Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2016/03/21 10:30 p.m.130 views

Al-Khaser - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to ensur...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/07 9:30 p.m.129 views

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

7AI score
Exploits0References4
kitploit
kitploit
added 2019/09/24 9:15 p.m.129 views

Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers

Automated Application Generation for Stack Overflow Types on Wireless Routers Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the...

8.5AI score
Exploits0References2
kitploit
kitploit
added 2019/06/07 12:52 p.m.129 views

Zydra - File Password Recovery Tool And Linux Shadow File Cracker

Zydra is a file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords. Supported Files RAR Files Legacy ZIP Files PDF Files Linux Shadow Files zydra can find all the user’s password in the linux shadow file one after the...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2019/02/26 12:20 p.m.129 views

SALT - SLUB ALlocator Tracer For The Linux Kernel

Welcome to salt , a tool to reverse and learn kernel heap memory management. It can be useful to develop an exploit, to debug your own kernel code, and, more importantly, to play with the kernel heap allocations and learn its inner workings. This tool helps tracing allocations and the current sta...

6.8AI score
Exploits0References6
kitploit
kitploit
added 2019/01/17 12:28 p.m.129 views

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...

8.3AI score
Exploits0References17
kitploit
kitploit
added 2018/11/25 12:53 p.m.129 views

Skiptracer - OSINT Webscaping Framework

Initial attack vectors for recon usually involve utilizing pay-for-data/API Recon-NG, or paying to utilize transforms Maltego to get data mining results. Skiptracer utilizes some basic python webscraping BeautifulSoup of PII paywall sites to compile passive information on a target on a ramen nood...

7AI score
Exploits0References2
kitploit
kitploit
added 2018/10/20 8:12 p.m.129 views

WPScan v3.3.1 - Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. INSTALL Prerequisites: Ruby = 2.2.2 - Recommended: 2.3.3 Curl = 7.21 - Recommended: latest - FYI the 7.29 has a segfault...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/06/08 10:49 p.m.129 views

Namechk - Osint Tool Based On Namechk.Com For Checking Usernames On More Than 100 Websites, Forums And Social Networks

Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks. Use: Search available username: ./namechk.sh -au Search available username on specifics websites: ./namechk.sh -au -co Search available username list: ./namechk.sh -l -au Search used...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/11/18 8:30 p.m.128 views

Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer tohttps://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some Upcoming Training's and Sessions DEFCON DEMO...

7AI score
Exploits0References4
kitploit
kitploit
added 2020/03/14 9:30 p.m.128 views

TEA - Ssh-Client Worm

A ssh-client worm made with tas framework. How it works? This is a fakessh-client that manipulates the tty input/output to execute arbitrary commands and upload itself through the ssh connection. To work properly, the remote machine needs: display the "Last login" message when login. dd and stty...

8.3AI score
Exploits0References2
kitploit
kitploit
added 2019/12/22 9:23 p.m.128 views

Spraykatz - A Tool Able To Retrieve Credentials On Windows Machines And Large Active Directory Environments

Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments. It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible. Installation This tool is...

8.4AI score
Exploits0References5
kitploit
kitploit
added 2019/09/29 9:54 p.m.128 views

Syhunt Community 6.7 - Web And Mobile Application Scanner

Syhunt Community is a web and now mobile application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed...

7.6AI score
Exploits0
kitploit
kitploit
added 2018/12/24 12:45 p.m.128 views

SQLiScanner - Automatic SQL Injection With Charles And Sqlmap API

Automatic SQL injection with Charles and sqlmapapi Dependencies Django PostgreSQL Celery sqlmap redis Supported platforms Linux osx Installation Preferably, you can download SQLiScanner by cloning the Git repository: git clone https://github.com/0xbug/SQLiScanner.git --depth 1 You can download...

8.4AI score
Exploits0References1
kitploit
kitploit
added 2018/10/11 9:22 p.m.128 views

Pentest-Machine - Automates Some Pentest Jobs Via Nmap Xml File

Automates some pentesting work via an nmap XML file. As soon as each command finishes it writes its output to the terminal and the files in output-by-service/ and output-by-host/. Runs fast-returning commands first. Please send me protocols/commands/options that you would like to see included. HT...

