Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2021/05/10 12:30 p.m.87 views

CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI G...

7.7AI score
Exploits0References18
kitploit
kitploit
added 2020/11/27 8:30 p.m.87 views

DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers. dnsx is successor of dnsprobe that includes new features, multiple bugs fixes, and tailored...

7.3AI score
Exploits0References6
kitploit
kitploit
added 2020/09/25 8:30 p.m.87 views

Go-Dork - The Fastest Dork Scanner Written In Go

The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask. Install Download a prebuilt binary from releases page, unpack and run! or If you have go compiler installed and configured: GO111MODULE=on go ge...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2019/12/04 8:30 p.m.87 views

Codecat - Tool To Help In Manual Analysis In Codereview

CodeCat is a open source tool to help you in codereview, to find/track sinks and this points follow regex rules... How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2019/11/26 12:30 p.m.87 views

Flan - A Pretty Sweet Vulnerability Scanner By CloudFlare

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2019/09/18 11:57 a.m.87 views

FudgeC2 - A Collaborative C2 Framework For Purple-Teaming Written In Python3, Powershell And .NET

FudgeC2 is a campaign orientated Powershell C2 framework built on Python3/Flask - Designed for team collaboration, client interaction, campaign timelining, and usage visibility. Note: FudgeC2 is currently in alpha stage, and should be used with caution in non-test environments. Setup Installation...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2019/04/27 10:12 p.m.87 views

ParamPamPam - Brute Force Discover GET And POST Parameters

This tool for brute discover GET and POST parameters. Installation With Docker Install Docker git clone https://github.com/Bo0oM/ParamPamPam.git cd ParamPamPam docker build -t parampp . echo -e '!'"/bin/bash\ndocker run -ti --rm parampp $@" /usr/local/bin/parampp parampp -u "https://vk.com/login"...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/12/28 12:12 p.m.88 views

Top 20 Most Popular Hacking Tools in 2018

It is the end of the year and we bring you the most popular tools of 2018 in Kitploit, we ordered the 20 tools that had most visitors from March to December 2018. For professionals working in information security, many of this tools are the same ones the hackers are using, to understand the holes...

6.8AI score
Exploits0
kitploit
kitploit
added 2018/12/10 11:45 a.m.88 views

theHarvester v3.0.3 - E-mails, Subdomains And Names Harvester (OSINT)

theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources search engines, pgp key servers. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/06/25 2:30 p.m.87 views

CAVE MINER - Search for Code Cave in All Binaries (ELF, PE and Mach-o) and Inject Payload

This tools search for code cave in binaries Elf, Mach-o, Pe, and inject code in them. Features Find code caves in ELF, PE and Mach-o Use custom bytes for the search ex: 0xCC can be used as nullbytes on PE See virtual address of the code cave. See the permissions of the code caves. Search custom...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2025/04/27 12:30 p.m.86 views

VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing

VulnKnox is a powerful command-line tool written in Go that interfaces with the KNOXSS API. It automates the process of testing URLs for Cross-Site Scripting XSS vulnerabilities using the advanced capabilities of the KNOXSS engine. Features Supports pipe input for passing file lists and echoing...

5.9AI score
Exploits0References1
kitploit
kitploit
added 2024/03/25 11:30 a.m.86 views

Radamsa - A General-Purpose Fuzzer

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...

9.8CVSS9.6AI score0.87138EPSS
Exploits42References1
kitploit
kitploit
added 2024/03/09 11:30 a.m.86 views

SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names

SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names. LFI for Lateral Movement? Gain SSH Access? ?file=../../../../../../../../home/user/.ssh/idrsa ?file=../../../../../../../../home/user/.ssh/idrsa-cert SSH Private Key...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2023/03/05 11:30 a.m.86 views

RedTeam-Physical-Tools - Red Team Toolkit - A Curated List Of Tools That Are Commonly Used In The Field For Physical Security, Red Teaming, And Tactical Covert Entry

 The links of the products may change with time, if so, just ping me on twitter so I can update them. None of the links are affiliated or sponsored. Also, I have personally purchased almost every single item from this list out of my own pocket based on needs for engagements. If there are any oth...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2022/06/29 6:48 a.m.86 views

Nimc2 - A C2 Fully Written In Nim

nimc2 is a very lightweight C2 written fully in nim implant & server. If you want to give it a try check out the wiki to learn how to install and use nimc2. It's features include: Windows & Linux implant generation TCP socket communication with HTTP communication coming soon Ability to create as...

