Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2022/01/14 8:30 p.m.727 views

Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails...

9.8CVSS7.8AI score0.02658EPSS
Exploits2References5
Kitploit
Kitploit
added 2019/04/07 9:31 p.m.726 views

ISF - Industrial Control System Exploitation Framework

ISFIndustrial Exploitation Framework is a exploitation framework based on Python, it's similar to metasploit framework. ISF is based on open source project routersploit. Read this in other languages:English, 简体中文, ICS Protocol Clients Name | Path | Description ---|---|--- modbustcpclient |...

8.1CVSS8.7AI score0.0591EPSS
Exploits1References16
Kitploit
Kitploit
added 2020/05/15 9:30 p.m.723 views

Getdroid - FUD Android Payload And Listener

FUD Android Payload And Listener Read the license before using any part from this code Malicious Android apk generator Reverse Shell Legal disclaimer: Usage of GetDroid for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local,...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/02 8:16 p.m.722 views

Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate almost FUD executable even with the most common 32 bit msfvenom payload lower detection ratio with 64 bit payloads. The aim of this tool is to make antivirus evasion an easy task for pentesters through...

8.6AI score
Exploits0References3
Kitploit
Kitploit
added 2019/08/05 9:31 p.m.715 views

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture PCAP files and Zeek formerly Bro logs. These artifacts can be uploaded via a simple browser-based interface or...

7AI score
Exploits0References39
Kitploit
Kitploit
added 2014/02/04 11:38 p.m.715 views

[FBHT v2.0] Facebook Hacking Tool

FBHT F aceb ook H ackingT ool is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform The tool provides: Tests account handling Create, Delete, Friend, Accept Youtube videos phishing Facebook links preview modification Friends list privacy bypass...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2019/11/15 8:0 p.m.714 views

RFI/LFI Payload List

As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. I’ll give...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2025/05/08 12:30 p.m.710 views

ByeDPIAndroid - App To Bypass Censorship On Android

Android application that runs a local VPN service to bypass DPI Deep Packet Inspection and censorship. This application runs a SOCKS5 proxy ByeDPI and redirects all traffic through it. Installation Or use Obtainium 1. Install Obtainium 2. Add the app by URL:...

7.2AI score
Exploits0References9
Kitploit
Kitploit
added 2018/06/26 2:10 p.m.710 views

Stego-Toolkit - Collection Of Steganography Tools (Helps With CTF Challenges)

This project is a Docker image useful for solving Steganography challenges as those you can find at CTF platforms like hackthebox.eu. The image comes preinstalled with many popular see list below and several screening scripts you can use check simple things for instance, run checkjpg.sh image.jpg...

7.1AI score
Exploits0References19
Kitploit
Kitploit
added 2020/07/31 12:30 p.m.706 views

dazzleUP - A Tool That Detects The Privilege Escalation Vulnerabilities Caused By Misconfigurations And Missing Updates In The Windows OS

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. dazzleUP detects the following vulnerabilities. Exploit Checks The first feature of dazzleUP is that it uses Windows Update Agent API instead of WMI like...

10CVSS8.7AI score0.9981EPSS
Exploits182References1
Kitploit
Kitploit
added 2023/05/30 12:30 p.m.696 views

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

7.8AI score
Exploits0References3
Kitploit
Kitploit
added 2017/06/06 3:19 p.m.694 views

BruteSploit - Collection Of Method For Automated Generate, Bruteforce And Manipulation Wordlist

BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text. Tutorial Check in...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2015/05/18 10:0 p.m.692 views

Java LOIC - Low Orbit Ion Cannon. A Java based network stress testing application

Low Orbit Ion Cannon. The project is a Java implementation of LOIC written by Praetox but it's not related with the original project. The main purpose of Java LOIC is testing your network. Java LOIC should work on most operating systems. Download Java LOIC...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2019/05/23 9:57 p.m.691 views

TeleShadow v3 - Telegram Desktop Session Stealer (Windows)

Teleshadow3- Advanced Telegram Desktop Session Hijacker! Download Click HERE to download the latest version! Stealing desktop telegrams has never been so easy! Set the email and sender details of the sender and recipient or use Telegram API! and send it to the victim after compiling. How do I use...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2021/10/07 11:30 a.m.688 views

SpoolSploit - A Collection Of Windows Print Spooler Exploits Containerized With Other Utilities For Practical Exploitation

A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. Summary SpoolSploit is a collection of Windows print spooler exploits containerized with other utilities for practical exploitation. A couple of highly effective methods would be relaying...

