Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2018/10/07 1:12 p.m.101 views

Atlas - Quick SQLMap Tamper Suggester

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screen Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas $ cd atlas $ python atlas.py Usage $ python atlas.py --url http://site.com/index.php?id=PriceASC...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/09/01 9:15 p.m.101 views

Getsploit v0.2.2 - Command Line Utility For Searching And Downloading Exploits

Command line search and download tool for Vulners Database inspired by searchsploit. It allows you to search online for the exploits across all the most popular collections: Exploit-DB , Metasploit , Packetstorm and others. The most powerful feature is immediate exploit source download right in...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2018/03/14 9:12 p.m.101 views

XVNA - Extreme Vulnerable Node Application

XVNA is an extreme vulnerable node application coded in NodejsExpressjs/MongoDB that helps security enthusiasts to learn application security. it's not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2024/04/17 12:30 p.m.100 views

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2023/02/18 11:30 a.m.100 views

Upload_Bypass_Carnage - File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques!

File Upload Restrictions Bypass, By Using Different Bug Bounty Techniques! POC video: File upload restrictions bypass by using different bug bounty techniques! Tool must be running with all its assets! Installation: pip3 install -r requirements.txt Usage: uploadbypass.py options Options: -h, --he...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2022/04/13 12:30 p.m.100 views

Melody - A Transparent Internet Sensor Built For Threat Intelligence

Melody Monitor the Internet's background noise Melody is a transparent internet sensor built for threat intelligence and supported by a detection rule framework which allows you to tag packets of interest for further analysis and threat monitoring. Features Here are some key features of Melody :...

9.8CVSS9.9AI score0.99997EPSS
Exploits41References6
kitploit
kitploit
added 2022/03/10 11:30 a.m.100 views

Scanmycode-Ce - Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners With One Report - Scanmycode Community Edition (CE)

It is a Code Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. Similar to SonarQube, but it is different. Fig. 1 Scanmycode concept diagram How is Scanmycode different...

7.6AI score
Exploits0References12
kitploit
kitploit
added 2022/03/02 11:30 a.m.100 views

CAPEv2 - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction - hence its name is an acronym: 'Config And Payload Extraction'. Automated unpacking allows classification based on Yara signatures to complement network Suricata and...

8AI score
Exploits0References8
kitploit
kitploit
added 2021/05/23 12:30 p.m.100 views

SQLFluff - A SQL Linter And Auto-Formatter For Humans

SQLFluff is a dialect-flexible and configurable SQL linter. Designed with ELT applications in mind, SQLFluff also works with jinja templating and dbt. SQLFluff will auto-fix most linting errors, allowing you to focus your time on what matters. Getting Started To get started, install the package a...

7.8AI score
Exploits0References4
kitploit
kitploit
added 2020/12/09 8:30 p.m.100 views

RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then...

7.4AI score
Exploits0References21
kitploit
kitploit
added 2020/11/28 8:30 p.m.100 views

Webscan - Browser-based Network Scanner And local-IP Detection

webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate...

7AI score
Exploits0References2
kitploit
kitploit
added 2020/04/20 12:30 p.m.100 views

Lk Scraper - An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)

Scrapes Any Linkedin Data Installation $ pip install git+git://github.com/jqueguiner/lkscraper Setup Using Docker compose $ docker-compose up -d $ docker-compose run lkscraper python3 Using Docker only forselenium server First, you need to run a selenium server $ docker run -d -p 4444:4444...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/04/02 8:30 p.m.100 views

Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least on...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/02/18 12:24 a.m.100 views

Gospider - Fast Web Spider Written In Go

GoSpider - Fast web spider written in Go Installation go get -u github.com/jaeles-project/gospider Features Fast web crawling Brute force and parse sitemap.xml Parse robots.txt Generate and verify link from JavaScript files Link Finder Find AWS-S3 from response source Find subdomains from respons...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2019/12/05 8:30 p.m.100 views

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

6.4AI score
Exploits0References1
kitploit
kitploit
added 2018/12/24 8:31 p.m.100 views

PA Toolkit - A Collection Of Traffic Analysis Plugins Focused On Security

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins both dissectors and taps covering various scenarios for multiple protocols,...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/10/03 12:27 p.m.100 views

AES-Killer - Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps

Burpsuite Plugin to decrypt AES Encrypted mobile app traffic. Requirements Burpsuite Java Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Kali Linux 2018 What it does Decrypt AES Encrypted traffic on proxy tab Decrypt AES Encrypted traffic on proxy, scanner, repeater and intruder How it works...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/09/24 9:13 p.m.100 views

Exploit CVE-2017-6079 - Blind Command Injection In Edgewater Edgemarc Devices

This exploit was developed based on the technical description by depthsecurity https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices Description The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows...

