Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2021/10/11 8:30 p.m.95 views

Azur3Alph4 - A PowerShell Module That Automates Red-Team Tasks For Ops On Objective

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach RCE achieved position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2021/08/24 12:30 p.m.95 views

Git-Secret - Go Scripts For Finding An API Key / Some Keywords In Repository

Goscripts for finding an API key / some keywords in repository Update V1.0.1 Removing some checkers Adding example file contains github dorks How to Install go get github.com/daffainfo/Git-Secret How to Use ./Git-Secret For path contain dorks, you can fill it with some keywords, for example...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2021/08/05 9:30 p.m.95 views

ChangeTower - Tool To Help You Watch Changes In Webpages And Get Notified Of Any Changes

ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go This tools is good to know the web pages are update something or not to work on the new site before others Installation Instructions ChangeTower requires go1.16+ to install successfully. Ru...

7.4AI score
Exploits0References12
kitploit
kitploit
added 2021/05/08 12:30 p.m.95 views

Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io

Scan your EC2 instance to find its vulnerabilities using Vuls https://vuls.io/en/. Audit your EC2 instance to find security misconfigurations using Lynis https://cisofy.com/solutions/lynis. Scan your EC2 instance for signs of a rootkit using Chkrootkit http://www.chkrootkit.org/. Requirements 1...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/01/10 11:30 a.m.95 views

Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/07/19 10:0 p.m.95 views

Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail

Inputs To Mail. Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is testing the security of information systems INSTALLATION pip install pynput USAGE •Set your own MAIL and PASSWORD on "keylogger.py". •Run main.py on Target Computer •Every 10 seconds,Y...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/05/01 9:30 p.m.95 views

INTERCEPT - Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works ...

7.2AI score
Exploits0References8
kitploit
kitploit
added 2020/03/15 9:30 p.m.95 views

AWSGen.py - Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names

AWSGen.py is a simple tool for generates permutations, alterations and mutations of AWS S3 Buckets Names. Download AWSGen.py...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/01/03 12:30 p.m.95 views

Kamerka GUI - Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool

Ultimate Internet of Things/Industrial Control Systemsreconnaissance tool. Powered by Shodan - Supported by Binary Edge & WhoisXMLAPI writeup - https://medium.com/@wojciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29 Demo -...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2020/01/02 9:36 p.m.95 views

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...

6.9AI score
Exploits0References5
kitploit
kitploit
added 2019/12/18 9:1 p.m.95 views

Secretx - Extracting API Keys And Secrets By Requesting Each URL At The Your List

Extracting api keys and secrets by requesting each url at the your list. Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py --list urlList.txt --threads 15 optional arguments: --help --colorless Credits Thanks to @m4ll0k for patterns and @choudhary1337 inpsiring for...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/12/06 11:0 a.m.95 views

Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2019/08/29 9:25 p.m.95 views

Nuages - A Modular C2 Framework

Nuages is a modular C2 framework. Refer to the Wiki for documentation, do not hesitate to open issues for help, bug reports or feature requests Introduction Nuages aims at being a C2 framework in which back end elements are open source, whilst implants and handlers must be developed ad hoc by...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2019/07/10 1:9 p.m.95 views

WinObjEx64 - Windows Object Explorer 64-Bit

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and ed...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2018/12/27 8:16 p.m.95 views

Smap - Shellcode Mapper

Handy tool for shellcode analysis. Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2018/11/30 8:15 p.m.95 views

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2018/09/10 12:36 p.m.95 views

Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator

Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/09/09 1:28 p.m.95 views

Java-Stager - A PoC Java Stager Which Can Download, Compile, And Execute A Java File In Memory

A PoC Java Stager which can download, compile, and execute a Java file in memory. This is for research purposes only, do not use this where you are unauthorised to do so. What is this? This is based on the work of James Williams from his talk "Next Gen AV vs My Shitty Code" available here: The ke...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2018/09/03 9:20 p.m.95 views

Leaked? - A Checking Tool For Hash Codes And Passwords Leaked

Leaked? is A Checking tool for Hash codes and Passwords leaked, use API from @webtobesocial. Leaked? can work in any OS if they have support Python 3 Features Check passwords leaked Check hash code leaked Exit About Author Install and Run in Linux sudo apt update && apt install python3 python3-pi...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/03/31 9:24 p.m.95 views

