Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/08/12 12:30 p.m.90 views

SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins

SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract: Cookies in JSON format History with associated cookies for each history item Saved Logins Note: All cookies returned are in JSON format. If you have th...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2020/05/19 12:30 p.m.90 views

Open Sesame - A Tool Which Runs To Display Random Publicly Disclosed Hackerone Reports When Bored

A python tool which runs to display random publicly disclosed Hackerone reports when bored. Automatically opens the report in browser. Contains Over 8k Publicly disclosed Hackerone reports and addtl. wordlist of 700 bug bounty writeups. This is a productivity tool for security enthusiasts and bug...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/08 12:30 p.m.90 views

HoneyBot - Capture, Upload And Analyze Network Traffic

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts: capture-and-analyze.py - Capture on an interface for some period of time, and upload capture for analysis. upload-and-analyze.py - Upload and...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/02/03 9:0 p.m.90 views

WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates

WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon format Challenges describe high-level tasks and goals to be...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2019/11/26 9:27 p.m.90 views

Corsy - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Usage Using Corsy is pretty simple python corsy.py -u https://example.com A delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/10/25 8:48 p.m.90 views

Httplab - Inspect HTTP Requests And Forge Responses

The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2018/05/16 10:30 p.m.90 views

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application For iOS

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swif 4 and Ruby iGoat Objective C was presented at: OWASP TOP 10 Mobile Reverse Engineering Runtime Analysis Data...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2017/12/25 1:12 p.m.90 views

BtleJuice Framework - Bluetooth Smart (LE) Man-in-the-Middle Framework

BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install BtleJuice ? Installing BtleJuice...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/10/09 1:21 p.m.90 views

Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)

A slow data siphon for MySQL/MariaDB using bitwise operation on printable ASCII characters, via a blind-SQL injection. Usage USAGE: blisqy.py --server --port --header --hvalue --inject --payload --dig --sleeptime Options: -h, --help show this help message and exit --server=WEBSERVER Specify host...

8.6AI score
Exploits0References1
kitploit
kitploit
added 2016/11/23 2:36 p.m.90 views

Brutal - Toolkit to quickly create various Payload, PowerShell Attack, Virus Attack and Launch Listener for a HID

Brutal is extremely useful for executing scripts on a target machine without the need for human-to-keyboard interaction HID -ATTACK .When you insert the device, it will be detected as a keyboard, and using the microprocessor and onboard flash memory storage, you can send a very fast set of...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2016/05/20 10:30 p.m.90 views

Doork - Google Dorks Passive Vulnerability Auditor

doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. doork can update his own database from ghdb and use it for find flaws without even contact the target endpoint. You can provide your custo...

7AI score
Exploits0References1
kitploit
kitploit
added 2023/08/19 12:30 p.m.89 views

Xsubfind3R - A CLI Utility To Find Domain'S Known Subdomains From Curated Passive Online Sources

xsubfind3r is a command-line interface CLI utility to find domain's known subdomains from curated passive online sources. Features Fetches domains from curated passive sources to maximize results. Supports stdin and stdout for easy integration into workflows. Cross-Platform Windows, Linux & macOS...

6.9AI score
Exploits0References8
kitploit
kitploit
added 2023/05/28 12:30 p.m.89 views

Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution

bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured. Architecture bootlicker takes its design from the legacy...

8.4AI score
Exploits0References8
kitploit
kitploit
added 2023/02/26 11:30 a.m.89 views

SXDork - A Powerful Tool That Utilizes The Technique Of Google Dorking To Search For Specific Information On The Internet

SXDork is a powerful tool that utilizes the technique of google dorking to search for specific information on the internet. Google dorking is a method of using advanced search operators and keywords to uncover sensitive information that is publicly available on the internet. SXDork offers a wide...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/05/29 9:30 p.m.89 views

IMAPLoginTester - Script That Reads A Text File With Lots Of E-Mails And Passwords, And Tries To Check If Those Credentials Are Valid By Trying To Login On IMAP Servers

IMAPLoginTester is a simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login to the respective IMAP servers. Usage: usage: imaplogintester.py -h -i INPUT -o OUTPUT -s -t SLEEPTIME -T TIMEOUT -P SOCKS5PROX...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2021/04/30 9:30 p.m.89 views

Vaf - Very Advanced (Web) Fuzzer

very advanced fuzzer compiling 1. Install nim from nim-lang.org 2. Run nimble build A vaf.exe file will be created in your directory ready to be used using vaf using vaf is simple, here's the current help text: Usage: vaf - very advanced fuzzer options Options: -h, --help -u, --url=URL choose url...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2021/03/02 8:30 p.m.89 views

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy. Note-1: This is just an experimental tool, do not use this in any banking transactions. Unethical use of this tool is strictly not encouraged." Note-2:...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2020/12/07 8:30 p.m.89 views

Baphomet - Basic Concept Of How A Ransomware Works

This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack our files. This project is written in C using the net-core application framework 3.1.The main idea of the code is to make it as readable as possible so that people have an idea of how this type...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2020/08/21 9:30 p.m.89 views

SecGen - Create Randomly Insecure VMs

SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can ...

