggested mitigations as a property For each class you can access addition...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/09 9:39 p.m.131 views

mXtract v1.2 - Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Screenshots Scan wi...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/12/04 8:49 p.m.131 views

Secret Keeper - Python Script To Encrypt & Decrypt Files With A Given Key

Secret Keeper is a file encryptor written in python which encrypt your files using Advanced Encryption Standard AES. CBC Mode is used when creating the AES cipher wherein each block is chained to the previous block in the stream. Features Secret Keeper has the ability to generate a random...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/01 12:22 p.m.131 views

NodeXP - Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on ServerSideJavascriptInjection attack! Getting Started - Installation & Usage Download NodeXP by cloning the Git...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2018/02/24 9:12 p.m.131 views

meg+ - Automated Reconnaissance Wrapper

This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2017/02/04 2:30 p.m.131 views

Tater - A PowerShell implementation of the Hot Potato Windows Privilege Escalation Exploit

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell - https://github.com/Cn33liz/p0wnedShell PowerShell Empire - https://github.com/PowerShellEmpire/Empire PSAttack - https://github.com/jaredhaight/psattack Functions Invoke-Tater Th...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2013/10/22 12:29 a.m.131 views

[IPv6 Disable Tool] Command-line Software to Enable or Disable IPv6 on Windows

IPv6 Disable is the free command-line tool to quickly Enable or Disable IPv6 Internet Protocol version 6 on your Windows system. It automatically checks for the current status of IPv6 and then enable/disable it accordingly. It is simple & easy to use tool. Also being a command-line based tool mak...

9.9AI score
Exploits0
Kitploit
Kitploit
added 2013/03/18 10:33 p.m.131 views

[Dexter] A Free Tool for Mobile (Android) Malware Analysis

Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities. .png Dexter combines manual and automatic static program analysis to provide a better...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2025/05/02 12:30 a.m.130 views

Uro - Declutters Url Lists For Crawling/Pentesting

Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that. It doesn't make any http requests to the URLs and removes: - incremental urls e.g. /page/1/ and /page/2/ - blog posts and similar human written conten...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/09/25 8:30 p.m.130 views

QueenSono - Golang Binary For Data Exfiltration With ICMP Protocol

QueenSono tool only relies on the fact that ICMP protocol isn't monitored. It is quite common. It could also been used within a system with basic ICMP inspection ie. frequency and content length watcher. Try to imitate PyExfil and others with the idea that the target machine does not necessary ha...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/03 8:30 p.m.130 views

DefenderCheck - Identifies The Bytes That Microsoft Defender Flags On

Quick tool to help make evasion work a little bit easier. Takes a binary as input and splits it until it pinpoints that exact byte that Microsoft Defender will flag on, and then prints those offending bytes to the screen. This can be helpful when trying to identify the specific bad pieces of code...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/05 11:30 a.m.130 views

Drow - Injects Code Into ELF Executables Post-Build

drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables post-build. It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail ... Drow takes the...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2019/08/10 1:37 p.m.130 views

WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

6.5AI score
Exploits0References1
Kitploit
Kitploit
added 2019/05/05 9:43 p.m.130 views

Kostebek - Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains

The Kostebek is a reconnaissance tool which uses firms' trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pip pip3 install -r requirements.txt download latest version of Chromedriver and configure your driver-pa...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/04/16 1:44 p.m.130 views

Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds

Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/11 8:34 p.m.130 views

Acunetix Web Application Vulnerability Report 2019

Acunetix compiles an annual web application vulnerability report. The purpose of this report is to provide security experts and interested parties with an analysis of data on vulnerabilities gathered over the previous year. The 2019 report contains the results and analysis of vulnerabilities,...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2018/11/20 9:11 p.m.130 views

Vba2Graph - Generate Call Graphs From VBA Code, For Easier Analysis Of Malicious Documents

A tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. @MalwareCantFly Features Keyword...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2016/03/21 10:30 p.m.130 views

Al-Khaser - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to ensur...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/24 11:30 a.m.129 views

ATMMalScan - Tool for Windows which helps to search for malware traces on an ATM during the DFIR process

ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool examines the running processes of a system, as well as the hard disk, depending on the specified file path. To scan a system, ...

7.2AI score
Exploits0References6
Total number of security vulnerabilities5000