6.7AI score
Exploits0References1
kitploit
kitploit
added 2018/10/11 12:12 p.m.128 views

XXRF Shots - Tool to Test SSRF Vulnerabilities

What is SSRF vulnerability? Server Side Request Forgery SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/09/07 9:7 p.m.128 views

Tor Browser 8.0 - Everything you Need to Safely Browse the Internet

Tor Browser 8.0, is the first stable release based on Firefox 60 ESR, is now available from the Tor Browser Project page and also from distribution directory. This release is all about users first. Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term...

7.1AI score
Exploits0
kitploit
kitploit
added 2016/10/19 1:30 p.m.128 views

Ruler - A Tool To Abuse Exchange Services

Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules as described in: Silentbreak blog Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2013/11/04 3:47 a.m.128 views

[JBrute] Open Source Security tool to audit hashed passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1....

10AI score
Exploits0
kitploit
kitploit
added 2020/08/23 9:30 p.m.127 views

Pyre-Check - Performant Type-Checking For Python

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code. Pyre ships with Pysa , a security focused static analysis tool we've built on top of Py...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2020/07/30 12:30 p.m.127 views

Oralyzer - Tool To Identify Open Redirection

Oralyzer, a simple python script, capable of identifying the open redirection vulnerability in a website. It does that by fuzzing the url i.e. provided as the input. Features Oralyzer can identify different types of Open Redirect Vulnerabilities : Header Based Javascript Based Meta Tag Based...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/05/20 9:30 p.m.127 views

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...

7.5AI score
Exploits0References91
kitploit
kitploit
added 2020/02/07 11:30 a.m.127 views

Re2Pcap - Create PCAP file from raw HTTP request or response in seconds

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules. Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1 Host: 192.168.13.31:80...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2020/01/08 8:35 p.m.127 views

Git-Vuln-Finder - Finding Potential Software Vulnerabilities From Git Commit Messages

Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability. The search is based on a set of regular expressions against the commit messages only. If CVE IDs are present,...

7.8CVSS7.2AI score0.21247EPSS
Exploits0References5
kitploit
kitploit
added 2019/12/04 11:39 a.m.127 views

LinuxCheck - Linux Information Collection Script

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...

6.9AI score
Exploits0References6
kitploit
kitploit
added 2019/10/14 12:29 p.m.127 views

Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine

Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios OPTIONS BOOTIMG Options: --help / -h: Displays help. --memory / -m: The amount of memory to allocate for the virtual machine in megabytes. Defaults to 64MB, minimu...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/09/23 12:0 p.m.127 views

SKA - Simple Karma Attack

SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/08/19 9:30 p.m.127 views

Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2019/05/22 9:35 p.m.127 views

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2019/02/12 12:39 p.m.127 views

UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc

The UEFI firmware parser is a simple module and set of scripts for parsing, extracting, and recreating UEFI firmware volumes. This includes parsing modules for BIOS, OptionROM, Intel ME and other formats too. Please use the example scripts for parsing tutorials. Installation This module is includ...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/12/17 8:45 p.m.127 views

Deep Explorer - Tool Which Purpose Is The Search Of Hidden Services In Tor Network, Using Ahmia Browser And Crawling The Links Obtained

Dependencies pip3 install -r requirements.txt also you should have Tor installed Usage python3 deepexplorer.py STRINGTOSEARCH NUMBEROFRESULTS TYPEOFCRAWL Examples: python3 deepexplorer.py "legal thing" 40 default legal will crawl if results obtained in browser do not reach 40, also the script wil...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/11/29 8:22 p.m.127 views

Kamerka - Build Interactive Map Of Cameras From Shodan

Build an interactive map of cameras from Shodan. The script creates a map of Shodan cameras based on your address or coordinates. https://medium.com/@wojciech/%EA%93%98amerka-build-interactive-map-of-cameras-from-shodan-a0267849ec0a Requirements Shodan Geopy Foilum Colorama pip install -r...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2018/11/07 8:40 p.m.127 views

SQLMap v1.2.11 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References20
kitploit
kitploit
added 2018/01/08 12:43 p.m.127 views

Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux

A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs: CVE-2017-5753 bounds check bypass Spectre Variant 1 Impact: Kernel & all software Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode...

