Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
•added 2020/05/29 12:30 p.m.•107 views

Purify - All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines

All-in-one tool for managing vulnerability reports Why The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools. Purify is designed to analyze the report of any tool , if the report is in JSON or XML format. This...

7.4AI score
Exploits0References3
kitploit
kitploit
•added 2020/01/29 11:30 a.m.•107 views

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

7.1AI score
Exploits0References36
kitploit
kitploit
•added 2019/10/23 9:8 p.m.•107 views

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

7.6AI score
Exploits0References65
kitploit
kitploit
•added 2019/08/12 1:15 p.m.•107 views

HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

7.1AI score
Exploits0References1
kitploit
kitploit
•added 2019/05/19 9:54 p.m.•107 views

Scavenger - Crawler Searching For Credential Leaks On Different Paste Sites

Just the code of my OSINT bot searching for sensitive data leaks on different paste sites. Search terms: credentials private RSA keys Wordpress configuration files MySQL connect strings onion links links to files hosted inside the onion network PDF, DOC, DOCX, XLS, XLSX Keep in mind: 1. This bot ...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2018/12/25 8:20 p.m.•107 views

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

7.3AI score
Exploits0References2
kitploit
kitploit
•added 2018/10/24 8:55 p.m.•107 views

Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2018/07/30 1:39 p.m.•107 views

OWTF v2.4 - Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...

7.4AI score
Exploits0References2
kitploit
kitploit
•added 2014/05/27 12:52 a.m.•107 views

YaCy - The Peer to Peer Search Engine

YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is...

7.6AI score
Exploits0
kitploit
kitploit
•added 2025/04/06 12:30 p.m.•106 views

Snoop - OSINT Tool For Research Social Media Accounts By Username

OSINT Tool for research social media accounts by username Install Requests Install Requests pip install requests Install BeautifulSoup Install BeautifulSoup pip install beautifulsoup4 Execute the program Execute Snoop python3 snoop.py Download Snoop...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2023/11/29 11:30 a.m.•106 views

HiddenDesktop - HVNC For Cobalt Strike

Hidden Desktop often referred to as HVNC is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to...

7.8AI score
Exploits0References6
kitploit
kitploit
•added 2023/04/20 12:30 p.m.•106 views

UDPX - Fast A nd Lightweight, UDPX Is A Single-Packet UDP Scanner Written In Go That Supports The Discovery Of Over 45 Services With The Ability To Add Custom Ones

Fast and lightweight, UDPX is a single-packet UDP scanner written in Go that supports the discovery of over 45 services with the ability to add custom ones. It is easy to use and portable, and can be run on Linux, Mac OS, and Windows. Unlike internet-wide scanners like zgrab2 and zmap, UDPX is...

7AI score
Exploits0References6
kitploit
kitploit
•added 2021/02/14 11:30 a.m.•106 views

Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a...

7.5AI score
Exploits0References3
kitploit
kitploit
•added 2020/10/24 8:30 p.m.•106 views

Pesidious - Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks

Malware Mutation using Deep Reinforcement Learning and GANs The purpose of the tool is to use artificial intelligence to mutate a malware PE32 only sample to bypass AI powered classifiers while keeping its functionality intact. In the past, notable work has been done in this domain with researche...

7AI score
Exploits0References10
kitploit
kitploit
•added 2020/10/18 11:30 a.m.•107 views

Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover

Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...

6.9AI score
Exploits0References4
kitploit
kitploit
•added 2020/04/23 9:30 p.m.•106 views

Firebase-Extractor - A Tool Written In Python For Scraping Firebase Data

This tool is written in python2, the purpose of this tool is to parse all the results from Bing search.Basically whenever a firebaseio URL is found for an app , User instead of searching for sensitive data by going manually through the search results can use this tool.This tool works by using the...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2020/02/11 11:30 a.m.•106 views

XSS-Freak - An XSS Scanner Fully Written In Python3 From Scratch

XSS-Freak is an XSS scanner fully written in python3 from scratch. It is one of its kind since it crawls the website for all possible links and directories to expand its attack scope. Then it searches them for input tags and then launches a bunch of XSS payloads. if an input is not sanitized and...

6.4AI score
Exploits0References1
kitploit
kitploit
•added 2019/04/17 9:13 p.m.•106 views

FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2018/11/10 1:47 p.m.•106 views

DjangoHunter - Tool Designed To Help Identify Incorrectly Configured Django Applications That Are Exposing Sensitive Information

Tool designed to help identify incorrectly configuredDjango applications that are exposing sensitive information. https://www.reddit.com/r/django/comments/87qcf4/28165thousanddjangorunningserversareexposed/ https://twitter.com/6ix7ine/status/978598496658960384?lang=en Usage Usage: python3...