7.4AI score
Exploits0References8
kitploit
kitploit
added 2021/06/17 12:30 p.m.86 views

Volatility GUI - GUI For Volatility Forensics Tool

This is a GUI for Volatility forensics tool written in PyQT5 Prerequisites: 1- Installed version of Volatility. 2- Install PyQT5. sudo apt-get install python3-pyqt5 3- Download Volatility GUI. Configuration From the downloaded Volatility GUI, edit config.py file to specify 1- Python 2 bainary nam...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2021/05/26 9:30 p.m.86 views

DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2021/05/23 9:30 p.m.86 views

AMSITrigger - The Hunt For Malicious Strings

Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/02/17 11:30 a.m.86 views

Chimera - A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a shiny and ver y hack-ish PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures. Chimera was created for this write-up a...

7.3AI score
Exploits0References9
kitploit
kitploit
added 2020/09/04 9:30 p.m.86 views

H4Rpy - Automated WPA/WPA2 PSK Attack Tool

h4rpy is an automated WPA/WPA2 PSK attack tool, wrapper of aircrack-ng framework. h4rpy provides clean interface for automated cracking of WPA/WPA2 PSK networks. h4rpy enables monitor mode on selected wireless interface, scans the wireless space for access points, tries to capture WPA/WPA2 4-way...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/05/18 12:30 p.m.86 views

Sharingan - Offensive Security Recon Tool

Sharingan is a recon multitool for offensive security / bug bounty This is very much a work in progress and I'm relatively new to offensive security in general so if you see something that can be improved please open an issue or PR with suggested changes. Cloning for development Outside of your...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/02/27 12:0 p.m.86 views

Progress-Burp - Burp Suite Extension To Track Vulnerability Assessment Progress

Burp Suite extension to track vulnerability assessment progress. Features Capture items unique requests from the Burp Suite tools Proxy, Repeater, Target. Request unique key is defined as follows: target host, port, protocol, path and method. Items have following editable properties: comment stat...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2020/01/23 8:30 p.m.86 views

SharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File Remotely

C utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely Description This script will attempt to connect to all the supplied computers and use WMI to execute cmd.exe /c netstat -n . The file the output is saved to is...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2018/11/12 8:43 p.m.86 views

AutoRDPwn v4.5 - The Shadow Attack Framework

AutoRDPwn is a script created in Powershell and designed to automate the Shadow attack on Microsoft Windows computers. This vulnerability allows a remote attacker to view his victim's desktop without his consent, and even control it on request. For its correct operation, it is necessary to comply...

7.6AI score
Exploits0References7
kitploit
kitploit
added 2018/03/05 1:9 p.m.86 views

JoomScan - OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan short for Joomla Vulnerability Scanner is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is bei...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/01/14 8:30 p.m.86 views

RFCrack - A Software Defined Radio Attack Tool

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc... Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Support for...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/09/30 2:25 p.m.86 views

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2015/07/08 3:36 p.m.86 views

Babun - A Windows shell you will love!

Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Installation Just download the dist file from http://babun.github.io, unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to th...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2015/06/23 8:34 p.m.86 views

TeemIp - IP Address Management Solution

All network administrators do recognize how important it is to have a well managed IP space: a comprehensive and up to date inventory of all subnets and IPs used in a network as well as clear and simple processes to request, change or release IPs are underlying key factors for a trouble free...

7.2AI score
Exploits0
kitploit
kitploit
added 2013/12/21 6:28 p.m.86 views

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

7.5AI score
Exploits0
kitploit
kitploit
added 2023/04/29 12:30 p.m.85 views

FirebaseExploiter - Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing. Features Mass vulnerability scanning from list of hosts Custom JSON data in exploit.json to upload...

7.4AI score
Exploits0References10
kitploit
kitploit
added 2022/11/19 11:30 a.m.85 views

Wodat - Windows Oracle Database Attack Toolkit

Simple port of the popular Oracle Database Attack Tool ODAT https://github.com/quentinhardy/odat to C .Net Framework. Credit to https://github.com/quentinhardy/odat as lots of the functionality are ported from his code. Perform password based attacks e.g. username as password, username list again...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2022/04/08 9:30 p.m.85 views

Cloak - A Censorship Circumvention Tool To Evade Detection By Authoritarian State Adversaries

Cloak is a pluggable transport that enhances traditional proxy tools like OpenVPN to evade sophisticated censorship and data discrimination. Cloak is not a standalone proxy program. Rather, it works by masquerading proxied traffic as normal web browsing activities. In contrast to traditional tool...

