Lucene search
+L
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2021/10/29 8:30 p.m.111 views

Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public

This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method Only if the MODCGI is Enabled at the targeted webserver. This tool works with the...

7.5CVSS9.5AI score0.99992EPSS
Exploits151References1
Kitploit
Kitploit
added 2021/10/06 11:30 a.m.111 views

Scrummage - The Ultimate OSINT And Threat Hunting Framework

VERSION 3.6 Code efficiency enhancements and bug fixes for plugins, and improved logging. Significant UI/UX enhancements. Organisation specific settings and configurations, allowing for predefined searches based on your organisation and it's users. Due to the above change, if you are upgrading fr...

7.1AI score
Exploits0References5
Kitploit
Kitploit
added 2021/09/12 8:30 p.m.111 views

Autoharness - A Tool That Automatically Creates Fuzzing Harnesses Based On A Library

AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2021/07/02 12:30 p.m.111 views

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

7AI score
Exploits0References15
Kitploit
Kitploit
added 2021/05/10 9:30 p.m.111 views

DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/12 9:30 p.m.111 views

Nautilus - A Grammar Based Feedback Fuzzer

Nautilus is a coverage guided, grammar based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi valid inputs, Nautilus is able to perform complex mutation and to uncover more interesting test cases. Many of the ideas behind this fuzzer are...

9.8CVSS8.7AI score0.02584EPSS
Exploits3References8
Kitploit
Kitploit
added 2020/05/22 7:37 p.m.112 views

Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform

This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/05 11:30 a.m.111 views

AWS Report - Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Features Search iam users based on creation date Search buckets public Search security group with inbound rule for 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permission public Search internet gateways...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/11/23 12:30 p.m.111 views

RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking

RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/07 12:0 p.m.111 views

Penta - Open Source All-In-One CLI Tool To Automate Pentesting

Penta is is Pentest automation tool using Python3. Future! It provides advanced features such as metasploit and nexpose to extract vuln info found on specific servers. Installation Install requirements penta requires the following packages. Python3.7 pipenv Resolve python package dependency. $...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/20 12:37 p.m.111 views

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2019/02/25 8:19 p.m.111 views

Command Injection Payload List

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. In this...

8.7AI score
Exploits0References1
Kitploit
Kitploit
added 2018/03/19 1:0 p.m.111 views

GetAltName - Get Subject Alt Name From SSL Certificates

GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/08/14 12:30 p.m.110 views

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

8.1AI score
Exploits0References4
Kitploit
Kitploit
added 2023/05/29 12:30 p.m.110 views

PentestGPT - A GPT-empowered Penetration Testing Tool

A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2021/07/02 9:30 p.m.110 views

Gorsair - Hacks Its Way Into Remote Docker Containers That Expose Their APIs

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk,...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2021/03/25 8:30 p.m.110 views

Smogcloud - Find Cloud Assets That No One Wants Exposed

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral...

7.7AI score
Exploits0References9
Kitploit
Kitploit
added 2020/09/18 8:30 p.m.110 views

Bxss - A Blind XSS Injector Tool

ABlind XSS Injector tool Features Inject Blind XSS payloads into custom headers Inject Blind XSS payloads into parameters Uses Different Request Methods PUT,POST,GET,OPTIONS all at once Tool Chaining Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/bxss Arguments ...

6.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/14 12:30 p.m.110 views

DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index. Dagobah runs into the a LAMBDA and looks a...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/06 12:30 p.m.110 views

Astsu - A Network Scanner Tool

How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/11 1:0 p.m.110 views

AbsoluteZero - Python APT Backdoor

This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/06 12:12 p.m.110 views

Dex2Jar - Tools To Work With Android .Dex And Java .Class Files

dex2jar Tools to work with android .dex and java .class files 1. dex-reader/writer: Read/write the Dalvik Executable .dex file. It has a light weight API similar with ASM. 2. d2j-dex2jar: Convert .dex file to .class files zipped as jar 3. smali/baksmali: disassemble dex to smali files and assembl...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/31 9:2 p.m.110 views

Laforge - Security Competition Infrastructure Automation Framework

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration language, Laforge manages a dependency graph and state management and allows for highly productive remote collaboration. The Laforge engine uses a...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/09 9:11 p.m.110 views

BootStomp - A Bootloader Vulnerability Finder

BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...

7.8CVSS7.6AI score0.01296EPSS
Exploits0References7
Kitploit
Kitploit
added 2014/05/29 10:21 p.m.110 views

Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft. How it...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2025/05/02 12:30 p.m.109 views

SubGPT - Find Subdomains With GPT, For Free

SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more. Best part? It's free! The following subdomains were found by this tool with these 30 subdomains as input. call-prompts-staging.example.com dclb02-dca1.prod.example.com activedirectory-sjc1.example.c...

7.3AI score
Exploits0References7
Kitploit
Kitploit
added 2021/09/06 11:30 a.m.109 views

Nettacker - Automated Penetration Testing Framework

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocol...