7.1AI score
Exploits0References1
kitploit
kitploit
•added 2018/03/27 8:22 p.m.•106 views

Mooscan - A Scanner For Moodle LMS

A scanning tool for Moodle LMS. Key Benefits Allows administrators to determine exactly what is visible externally in their Moodle installation. A tool for penetration testers to find potential vulnerabilities in a Moodle installation by enumerating installed plugins, themes and libraries. Road M...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2017/08/28 9:13 p.m.•106 views

SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score
Exploits0References20
kitploit
kitploit
•added 2016/02/26 7:34 p.m.•106 views

IIS Short Name Scanner - Scanner For IIS Short File Name Disclosure Vulnerability (using the tilde [~] character)

Scanner for IIS short file name 8.3 disclosure vulnerability by using the tilde character. Description Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character . This may allow a...

6.9AI score
Exploits0References1
kitploit
kitploit
•added 2023/05/08 12:30 p.m.•105 views

Nimbo-C2 - Yet Another (Simple And Lightweight) C2 Framework

About Nimbo-C2 is yet another simple and lightweight C2 framework. Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows by dynamically loading the CLR to the process. Nim is powerful, but interacting with Windows is much easier and robust using...

8.1AI score
Exploits0References9
kitploit
kitploit
•added 2022/05/07 12:30 p.m.•105 views

GoSH - Golang Reverse/Bind Shell Generator

Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism unique functions' names and can use UDP protocol instead of the...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2021/09/01 12:30 p.m.•105 views

SigFlip - A Tool For Patching Authenticode Signed PE Files (Exe, Dll, Sys ..Etc) Without Invalidating Or Breaking The Existing Signature

SigFlip is a tool for patching authenticode signed PE files exe, dll, sys ..etc in a way that doesn't affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data i.e shellcode without breaking the file signature, integrity checks or P...

8AI score
Exploits0References2
kitploit
kitploit
•added 2021/03/18 11:30 a.m.•105 views

Strafer - A Tool To Detect Potential Infections In Elasticsearch Instances

Elasticsearch infections are rising exponentially. The adversaries are exploiting open and exposed Elasticsearch interfaces to trigger infections in the cloud and non-cloud deployments. During this talk, we will release a tool named "STRAFER" to detect potential infections in the Elasticsearch...

7AI score
Exploits0References1
kitploit
kitploit
•added 2021/02/09 8:30 p.m.•105 views

Cypher - Crypto Cipher Encode Decode Hash

All in one tools for CRYPTOLOGY. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzEISVu6IIqjydF1vTUDcdbKWD8Vdi1BM5fQfCGuAnFRSCrZIh04d17YDeNKsRw0CRJD8cQmlIloLRldnU-Rounz7YQAvc7MOENa22PJkMajWGZvAelxpm3EoWCFL0BCnfBRMV4Ly99Y/w640-h36...

7.2AI score
Exploits0References2
kitploit
kitploit
•added 2019/10/24 12:0 p.m.•105 views

Femida - Automated Blind-Xss Search For Burp Suite

An automated blind-xss search plugin for Burp Suite. Installation Git clone https://github.com/wish-i-was/femida.git Burp - Extender - Add - find and select blind-xss.py How to use Settings First of all you need to setup your callback URL in field called "Your url" and press Enter to automaticall...

7.1AI score
Exploits0References2
kitploit
kitploit
•added 2019/05/06 12:49 p.m.•105 views

Termshark - A Terminal UI For Tshark, Inspired By Wireshark

A terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help! Features Read pcap files or sniff live interfaces where tshark is permitted. Inspect each packet using familiar...

7.3AI score
Exploits0References6
kitploit
kitploit
•added 2019/03/26 12:11 p.m.•105 views

H2T - Scans A Website And Suggests Security Headers To Apply

h2t is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependences Python 3 colorama requests Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h...

6.9AI score
Exploits0References2
kitploit
kitploit
•added 2019/01/25 12:26 p.m.•105 views

LeakLooker - Find Open Databases With Shodan

Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2018/12/02 9:37 p.m.•105 views

GTRS - Google Translator Reverse Shell

This tools uses Google Translator as a proxy to send arbitrary commands to an infected machine. INFECTED MACHINE ==HTTPS== GOOGLE TRANSLATE ==HTTP== C2 Environment Configuration First you need a VPS and a domain, for the domain you can get a free one on Freenom. With your VPS and domain, just edi...

7.6AI score
Exploits0References1
kitploit
kitploit
•added 2018/11/04 9:45 p.m.•105 views

Isip - Interactive Sip Toolkit For Packet Manipulations, Sniffing, Man In The Middle Attacks, Fuzzing, Simulating Of Dos Attacks

Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Video Setup git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet manipulation tools are in packet cmd loop. First start, y...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2018/09/08 9:9 p.m.•105 views

htrace.sh - Simple Shell Script To Debugging HTTP/HTTPS Traffic Tracing, Response Headers And Mixed-Content

htrace.sh is a shell script that allows you to validate your domain configuration and catch any errors e.g. redirect loops. It also displays basic information about the ssl configuration if available, response headers, checks for mixed content and performs security scans using Nmap scripts and...