Magescan - Scan A Magento Site For Information

The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into. Installation .phar Download the magescan.phar file fro...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2018/03/06 1:9 p.m.95 views

Dotdotslash - An Tool To Help You Search For Directory Traversal Vulnerabilities

An tool to help you search for Directory Traversal Vulnerabilities Benchmarks Platforms that I tested to validate tool efficiency: DVWA low/medium/high bWAPP low/medium/high Screenshots Instalation You can download the last version cloning this repository git clone...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2018/01/07 8:4 p.m.95 views

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...

5.6CVSS7.4AI score0.84172EPSS
Exploits10References1
kitploit
kitploit
added 2017/11/01 9:13 p.m.95 views

Phishruffus - Intelligent Threat Hunter And Phishing Servers

Phishruffus is a tool designed to identify threats and malicious DNS servers on the Internet that are used for the illicit practice of bank phishing. Usage: $ pip install -r requirements.txt $ ./phishruffus.py –listdns dnsservers.txt –timeout 5 Read more here. Download Phishruffus...

9.1AI score
Exploits0References1
kitploit
kitploit
added 2017/09/27 1:27 p.m.95 views

radare2 - Unix-Like Reverse Engineering Framework And Commandline Tools

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code,...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2016/01/23 8:24 p.m.95 views

p0wnedShell - PowerShell Runspace Post Exploitation Toolkit

p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2015/08/03 2:27 p.m.95 views

OWASP ZAP 2.4.1 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2015/05/22 8:54 p.m.95 views

Loki - Scanner for Simple Indicators of Compromise

Simple IOC Scanner Detection is based on four detection methods: 1. File Name IOC Regex match on full file path/name 2. Yara Rule Check Yara signature match on file data and process memory 3. Hash check Compares known malicious hashes MD5, SHA1, SHA256 with scanned files The Windows binary is...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2013/04/14 7:50 p.m.95 views

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Exploitsearch.net , is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source...

7AI score
Exploits0
kitploit
kitploit
added 2023/07/07 12:30 p.m.94 views

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

9.8CVSS9.8AI score0.75098EPSS
Exploits5References7
kitploit
kitploit
added 2023/06/08 12:30 p.m.94 views

AtomLdr - A DLL Loader With Advanced Evasive Features

A DLL Loader With Advanced Evasive Features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL executing its entry point, or by executing the exported "Atom" function via the command line. DLL unhooking from \KnwonDlls\ directory, with no RWX sections. T...

8AI score
Exploits0References16
kitploit
kitploit
added 2022/11/30 3:30 p.m.94 views

D4TA-HUNTER - GUI Osint Framework With Kali Linux

D4TA-HUNTER is a tool created in order to automate the collection of information about the employees of a company that is going to be audited for ethical hacking. In addition, in this tool we can find in the "search company" section by inserting the domain of a company, emails of employees,...

7AI score
Exploits0References2
kitploit
kitploit
added 2022/06/30 12:30 p.m.94 views

SharpWSUS - CSharp tool for lateral movement through WSUS

SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog https://labs.nettitude.com/blog/introducing-sharpwsus/ which has more detailed information about the tooling, use case and detection. Credits Massive credit to the below resources that really did 90% of th...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2021/06/18 12:30 p.m.94 views

Joern - Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs

Joern's Documentation is available here: https://docs.joern.io/home Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh chmod +x ./joern-install.sh sudo ./joern-install.sh joern Compiling synthetic/ammonite/predef/interpBridge.sc Compiling...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/05/28 9:30 p.m.94 views

HookDump - Security Product Hook Detection

EDR function hook dumping Please refer to the Zeroperil blog post for more information https://zeroperil.co.uk/hookdump/ Building source In order to build this you will need Visual Studio 2019 community edition is fine and CMake. The batch file Configure.bat will create two build directories with...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/02/16 8:30 p.m.94 views

Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System

Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of...

