Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/05/24 10:0 p.m.125 views

EvilApp - Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)

Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass 2-factor authentication protection. EvilApp brings as an example the hijacking and injection of cookies for authenticated instagram sessions. Legal disclaimer: Usage of...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2019/12/12 8:30 p.m.125 views

RTTM - Real Time Threat Monitoring Tool

Monitoring possible threats of your company on Internet is an impossible task to be achieved manually. Hence many threats of the company goes unnoticed until it becomes viral in public. Thus causing monetary/reputation damage. This is where RTTM comes into action. RTTM Real Time Threat Monitoring...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/10/01 8:30 p.m.125 views

Sub.Sh - Online Subdomain Detect Script

OnlineSubdomain Detect Script. USAGE Script bash sub.sh webscantest.com ./sub.sh webscantest.com Curl curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s webscantest.com Subdomain Alive Check bash subalive.sh bing.com curl -s -L...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/09/18 9:6 p.m.125 views

Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools

Dr. ROBOT is a tool for DomainReconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case : Gather as many public...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/04/21 10:28 p.m.125 views

Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains

A tool that use Certificates Transparency logs to find subdomains. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very faster and reliable. If you want to know more about...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/02/04 8:58 p.m.125 views

Fnord - Pattern Extractor For Obfuscated Code

Fnord is a pattern extractor for obfuscated code Description Fnord has two main functions: 1. Extract byte sequences and create some statistics 2. Use these statistics, combine length, number of occurrences, similarity and keywords to create a YARA rule 1. Statistics Fnord processes the file with...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2018/12/26 12:24 p.m.125 views

Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files

CERT Keyfinder is a utility for finding and analyzing key files on a filesystem as well as contained within Android APK files. CERT Keyfinder development was sponsored by the United States Department of Homeland Security DHS. Installation requirements: 1. Python 3.x recommended androguard...

7AI score
Exploits0References3
kitploit
kitploit
added 2018/11/01 8:42 p.m.125 views

BFuzz - Fuzzing Browsers (Chrome & Firefox)

BFuzz is an input based fuzzer tool which take .html as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly. Run BFuzz...

7.5CVSS7.7AI score0.01494EPSS
Exploits5References2
kitploit
kitploit
added 2014/05/14 2:3 a.m.125 views

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...

8.4AI score
Exploits0
kitploit
kitploit
added 2025/04/23 12:30 p.m.124 views

Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10

A custom Python-based proof-of-concept PoC exploit targeting Text4Shell CVE-2022-42889, a critical remote code execution vulnerability in Apache Commons Text versions 1.10. This exploit targets vulnerable Java applications that use the StringSubstitutor class with interpolation enabled, allowing...

9.8CVSS9.1AI score0.99931EPSS
Exploits42References2
kitploit
kitploit
added 2023/01/10 11:30 a.m.124 views

TerraLdr - A Payload Loader Designed With Advanced Evasion Features

TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid...

7.7AI score
Exploits0References7
kitploit
kitploit
added 2021/06/28 12:30 p.m.124 views

Heappy - A Happy Heap Editor To Support Your Exploitation Process

Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development. The project should be considered a didactic tool useful to understand the evolution of the heap during the process life cycle. It has been created to simplify the study of the most common...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/01/02 11:30 a.m.124 views

AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2019/11/03 9:24 p.m.124 views

Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)

Specialized privilege escalation checks for Linux systems. Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References to executables that are writable References to broken symlinks pointing to writeable directories Relati...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2019/08/26 1:0 p.m.125 views

AIL Framework - Framework for Analysis of Information Leaks

AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information e.g...

7AI score
Exploits0References8
kitploit
kitploit
added 2019/05/02 9:47 p.m.124 views

DumpTheGit - Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just...

7AI score
Exploits0References2
kitploit
kitploit
added 2019/04/24 9:26 p.m.124 views

drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux

Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2018/10/08 10:35 p.m.124 views

Docker TOR Hidden Service - Easily Setup A Hidden Service Inside The Tor Network

Easily run a hidden service inside the Tor network with this container Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/11/03 8:40 p.m.124 views

Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT

Trape is a recognition tool that allows you to track people , the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. Some benefits One of its most enticing functions is the remote...