9.8CVSS10AI score0.46846EPSS
Exploits1References2
kitploit
kitploit
added 2017/02/27 1:45 p.m.100 views

Hashview - A Web Front-End For Password Cracking And Analytics

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics wi...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2014/05/27 2:53 a.m.100 views

Moscrack - Cluster Cracking Tool For WPA Keys

Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512...

7.5AI score
Exploits0
kitploit
kitploit
added 2024/05/12 12:30 p.m.99 views

PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads

PingRAT secretly passes C2 traffic through firewalls using ICMP payloads. Features: Uses ICMP for Command and Control Undetectable by most AV/EDR solutions Written in Go Installation: Download the binaries or build the binaries and you are ready to go: $ git clone...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2024/01/15 11:30 a.m.99 views

Pmkidcracker - A Tool To Crack WPA2 Passphrase With PMKID Value Without Clients Or De-Authentication

This program is a tool written in Python to recover the pre-shared key of a WPA2 WiFi network without any de-authentication or requiring any clients to be on the network. It targets the weakness of certain access points advertising the PMKID value in EAPOL message 1. Program Usage python...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2023/02/15 11:30 a.m.99 views

Web-Hacking-Playground - Web Application With Vulnerabilities Found In Real Cases, Both In Pentests And In Bug Bounty Programs

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them. Other topics of interest will also be addresse...

7AI score
Exploits0References4
kitploit
kitploit
added 2020/11/14 8:30 p.m.99 views

Herpaderping - Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process

Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the image has been mapped. This results in curious behavior by security products and the OS itself. Summary Generally, a security product takes action on process creation by registerin...

7.6AI score
Exploits0References5
kitploit
kitploit
added 2020/07/06 9:30 p.m.99 views

Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...

6.5AI score
Exploits0References38
kitploit
kitploit
added 2020/05/18 9:30 p.m.99 views

BlackDir-Framework - Web Application Vulnerability Scanner

Web Application Vulnerability Scanner. 1. Spider Directories 2. Find Sub Domain 3. Advanced Dorks Search 4. Scan list of Dorks 5. Scan WebSites Xss,Sql 6. Reverse Ip Lookup 7. Port Scan Installation: git clone https://github.com/RedVirus0/BlackDir-Framework.git cd BlackDir pip3 install -r...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/12/25 11:30 a.m.99 views

PAKURI - Penetration Test Achieve Knowledge Unite Rapid Interface

What's PAKURI In Japanese, imitating is called “Pakuru”. ぱくる godan conjugation, hiragana and katakana パクる, rōmaji pakuru 1. eat with a wide open mouth 2. steal when one isn't looking, snatch, swipe 3. copy someone's idea or design 4. nab, be caught by the police Wiktionary:ぱくる Description...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2019/12/17 11:30 a.m.99 views

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2019/11/24 12:27 p.m.99 views

Glances - An Eye On Your System. A Top/Htop Alternative For GNU/Linux, BSD, Mac OS And Windows Operating Systems

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface. It can also work in client/server mode. Remote monitoring could be do...

6.7AI score
Exploits0References4
kitploit
kitploit
added 2019/10/21 9:0 p.m.99 views

Snare - Super Next Generation Advanced Reactive honEypot

snare - Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot About SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Documentation The documentation can be found here. Basic Concepts Surface first. Focus...

6.7AI score
Exploits0References2
kitploit
kitploit
added 2019/10/01 12:0 p.m.99 views

CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/04/27 12:46 p.m.99 views

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Installation git clone...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2018/12/01 12:21 p.m.99 views

PyCPU - Central Processing Unit Information Gathering Tool

With this tool you can access detailed information of your processor information. You can also check the security vulnerability based on the current processor information of the processor you have used. Programming Languages : Python System : Linux What is CPU Central Processing Unit ? A central...