8.8CVSS9.3AI score0.99759EPSS
Exploits75References8
Kitploit
Kitploit
added 2021/01/02 8:30 p.m.688 views

Byp4Xx - Simple Bash Script To Bypass "403 Forbidden" Messages With Well-Known Methods Discussed In #Bugbountytips

byp4xx.sh / / / // / / / / / / / // /| |// |// / // / // / // / / /./, / ./ // //|//|| /// A bash script to bypass "403 Forbidden" responses with well-known methods discussed in bugbountytips Installation: git clone https://github.com/lobuhi/byp4xx.git cd byp4xx chmod u+x byp4xx.sh Usage: Start...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/03/17 12:15 p.m.682 views

Th3Inspector - Tool for Information Gathering

Tool For Information Gathering. Usage Short Form| Long Form| Description ---|---|--- -i| --info| Website Information -n| --number| Phone Number Information -mx| --mailserver| Find IP Address And E-mail Server -w| --whois| Domain Whois Lookup -l| --location| Find Website/IP Address Location -c|...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/20 8:30 p.m.676 views

TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)

Telegram Group Scraper Tool. Fetch All Information About Group Members • How To Install & Setup API Termux • API Setup Go to http://my.telegram.org and log in. Click on API development tools and fill the required fields. put app name you want & select other in platform Example : copy "apiid" &...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/09/22 12:0 p.m.673 views

Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM

A sugared version ofRottenPotatoNG, with a bit of juice, i.e. another LocalPrivilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM Summary RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on...

7.5AI score
Exploits0References6
Kitploit
Kitploit
added 2023/02/17 11:30 a.m.671 views

OffensivePipeline - Allows You To Download And Build C# Tools, Applying Certain Modifications In Order To Improve Their Evasion For Red Team Exercises

OfensivePipeline allows you to download and build C tools, applying certain modifications in order to improve their evasion for Red Team exercises. A common use of OffensivePipeline is to download a tool from a Git repository, randomise certain values in the project, build it, obfuscate the...

5.5CVSS8.1AI score0.99512EPSS
Exploits75References87
Kitploit
Kitploit
added 2017/01/21 2:7 p.m.663 views

chisel - A fast TCP tunnel over HTTP

Chisel is a fast TCP tunnel, transported over HTTP. Single executable including both client and server. Written in Go Golang. Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2016/08/14 2:30 p.m.662 views

Pentmenu - A simple Bash Script for Recon and DOS Attacks

A bash script inspired by pentbox. Designed to be a simple way to implement various network pentesting functions, including network attacks, using wherever possible readily available software commonly installed on most linux distributions without having to resort to multiple specialist tools. Sud...

5CVSS6.8AI score0.66422EPSS
Exploits1References2
Kitploit
Kitploit
added 2019/07/23 1:9 p.m.660 views

VulnWhisperer - Create Actionable Data From Your Vulnerability Scans

Createactionable data from your vulnerability scans VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with...

7.5AI score
Exploits0References16
Kitploit
Kitploit
added 2014/01/08 6:35 a.m.655 views

[MoonSols] Windows Memory Toolkit

MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...

7AI score
Exploits0
Kitploit
Kitploit
added 2019/09/01 10:0 p.m.653 views

Telegram C# C2 - A Command and Control Tool for Telegram Bot Communication

Command and Control for C Writing Author: Leiothrix Telegram: @Leiothrix Twitter: @wh4am1 Team: QQ愛&Love Install Nuget download these package using System.IO; using Telegram.Bot; using Telegram.Bot.Args; using Telegram.Bot.Types.InputFiles; using AForge.Video; using AForge.Controls; using...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/23 1:30 p.m.644 views

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2013/10/26 8:27 p.m.644 views

[Binwalk v1.2.2] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

9.9AI score
Exploits0
Kitploit
Kitploit
added 2019/02/24 12:11 p.m.638 views

HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ... The CodeXplorer plugin is one of the first publicly available Hex-Rays Decompiler plugins. We kee...

7.3AI score
Exploits0References9
Kitploit
Kitploit
added 2017/08/01 2:32 p.m.634 views

Arachni v1.5.1 - Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is...

7.9AI score
Exploits0References9
Kitploit
Kitploit
added 2018/05/28 10:19 p.m.633 views

pwnedOrNot - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin Dump...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/01/06 11:30 a.m.632 views

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the "Log4j" Java library vulnerability CVE-2021-44228 for a list of URL with multithreading The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request...

10CVSS10AI score0.99999EPSS
Exploits354References1
Kitploit
Kitploit
added 2013/10/26 8:47 p.m.626 views

[Mellivora] Basic database driven CTF engine

Mellivora is a basic database driven CTF engine written in PHP. Requirements LAMP: PHP 5.3+, MySQL 5.5+, Apache 2.2+. May work with other configurations but this is untested. Installation Download to any directory, say: "/var/www/mellivora/". Create an Apache VHost and point DocumentRoot to...