7.6AI score
Exploits0References8
kitploit
kitploit
added 2020/03/23 11:30 a.m.89 views

FinalRecon v1.0.2 - OSINT Tool For All-In-One Web Reconnaissance

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler DNS Enumeration A, AAAA,...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2019/11/13 8:30 p.m.89 views

Asset Discover - Burp Suite Extension To Discover Assets From HTTP Response

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details. The extension is now part of the BApp store and can be installed directly from the Burp Suite...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2019/02/18 12:48 p.m.89 views

Egress-Assess - Tool Used To Test Egress Data Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: 1. Install pyftpdlib 2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/09/21 9:16 p.m.89 views

Burpcommander - Ruby Command-Line Interface To Burp Suite's REST API

Ruby command-line interface to Burp Suite's REST API Usage burpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target IP Address Defaults to 127.0.0.1 -p, --port Port Number Defaults to 1337 -k, --key API Key If you require an API key specify it here -i, --issue-type-id String String to sear...

8.1AI score
Exploits0References1
kitploit
kitploit
added 2018/09/16 9:12 p.m.89 views

Droidefense - Advance Android Malware Analysis Framework

Droidefense originally named atom: a nalysis t hrough o bservation m achine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...

7.7AI score
Exploits0References4
kitploit
kitploit
added 2018/06/21 10:23 p.m.89 views

LNK-Kisser - PowerShell Link Payload Generator

Making FUD Shortcut .lnk payloads with LNK-KISSER to remote execute malicious code. Shortcut-Payload-Generator Exploiting Powershell to make ShortCut Payloads fud. There is too much of awsome tricks there , u can make it better ^^. For Ex : Killing tcpview , taskmanager ..etc while downloading. S...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2018/03/23 1:39 p.m.89 views

ODIN - Tool For Automating Penetration Testing Tasks

ODIN is made possible through the help, input, and work provided by others. Therefore, this project is entirely open source and available to all to use/modify. All this developer did was assemble the tools, convert some of them to Python 3, and stitch them together into an all-in-one toolkit. Wha...

7.1AI score
Exploits0References9
kitploit
kitploit
added 2023/12/22 11:30 a.m.88 views

ProcessStomping - A Variation Of ProcessOverwriting To Execute Shellcode On An Executable'S Section

A variation of ProcessOverwriting to execute shellcode on an executable's section What is it For a more detailed explanation you can read my blog post Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on a targeted sectio...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2023/07/16 12:30 p.m.88 views

PPLcontrol - Controlling Windows PP(L)s

This tool allows you to list protected processes, get the protection level of a specific process, or set an arbitrary protection level. For more information, you can read this blog post: Debugging Protected Processes. Usage 1. Download the MSI driver You can get a copy of the MSI driver...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2022/08/08 12:30 p.m.88 views

Smap - A Drop-In Replacement For Nmap Powered By Shodan.Io

Smap is a replica of Nmap which uses shodan.io's free API for port scanning. It takes same command line arguments as Nmap and produces the same output which makes it a drop-in replacament for Nmap. Features Scans 200 hosts per second Doesn't require any account/api key Vulnerability detection...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2022/02/26 8:30 p.m.89 views

Katoolin3 - Get Your Favourite Kali Linux Tools On Debian/Ubuntu/Linux Mint

Katoolin3 brings all programs available in Kali Linux to Debian and Ubuntu. Description This program is a port of katoolin from LionSec to python3. Katoolin3 offers several improvements over katoolin: Up to date packages The old katoolin uses an outdated package list. Katoolin3 always keeps its...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2021/08/09 12:30 p.m.88 views

Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...