7AI score
Exploits0References1
kitploit
kitploit
added 2018/11/16 12:45 p.m.100 views

CloudBunny - A Tool To Capture The Real IP Of The Server That Uses A WAF As A Proxy Or Protection

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. How works In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links: Shodan -...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/06/09 2:12 p.m.99 views

Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/04/08 8:59 p.m.99 views

LinkFinder - A Python Script That Finds Endpoints In JavaScript Files

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2017/02/12 2:30 p.m.99 views

MTR - A Network Diagnostic Tool

MTR combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2014/09/04 5:16 a.m.99 views

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

7.6AI score
Exploits0
kitploit
kitploit
added 2013/08/23 2:58 a.m.99 views

[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems: --- Cisco Juniper DLink...

7.6AI score
Exploits0
kitploit
kitploit
added 2023/01/11 11:30 a.m.98 views

PowerHuntShares - Audit Script Designed In Inventory, Analyze, And Report Excessive Privileges Configured On Active Directory Domains

PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights t...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2022/07/29 12:30 p.m.98 views

Maldev-For-Dummies - A Workshop About Malware Development

In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2021/07/24 12:30 p.m.98 views

Pathprober - Probe And Discover HTTP Pathname Using Brute-Force Methodology And Filtered By Specific Word Or 2 Words At Once

Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Purpose Brute-forcing website directories or HTTP pathname and validate using HTTP response code is not relevant anymore. This tool will help you to perform a penetration test, because...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2021/05/19 12:30 p.m.98 views

Ghidra-Evm - Module For Reverse Engineering Smart Contracts

In the last few years, attacks on deployed smart contracts in the Ethereum blockchain have ended up in a significant amount of stolen funds due to programming mistakes. Since smart contracts, once compiled and deployed, are complex to modify and update different practitioners have suggested the...

7.5AI score
Exploits0References14
kitploit
kitploit
added 2020/05/27 12:30 p.m.98 views

Pivotnacci - A Tool To Make Socks Connections Through HTTP Agents

Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following: This tool was inspired by the great reGeorg. However, it includes some improvements: Support for balanced server...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2020/05/01 12:30 p.m.98 views

Thoron Framework - Tool To Generate Simple Payloads To Provide Linux TCP Attack

About Thoron Framework Thoron Framework is a Linux post-exploitation framework that exploit Linux tcp vulnerability to get shell-like connection. Thoron Framework is used to generate simple payloads to provide Linux tcp attack. Getting started Thoron installation cd thoron chmod +x install.sh...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/11/17 9:23 p.m.98 views

RedPeanut - A Small RAT Developed In .Net Core 2 And Its Agent In .Net 3.5/4.0

RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0. RedPeanut code execution is based on shellcode generated with DonutCS. It is therefore a hybrid, although developed in .Net it does not rely solely on the Assembly.Load. This increases the detection surface, but...

8.4AI score
Exploits0References7
kitploit
kitploit
added 2018/01/14 12:41 p.m.98 views

DNSExfiltrator - Data exfiltration over DNS request covert channel

DNSExfiltrator allows for transfering exfiltrate a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: 1. The server side , coming as a single python script dnsexfiltrator.py, which act...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2014/05/29 10:31 p.m.98 views

ProduKey - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key

ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office Microsoft Office 2003, Microsoft Office 2007, Windows Including Windows 7 and Windows Vista, Exchange Server, and SQL Server installed on your computer. You can view this information for your current runnin...

7.5AI score
Exploits0
kitploit
kitploit
added 2024/06/24 12:30 p.m.97 views

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :- Its main objective is to provide unique representations fingerprints of malware requests, which help in their identification. Unique means here that each fingerprint should be seen...

7AI score
Exploits0References5
kitploit
kitploit
added 2024/03/08 8:36 p.m.97 views

Nomore403 - Tool To Bypass 403/40X Response Codes

nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...

7.4AI score
Exploits0References4
Total number of security vulnerabilities5000