9.8AI score
Exploits0References3
Kitploit
Kitploit
added 2019/12/07 8:53 p.m.615 views

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

7.3AI score
Exploits0References10
Kitploit
Kitploit
added 2015/07/16 11:33 p.m.614 views

yarGen - A Generator for Yara Rules (for malware researchers)

yarGen is a generator for Yara rules. What does yarGen do? The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. Since version 0.14.0 it uses naive-bayes-classifier by Mustafa Atik and Nejdet Yucesoy in...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/13 1:8 p.m.610 views

PhoneInfoga - Advanced Information Gathering & OSINT Tool For Phone Numbers

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/09 8:39 p.m.607 views

EvilURL - An Unicode Domain Phishing Generator for IDN Homograph Attack

An unicode domain phishing generator for IDN Homograph Attack. VIDEO DEMO CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python evilurl.py PREREQUISITES python 2.7 TESTED ON Kali Linux - ROLLING EDITION Download EvilURL...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2024/02/29 11:30 p.m.603 views

LeakSearch - Search & Parse Password Leaks

LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB Combination Of Many Breaches over the Internet. You can define a custom proxy and you can also use your own password file, to search using different keywords: such as user, domain or password. In addition, y...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/01 10:15 p.m.601 views

XSStrike v1.2 - Fuzz, Crawl and Bruteforce Parameters for XSS

XSStrike is a python script designed to detect and exploit XSS vulnerabilites. A list of features XSStrike has to offer: Fuzzes a parameter and builds a suitable payload Bruteforces paramteres with payloads Has an inbuilt crawler like functionality Can reverse engineer the rules of a WAF/Filter...

6.7AI score
Exploits0References4
Kitploit
Kitploit
added 2016/08/06 2:46 p.m.596 views

A2SV - Auto Scanning to SSL Vulnerability

█████╗ ██████╗ ███████╗██╗ ██╗ ██╔══██╗╚════██╗██╔════╝██║ ██║ ███████║ █████╔╝███████╗██║ ██║ .o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo...

7.5CVSS7.2AI score0.99999EPSS
Exploits102References6
Kitploit
Kitploit
added 2024/09/21 11:30 a.m.592 views

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/09/12 12:0 p.m.592 views

Pyrdp - RDP Man-In-The-Middle And Library For Python3 With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python 3 Remote Desktop Protocol RDP Man-in-the-Middle MITM and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you c...

7.5AI score
Exploits0References13
Kitploit
Kitploit
added 2019/08/25 9:30 p.m.592 views

Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ

This is a multi-use bash script for Linux systems to audit wireless networks. All the needed info about how to "install | use | enjoy" airgeddon is present at Github's Wiki. I. Content & Features Home Features Screenshots Wallpapers II. Requirements Requirements Compatibility Essential Tools...

7.3AI score
Exploits0References29
Kitploit
Kitploit
added 2019/07/28 10:14 p.m.589 views

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.3 to version 3.8, spanning over 24 years ...

6.6AI score
Exploits0References13
Kitploit
Kitploit
added 2017/02/22 2:4 p.m.585 views

mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool

mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. Installing with pip This is the recommended installation method in case you have python and pip . pip install mongoaudit Alternative installer Use this if and only...

8.1CVSS9.6AI score0.44543EPSS
Exploits13References2
Kitploit
Kitploit
added 2013/10/26 8:39 p.m.582 views

[Wi-Fi Password Key Generator] Wireless WEP/WPA/WPA2 Security Key Maker Tool

WiFi Password Key Generator is the free desktop tool to quickly create secure Wireless WEP/WPA/WPA2 keys. Most devices Modems/Routers require you to enter WEP/WPA keys during Wireless security configuration. Unlike regular passwords, these keys have strict length requirements based on type of...

10AI score
Exploits0
Kitploit
Kitploit
added 2019/09/19 9:18 p.m.581 views

Pixload - Image Payload Creating/Injecting Tools

Set of tools for creating/injecting payload into images. SETUP The following Perl modules are required: - GD - Image::ExifTool - String::CRC32 On Debian-based systems install these packages: sudo apt install libgd-perl libimage-exiftool-perl libstring-crc32-perl On OSX please refer to this...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2022/04/24 9:30 p.m.578 views

Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads previously seen tools uses only 1-2 variants. Fuzzing for HTTP GET and POST methods. Automatic...

9.8CVSS9.2AI score0.99939EPSS
Exploits133References2
Kitploit
Kitploit
added 2019/05/27 9:47 p.m.574 views

P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance". 0. How to install The latest image could be found under release tab. The easiest way to...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/26 9:30 p.m.573 views

OhMyQR - Hijack Services That Relies On QR Code Authentication

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2024/04/01 11:30 a.m.570 views

Drozer - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

7.5AI score
Exploits0References4
Total number of security vulnerabilities5000