9.1AI score
Exploits0References1
kitploit
kitploit
added 2016/12/16 2:30 p.m.124 views

PyJFuzz - Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version | 1.1.0 ---|--- Homepage | http://www.mseclab.com/ Github | https://github.com/mseclab/PyJFuzz Author | Danie...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2022/08/12 12:30 p.m.123 views

OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...

8.1AI score
Exploits0References63
kitploit
kitploit
added 2022/01/22 11:30 a.m.123 views

Pwndora - Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets, each result is stored in Elasticsearch. You can integrate with Kibana to be able to visualize and manipulate dat...

6.9AI score
Exploits0References5
kitploit
kitploit
added 2020/05/10 12:30 p.m.123 views

Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration

Exegol is a fully configured kali light base with a few useful additional tools 50, a few useful resources scripts and binaries for privesc, credential theft etc. and some configuration oh-my-zsh, history, aliases, colourized output for some tools. It can be used in pentest engagements and...

7.1AI score
Exploits0References62
kitploit
kitploit
added 2019/10/03 8:57 p.m.123 views

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/08/10 10:35 p.m.123 views

Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...

7.5AI score
Exploits0References11
kitploit
kitploit
added 2019/08/05 12:45 p.m.123 views

AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments e.g. OSCP. It may also be useful in real-world engagements. The tool works by firstly...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2019/06/10 9:21 p.m.124 views

Faraday v3.8 - Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.8: Set up Faraday with a double click! We are committed to facilitate your work processes. With that in mind, we enhanced our installation phases, so now it’s easier to have Faraday on your devices: You can download our platform with...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2018/11/04 1:31 p.m.123 views

BlobRunner - Quickly Debug Shellcode Extracted During Malware Analysis

BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base or offset of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2018/07/31 1:37 p.m.123 views

GoldenEye v1.2.0 - Layer 7 (KeepAlive+NoCache) DoS Test Tool

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY! GoldenEye is a HTTP DoS Test Tool. Attack Vector exploited: HTTP Keep Alive + NoCache Usage USAGE: ./goldeneye.py OPTIONS OPTIONS: Flag Description Default -u, --useragents File with user-agents to use default: randomly generated -w,...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/11/13 8:30 p.m.122 views

Tfsec - Security Scanner For Your Terraform Code

tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example Output Installation Install with brew/linuxbrew: brew install tfsec Install with Chocolatey: choco install tfsec You can also grab the binary for your system from t...

7AI score
Exploits0References5
kitploit
kitploit
added 2020/04/10 9:30 p.m.122 views

Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

A lightweight native DLL mapping library that supports mapping directly from memory Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialise...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/02/15 12:0 p.m.122 views

Nray - Distributed Port Scanner

Nray is a free, platform and architecture independent port and application layer scanner. Apart from regular targets list of hosts/networks, it supports dynamic target selection, based on source like transparency logs"...

7AI score
Exploits0References2
kitploit
kitploit
added 2019/09/30 8:0 p.m.122 views

Recomposer - Randomly Changes Win32/64 PE Files For 'Safer' Uploading To Malware And Sandbox Sites

Ever have that not so safe feeling uploading your malware binaries to VirusTotal or other AV sites because you can look up binaries by hashes? Example: https://github.com/mubix/vt-notify Feel somewhat safer with Recomposer! Recomposer will take your binary and randomly do the following: Change th...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2022/02/20 11:30 a.m.121 views

SSRFire - An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects

An automated SSRF finder. Just give the domain name and your server and chill! ; It also has options to find XSS and open redirects. Syntax ./ssrfire.sh -d domain.com -s yourserver.com -f customfile.txt -c cookies domain.com --- The domain for which you want to test yourserver.com --- Your server...

6.3AI score
Exploits0References5
kitploit
kitploit
added 2021/08/29 12:30 p.m.121 views

MEAT - This Toolkit Aims To Help Forensicators Perform Different Kinds Of Acquisitions On iOS Devices

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices and Android in the future. Requirements to run from source Windows or Linux Python 3.7.4 or 3.7.2 Pip...