7.1AI score
Exploits0References6
kitploit
kitploit
added 2021/07/27 9:30 p.m.88 views

TokenTactics - Azure JWT Token Manipulation Toolset

Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/05/12 12:30 p.m.88 views

APSoft-Web-Scanner-v2 - Powerful Dork Searcher And Vulnerability Scanner For Windows Platform

APSoftWebscanner Version 2 new version of APSoft Webscanner Version 1 Software pictures What can i do with this ? with this software, you will be able to search your dorks in supported search engines and scan grabbed urls to find their vulnerabilities. in addition , you will be able to generate...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2021/04/28 12:30 p.m.88 views

Invoke-Stealth - Simple And Powerful PowerShell Script Obfuscator

Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together or all of them sequentially with ease, from Windows or Linux...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2020/10/09 8:30 p.m.88 views

NashaVM - A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI

Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installation git clone https://github.com/Mrakovic-ORG/NashaVM --recurse cd NashaVM\NashaVM nuget restore msbuild Limitations Slow Several instructions are not implemented Can bug Dependencies dnlib .NET Framework 4.0...

7.2AI score
Exploits0References9
kitploit
kitploit
added 2020/10/03 8:30 p.m.88 views

Timewarrior - Commandline Time Reporting

Timewarrior is a time tracking utility that offers simple stopwatch features as well as sophisticated calendar-based backfill, along with flexible reporting. It is a portable, well supported and very active Open Source project. Installing From Package Thanks to the community, there are binary...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2020/09/19 8:34 p.m.88 views

Winshark - A Wireshark Plugin To Instrument ETW

Wireshark plugin to work with Event Tracing for Windows Microsoft Message Analyzer is being retired and its download packages were removed from microsoft.com sites on November 25 2019. Wireshark have built a huge library of network protocol dissectors. The best tool for Windows would be one that...

7.1AI score
Exploits0References6
kitploit
kitploit
added 2020/06/07 9:30 p.m.88 views

Spyeye - Script To Generate Win32 .Exe File To Take Screenshots

Script to generate Win32 .exe file to take screenshots every 10 seconds. Features: Works on WAN: Port Forwarding by Serveo.net Fully Undetectable FUD - Don't Upload to virustotal.com! Legal disclaimer: Usage of SpyEye for attacking targets without prior mutual consent is illegal. It's the end...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/05/03 10:0 p.m.88 views

Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2019/08/11 9:49 p.m.88 views

Seccomp Tools - Provide Powerful Tools For Seccomp Analysis

Provide powerful tools for seccomp analysis. This project is targeted to but not limited to analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case. Features Dump - Automatically dumps seccomp-bpf from execution files...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2018/06/04 10:23 p.m.88 views

CSS Keylogger - Chrome Extension And Express Server That Exploits Keylogging Abilities Of CSS

Chrome extension and Express server that exploits keylogging abilities of CSS. To use SetupChrome extension 1. Download repository git clone https://github.com/maxchehab/CSS-Keylogging 2. Visit chrome://extensions in your browser or open up the Chrome menu by clicking the icon to the far right of...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2018/04/01 12:35 p.m.88 views

Pyfiscan - Web-Application Vulnerability And Version Scanner

Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2014/07/17 1:23 a.m.88 views

MultiMonitorTool v1.63 - Multiple Monitors on Windows

MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do...

6.8AI score
Exploits0
kitploit
kitploit
added 2024/06/25 12:30 p.m.87 views

CloudBrute - Awesome Cloud Enumerator

A tool to find a company target infrastructure, files, and apps on the top cloud providers Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode. The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation ...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2023/12/05 11:30 a.m.87 views

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2023/11/14 11:30 a.m.87 views

Forbidden-Buster - A Tool Designed To Automate Various Techniques In Order To Bypass HTTP 401 And 403 Response Codes And Gain Access To Unauthorized Areas In The System

Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk. Probes HTTP 401 and 403 response...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2022/12/24 11:30 a.m.87 views

Autobloody - Tool To Automatically Exploit Active Directory Privilege Escalation Paths Shown By BloodHound

autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound. Description This tool automates the AD privesc between two AD objects, the source the one we own and the target the one we want if a privesc path exists in BloodHound database. The...

7.9AI score
Exploits0References2
kitploit
kitploit
added 2022/09/28 8:31 p.m.87 views

Psudohash - Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns

psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. ...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2022/06/14 12:30 p.m.87 views

Goreplay - Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data

GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring and detailed analysis. About As your application grows, the effort required to test it also grows exponentially. GoReplay offers you the simple idea of reusing...

7.3AI score
Exploits0References10
kitploit
kitploit
added 2021/11/21 8:30 p.m.87 views

Stacs - Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of...

6.8AI score
Exploits0References5
Total number of security vulnerabilities5000