7AI score
Exploits0References6
kitploit
kitploit
added 2019/12/25 8:54 p.m.94 views

Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References

A normal flask web app to learn win32api with code snippets and references. Prerequisite You need to download the following package before starting it pip install flask pip install pefile pip install requests Usage $ python flaskapp.py Live Demo Here is the Walkthrough: 1. Upload the exe or dll. ...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2019/12/17 8:30 p.m.94 views

nodeCrypto v2.0 - Ransomware Written In NodeJs

nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Demo video Install server Upload all file of server/ folder on your webserver. Create a sql database and impo...

7.9AI score
Exploits0References4
kitploit
kitploit
added 2019/11/18 9:0 p.m.94 views

Andor - Blind SQL Injection Tool With Golang

Blind SQL Injection Tool with Golang. Usage Download andor.go and go to the folder where the file andor.go located. And type this to command promt: go run andor.go --url "http://deneme.com/index.php?id=1" Note: Get parameter value must be correct, otherwise it will not work. Download Andor...

8.6AI score
Exploits0References1
kitploit
kitploit
added 2019/11/05 9:34 p.m.94 views

Xray - A Tool For Recon, Mapping And OSINT Gathering From Public Networks

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It'll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/11/18 1:32 p.m.94 views

SSH Auditor - The Best Way To Scan For Weak Ssh Passwords On Your Network

The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known ho...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/09/04 9:5 p.m.94 views

R0Ak (The Ring 0 Army Knife) - A Command Line Utility To Read/Write/Execute Ring Zero On For Windows 10 Systems

r0ak is a Windows command-line utility that enables you to easily read, write, and execute kernel-mode code with some limitations from the command prompt, without requiring anything else other than Administrator privileges. Quick Peek r0ak v1.0.0 -- Ring 0 Army Knife...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2024/05/22 12:30 p.m.93 views

Above - Invisible Network Protocol Sniffer

Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, Pseudonym: Caster Version: 2.6 Codename: Introvert Disclaimer All...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2024/04/07 12:30 p.m.93 views

GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints

This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper whe...

7.6AI score
Exploits0References6
kitploit
kitploit
added 2023/09/12 11:30 a.m.93 views

VTScanner - A Comprehensive Python-based Security Tool For File Scanning, Malware Detection, And Analysis In An Ever-Evolving Cyber Landscape

VTScanner is a versatile Python tool that empowers users to perform comprehensive file scans within a selected directory for malware detection and analysis. It seamlessly integrates with the VirusTotal API to deliver extensive insights into the safety of your files. VTScanner is compatible with...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2022/06/13 12:30 p.m.93 views

confluencePot - Simple Honeypot For Atlassian Confluence (CVE-2022-26134)

ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability CVE-2022-26134. About the vulnerability You can find the official advisory by Atlassian to this vulerability here. For details about the inner workings and exploits in the wild...

9.8CVSS10AI score0.99999EPSS
Exploits76References2
kitploit
kitploit
added 2021/03/23 11:30 a.m.93 views

Godehashed - Tool That Uses The Dehashed.Com API To Search For Compromised Assets

A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a CSV for further analysis. Dehashed API You must supply the tool an api key. See apikeytemplate.txt for example. Installation To install the tool in CLI run the following command. You...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2021/01/11 11:30 a.m.93 views

Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go

Hello! Welcome. Wprecon Wordpress Recon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WA...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2020/10/21 8:30 p.m.93 views

MalwareSourceCode - Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages

Malware Source Code Collection !!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in this repository. Download, compile or run at your own risk Contents: This repository contains the source code for the following: . ├── Acad ├── Engines │ ├── BAT │ ├── Linux...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2020/03/16 8:30 p.m.93 views

Token-Reverser - Word List Generator To Crack Security Tokens

Word list generator to crack security tokens. Example use case 1. You are testing reset password function 2. Reset password token was sent to your email box e.g. 582431d4c7b57cb4a3570041ffeb7e10 3. You suppose, it is a md5 hash of the data you provided during registration process 4. You remember...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/02/18 8:16 p.m.93 views

CVE Api - Parse & filter the latest CVEs from cve.mitre.org

Parse & filter the latest CVEs from https://cve.mitre.org. Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails...

7.3AI score
Exploits0References5
Total number of security vulnerabilities5000