6.6AI score
Exploits0References7
kitploit
kitploit
•added 2018/06/10 2:12 p.m.•105 views

BadMod v2.0 - Detect Website CMS, Website Scanner & Auto Exploiter

Auto exploiter & get all server sites & bing dorker. Version 2.0 Fixed colors bug Fixed permissions bug Added new option to scan single target Added new option to scan joomla & wordpress plugins Installation Install tool git clone https://github.com/MrSqar-Ye/BadMod.git Install php sudo apt-get...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2017/08/25 9:17 p.m.•105 views

LANs.py - Inject Code, Jam Wifi, And Spy on Wifi Users

LANs.py Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit. Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2023/08/05 2:49 p.m.•104 views

Upload_Bypass - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques Covered In Hacktricks

UploadBypass is a powerful tool designed to assist Pentesters and Bug Hunters in testing file upload mechanisms. It leverages various bug bounty techniques to simplify the process of identifying and exploiting vulnerabilities, ensuring thorough assessments of web applications. Simplifies the...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2021/08/26 12:30 p.m.•104 views

Dorkify - Perform Google Dork Search

Perform Google Dork search with Dorkify Google Dorking Google dorking is a hacker technique that uses Google Search to find security holes in the configuration and computer code that websites use. Google Dorking involves using advanced operators in the Google search engine to locate specific...

7.9AI score
Exploits0References1
kitploit
kitploit
•added 2021/01/18 11:30 a.m.•104 views

Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets

Collect OSINT for GitLab groups and members and search the group and group members' snippets, issues, and issue discussions for sensitive data that may be included in these assets. The information gathered is intended to compliment and inform the use of additional tools such as TruffleHog or...

6.7AI score
Exploits0References13
kitploit
kitploit
•added 2020/09/17 11:30 a.m.•104 views

dorkX - Pipe Different Tools With Google Dork Scanner

Pipe different tools with google dork Scanner Install zoid@MSI /dorkX git clone https://github.com/ethicalhackingplayground/dorkX zoid@MSI /dorkX cd dorkX zoid@MSI /dorkX go build dorkx.go zoid@MSI /dorkX go build corsx.go zoid@MSI /dorkX go build csrfx.go zoid@MSI /dorkX go build zin.go Usage:...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2020/05/14 9:30 p.m.•104 views

Lockphish - A Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it's the first tool 05/13/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Features: Lockscreen phishing page for Windows, Android and iPhone Auto detect device Port Forwarding by Ngrok IP Tracker Leg...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2020/03/27 12:49 a.m.•104 views

Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System

Tinfoil Chat TFC is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized...

7.8AI score
Exploits0References20
kitploit
kitploit
•added 2019/12/11 11:30 a.m.•104 views

Ffuf - Fast Web Fuzzer Written In Go

A fast web fuzzer written in Go. Heavily inspired by the great projects gobuster and wfuzz. Features Fast! Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter names and values Silent mode -s for clean output that's easy to use in pipes to other...

7.1AI score
Exploits0References5
kitploit
kitploit
•added 2019/02/18 8:51 p.m.•104 views

HoneyPy - A Low To Medium Interaction Honeypot

A low interactionhoneypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python2 and is intended to be easy to: install and deploy extend with plugins and loggers run with custom configurations Feel free to follow the QuickStart Guide to dive in directly. T...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2018/12/01 8:25 p.m.•104 views

Digger - Tool Which Can Do A Lot Of Basic Tasks Related To Information Gathering

Digger is a multi-functional tool written in python for all of your primary data gathering wants. It makes use of APIs to assemble all the data so your id just isn’t uncovered. Features Whois Lookup Online Traceroute DNS Lookup Reverse DNS Lookup IP Location Lookup Port Scan HTTP Header Check How...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2018/05/09 12:54 p.m.•104 views

Vayne-RaT - An Advanced C# .NET RAT

Vayne-RaT is Free and Open SourceRemote Administration Tool Coded In C. Features: Multi-Threaded CMD Shell File Manager Download & Upload Remote Desktop Password Recovery Assembly Builder Scan-Time Crypter FUD Requirements Stub Coded In .NET 2.0 Mono.Cecil.dll Dissembler Lib.dll BunifuUIv1.52.dll...

7.3AI score
Exploits0References2
kitploit
kitploit
•added 2014/02/06 10:17 p.m.•104 views

[DDOSIM] Layer 7 DDoS Simulator

DDOSIM is a tool that can be used in a laboratory environment to simulate a distributed denial of service DDOS attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts having random IP addresse...

7.2AI score
Exploits0
kitploit
kitploit
•added 2013/08/29 1:15 a.m.•104 views

[CookieCatcher] Session Hijacking Tool

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

6.5AI score
Exploits0References1
kitploit
kitploit
•added 2025/04/28 12:30 p.m.•103 views

Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!

Dealing with failing web scrapers due to anti-bot protections or website changes? Meet Scrapling. Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. For both beginners an...

6.4AI score
Exploits0References16
kitploit
kitploit
•added 2023/09/01 12:30 p.m.•103 views

PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application

An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...

7.3AI score
Exploits0References2
Total number of security vulnerabilities5000