5.6CVSS7.5AI score0.93838EPSS
Exploits13References1
kitploit
kitploit
added 2017/08/18 2:12 p.m.127 views

Plecost v1.1.1 - Wordpress Finger Printer Tool

What's Plecost? Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. Why? There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge ...

4.3CVSS5.9AI score0.01959EPSS
Exploits0References2
kitploit
kitploit
added 2016/12/07 2:12 p.m.127 views

pulledpork - Pulled Pork for Snort and Suricata Rule Management

PulledPork for Snort and Suricata rule management from Google code Features and Capabilities Automated downloading, parsing, state modification and rule modification for all of your snort rulesets. Checksum verification for all major rule downloads Automatic generation of updated sid-msg.map file...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2021/04/18 9:30 p.m.126 views

Spraygen - Password List Generator For Password Spraying

Password list generator for password spraying - prebaked with goodies Version 1.4 Generates permutations of Months, Seasons, Years, Sports Teams NFL, NBA, MLB, NHL, Sports Scores, "Password", and even Iterable Keyspaces of a specified size. All permutations are generated with common attributes...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2020/08/02 12:30 p.m.126 views

EternalBlueC - EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader

EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode ms17vulnstatus.cpp - This program sends 4 SMB packets. 1 negociation packet and 3 requests. This program reads the NTSTATUS...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2020/01/11 11:30 a.m.126 views

Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paper We present our approach and the findings of this work in the following research paper: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware PDF Nilo Redini, Aravind...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2019/10/16 8:30 p.m.126 views

Auto Re - IDA PRO Auto-Renaming Plugin With Tagging Support

IDA PRO Auto-Renaming Plugin With Tagging Support Features 1. Auto-renaming dummy-named functions, which have one API call or jump to the imported API Before After 2. Assigning TAGS to functions accordingly to called API-indicators inside Sets tags as repeatable function comments and displays TAG...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2019/03/13 12:38 p.m.126 views

PFQ - Functional Network Framework For Multi-Core Architectures

PFQ is a functional framework designed for the Linux operating system built for efficient packets capture/transmission 10G, 40G and beyond, in-kernel functional processing, kernel-bypass and packets steering across groups of sockets/end-points. It is highly optimized for multi-core architecture, ...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2019/01/16 12:18 p.m.126 views

Shed - .NET Runtime Inspector

Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject ...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2019/01/10 12:13 p.m.127 views

Killcast - Manipulate Chromecast Devices In Your Network

Manipulate Chromecast Devices in your Network. Inspiration - Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie This tool is a Proof of Concept and is for Research Purposes Only, killcast shows how Chromecast devices can be easily manipulated and hijacked by anyone. Features...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/09/16 12:54 p.m.126 views

Phishing-Frenzy - Ruby On Rails Phishing Framework

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The project was started in 2013 by the founder Brandon "zeknox" McCann. Brandon identified inefficiencies in the way that many penetration testers were conducti...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2023/05/10 12:30 p.m.125 views

SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...

7AI score
Exploits0References12
kitploit
kitploit
added 2022/08/18 12:30 p.m.125 views

Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...

8AI score
Exploits0References1
kitploit
kitploit
added 2022/08/14 12:30 p.m.125 views

Chisel-Strike - A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2...

7.8AI score
Exploits0References14
kitploit
kitploit
added 2021/01/25 11:30 a.m.125 views

Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the...

6.9AI score
Exploits0
kitploit
kitploit
added 2020/11/13 11:30 a.m.125 views

Scripthunter - Tool To Find JavaScript Files On Websites

Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note that it may take a while, which is why scripthunter also implements a notification mechanism to inform you when a scan is finished via Telegram API. Blogpo...

7.3AI score
Exploits0References6
kitploit
kitploit
added 2020/09/10 8:30 p.m.125 views

Spyre - Simple YARA-based IOC Scanner

...a simple, self-contained modular host-based IOC scanner Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise. Users need to bring...

7.5AI score
Exploits0References4
Total number of security vulnerabilities5000