7.2AI score
Exploits0References5
Kitploit
Kitploit
added 2020/12/15 8:30 p.m.109 views

APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

7.4AI score
Exploits0References11
Kitploit
Kitploit
added 2020/09/30 8:30 p.m.109 views

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2020/08/18 9:30 p.m.109 views

PurpleSharp - C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments

Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, buildi...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/09 12:41 p.m.109 views

Zeek - A Powerful Network Analysis Framework That Is Much Different From The Typical IDS You May Know

A powerful framework for network traffic analysis and security monitoring. Key Features — Documentation — Getting Started — Development — License Follow us on Twitter at @zeekurity. Key Features In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis ...

6.7AI score
Exploits0References9
Kitploit
Kitploit
added 2019/10/06 8:40 p.m.109 views

Tarnish - A Chrome Extension Static Analysis Tool To Help Aide In Security Reviews

tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the research blog post which can be found here. If you don't want to ...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/25 12:19 p.m.109 views

Reko - A General Purpose Binary Decompiler

Reko Swedish: "decent, obliging" is a C project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windo...

7.1AI score
Exploits0References8
Kitploit
Kitploit
added 2018/11/23 8:31 p.m.109 views

Janusec Application Gateway - Tool Which Provides WAF, CC Attack Defense, Unified Web Administration Portal, Private Key Protection, Web Routing And Scalable Load Balancing

Janusec Application Gateway, an application security solutions which provides WAF Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Key Features WAF Web...

8.3AI score
Exploits0References2
Kitploit
Kitploit
added 2014/03/27 9:48 p.m.109 views

URLCrazy - Test domain typos and variations to detect typo squatting, URL hijacking, phishing, and corporate espionage

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. Usage Detect typo squatters profiting from typos on your domain name Protect your brand by registering popular typos Identify typo domain names that will receive...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2021/08/30 12:30 p.m.108 views

Speakeasy - Windows Kernel And User Mode Emulation

Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Check out the overview in the first Speakeasy blog post. Instead of attempting to perform dynamic analysis using an entire virtualized operating system, Speakeasy will emulate specific...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2020/11/24 8:30 p.m.108 views

UAFuzz - Binary-level Directed Fuzzing For Use-After-Free Vulnerabilities

Directed Greybox Fuzzing DGF like AFLGo aims to perform stress testing on pre-selected potentially vulnerable target locations, with applications to different security contexts: 1 bug reproduction, 2 patch testing or 3 static analysis report verification. There are recently more research work tha...

5.5CVSS7.5AI score0.08411EPSS
Exploits2References15
Kitploit
Kitploit
added 2020/05/12 12:30 p.m.108 views

Threadtear - Multifunctional Java Deobfuscation Tool Suite

Threadtear is a multifunctional deobfuscation tool for java. Suitable for easier code analysis without worrying too much about obfuscation. Even the most expensive obfuscators like ZKM or Stringer are included. It also contains older deobfuscation tools from my github account, but it can also be...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2019/11/23 9:30 p.m.108 views

Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets

The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2019/05/23 12:59 p.m.108 views

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2019/04/21 1:11 p.m.108 views

Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...

8.2AI score
Exploits0References3
Kitploit
Kitploit
added 2019/03/28 8:40 p.m.108 views

Reconerator - C# Targeted Attack Reconnaissance Tools

This is a custom .NET assembly which will perform a number of situational awareness activities. There are a number of current featuresets: BASIC - Obtains information from the disk and registry. LDAP - Allows customised AD LDAP queries to be made. RESOLVEHOST - Performs DNS lookup queries...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/11/27 8:57 p.m.108 views

MCExtractor - Intel, AMD, VIA & Freescale Microcode Extraction Tool

Intel, AMD, VIA & Freescale Microcode Extraction Tool MC Extractor News Feed MC Extractor Discussion Topic Intel, AMD & VIA CPU Microcode Repositories A. About MC Extractor MC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2018/11/21 12:46 p.m.108 views

CMS Scanner - Scan Wordpress, Drupal, Joomla, vBulletin Websites For Security Issues

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/09/23 9:9 p.m.108 views

Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker

Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2016/01/13 10:21 p.m.108 views

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependant tool sets are: 1 Tor -- For the console build in anonymizer. 2 Set -- Social-Engineer Toolkit SET,...

9.9AI score
Exploits0References1
Kitploit
Kitploit
added 2015/02/18 5:26 a.m.108 views

The LaZagne Project - Recover most common software passwords (Firefox, IE, Opera, Chrome, Filezilla, winscp, coreFTP, WiFi and many more)

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different technics plaintext, using api, custom algorithms, etc.. This tool has been developped to find these passwords for most common...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2024/09/16 11:30 a.m.107 views

Psobf - PowerShell Obfuscator

Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/06 11:30 a.m.107 views

IoTMap - Research Project On Heterogeneous IoT Protocols Modelling

IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigB...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/08/13 9:30 p.m.107 views

AWS Report - A Tool For Analyzing Amazon Resources

AWS Report is a tool for analyzing amazon resources. Install using PIP pip install awsreport Features Search IAM users based on creation date Search buckets public Search security based in rules, default is 0.0.0.0/0 Search elastic ip dissociated Search volumes available Search AMIs with permissi...

7.4AI score
Exploits0References1
Total number of security vulnerabilities5000