7AI score
Exploits0References2
kitploit
kitploit
added 2021/08/10 12:30 p.m.121 views

UnhookMe - An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/02/21 8:0 p.m.121 views

TaskManager-Button-Disabler - Simple Way To Disable/Rename Buttons From A Task Manager

Simple way to disable/rename buttons from a task manager. Installation git clone https://github.com/Mrakovic-ORG/TaskManager-Button-Disabler cd TaskManager-Button-Disabler\TaskManager Button Disabler dotnet build Features Rename kill proccess button Disable kill proccess button Works in TaskMgr,...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/10/25 12:7 p.m.121 views

Arjun v1.6 - HTTP Parameter Discovery Suite

Introduction Web applications use parameters or queries to accept user input, take the following example into consideration http://api.example.com/v1/userinfo?id=751634589 This URL seems to load user information for a specific user id, but what if there exists a parameter named admin which when s...

6.8AI score
Exploits0References12
kitploit
kitploit
added 2019/04/22 1:7 p.m.121 views

Anevicon - A High-Performant UDP-based Load Generator

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP-packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers. Installation From package registry This command will download t...

7.1AI score
Exploits0References5
kitploit
kitploit
added 2019/04/18 12:46 p.m.121 views

fireELF - Fileless Linux Malware Framework

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfdcreate' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive. Feature...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2019/01/29 8:48 p.m.121 views

Uncle Spufus - A Tool That Automates Mac Address Spoofing

A tool that automates Mac address spoofing What is Uncle Spufus Uncle Spufus is a tool that automates MAC address spoofing. To do so it tries various techniques and checks if the MAC is successfully spoofed. It makes of: macchanger bash Installing Uncle Spufus 1a. Download the zip b. Extract OR 1...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/10/23 8:41 p.m.121 views

TLS-Scanner - The TLS-Scanner Module From TLS-Attacker

TLS-Scanner is a tool created by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations. Please note: TLS-Scanner is a research tool intended for TLS developers, pentesters, administrator...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2013/01/17 11:16 p.m.121 views

[Zeus] Registry Analysis Using Volatility Framework

How to analysis a registry from the memory using Volatility Framework. In this video I’m using Zeus Memory for registry analysis, and l will show F-secure top10 malware registry launchpoints. Not all but some of them Download Zeus Memory :...

7.3AI score
Exploits0
kitploit
kitploit
added 2025/04/29 12:30 p.m.120 views

Pulsegram - Integrated Keylogger With Telegram

PulseGram is a keylogger integrated with a Telegram bot. It is a monitoring tool that captures keystrokes, clipboard content, and screenshots, sending all the information to a configured Telegram bot. It is designed for use in adversary simulations and security testing contexts. ⚠️ Warning: This...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2022/07/16 12:30 p.m.120 views

Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...

7.6AI score
Exploits0References31
kitploit
kitploit
added 2022/05/21 11:47 p.m.120 views

Zphisher-GUI-Back_office - A Zphisher GUI Back-Office Plugin

DISCLAIMER This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way. This Tool is made for educational purposes only. Do not attempt to viola...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/04/21 12:30 p.m.120 views

Overlord - Red Teaming Infrastructure Automation

Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user has to provide inputs by using the tool’s modules e.g. C2, Email Server, HTTP web delivery server, Phishing server etc. and the full infra / modules and scripts will be...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2021/02/07 11:30 a.m.120 views

Creepy - A Geolocation OSINT Tool. Offers Geolocation Information Gathering Through Social Networking Platforms

This project is currently not maintained. I haven't put any work on it since 2016 and with the current state of the API access to instagram and twitter, and the default settings for their geolocation features cree.py wouldn't be of much use. I will live the repository and site up for the time but...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2021/01/26 8:30 p.m.120 views

Batea - AI-based, Context-Driven Network Device Ranking

Batea is a context-driven network device ranking framework based on the anomaly detection family of machine learning algorithms. The goal of Batea is to allow security teams to automatically filter interesting network assets in large networks using nmap scan reports. We call those Gold Nuggets. F...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2020/09/24 8:30 p.m.120 views

PSMDATP - PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP...

7.2AI score
Exploits0References3
Total number of security vulnerabilities5000