6.9AI score
Exploits0References22
kitploit
kitploit
added 2021/11/30 8:30 p.m.85 views

ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2021/07/31 12:30 p.m.85 views

Ruse - Mobile Camera-Based Application That Attempts To Alter Photos To Preserve Their Utility To Humans While Making Them Unusable For Facial Recognition Systems

Mobile camera-based application that attempts to alter photos to preserve their utility to humans while making them unusable for facial recognition systems. Installation 1 Easy Method: Wait and download app from appropriate app store. 2 Download and run ios app via XCode see Development setup for...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/05/12 1:52 a.m.85 views

Short story about Clubhouse user scraping and social graphs

TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this...

6.7AI score
Exploits0References3
kitploit
kitploit
added 2021/03/19 8:30 p.m.85 views

OffensivePipeline - Tool To Download, Compile (Without Visual Studio) And Obfuscate C# Tools For Red Team Exercises

OffensivePipeline allows to download, compile without Visual Studio and obfuscate C tools for Red Team exercises. OffensivePipeline downloads the tool from the git repository, then compiles it with msbuild and finally obfuscates it with ConfuserEx. Examples List all tools: OffensivePipeline.exe...

7.8AI score
Exploits0References22
kitploit
kitploit
added 2021/03/01 8:30 p.m.85 views

Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -h usage: halogen.py -h -f FILE -d DIR -n NAME --png-idat --jpg-sos Halogen: Automatically create yara rules based on images embedded in office...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/11/12 8:30 p.m.85 views

FAMA - Forensic Analysis For Mobile Apps

LabCIF -Forensic Analysis for Mobile Apps Getting Started Android extraction and analysis framework with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications. Functionalities Extract user application data from an...

6.9AI score
Exploits0References13
kitploit
kitploit
added 2020/05/02 1:0 p.m.85 views

Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.

PowerShell script for connecting to a remote host. Remote host will have full control over client's PowerShell and all its underlying commands. Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS 64 bit. Made for educational purposes. I hope it will help! How to Run Change the IP...

8AI score
Exploits0References7
kitploit
kitploit
added 2020/04/16 9:30 p.m.85 views

DNSProbe - A Tool Built On Top Of Retryabledns That Allows You To Perform Multiple DNS Queries Of Your Choice With A List Of User Supplied Resolvers

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers. Features Simple and Handy utility to query DNS records. Usage dnsprobe -h This will display help for the tool. Here are all the switches it...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/01/24 11:30 a.m.85 views

Check-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local Administrator

Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrator. It's useful if you obtain a password hash for a user and want to see where they are local admin ...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2019/11/25 12:0 p.m.85 views

RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components

RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities. The simulations are mapped to the MITRE ATT&CK framework. This repo contains the compose...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2018/12/06 8:47 p.m.85 views

MEC v1.4.0 - Mass Exploit Console

massExploitConsole a collection of hacking tools with a cli ui. Disclaimer please use this tool only on authorized systems , im not responsible for any damage caused by users who ignore my warning exploits are adapted from other sources, please refer to their author info please note, due to my...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2018/12/05 8:33 p.m.85 views

Hayat - Auditing & Hardening Script For Google Cloud Platform

Hayat is a auditing & hardening script for Google Cloud Platform services such as: Identity & Access Management Networking Virtual Machines Storage Cloud SQL Instances Kubernetes Clusters for now. Identity & Access Management Ensure that corporate login credentials are used instead of Gmail...

7.9AI score
Exploits0References2
kitploit
kitploit
added 2018/11/19 8:43 p.m.85 views

Faraday v3.3 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later ...

7.2AI score
Exploits0
kitploit
kitploit
added 2018/11/11 12:38 p.m.85 views

Hackertarget - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/10/05 9:6 p.m.85 views

HeapHopper - A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/12/24 1:23 p.m.85 views

Invoke-PSImage - Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

Embeds a PowerShell script in the pixels of a PNG file and generates a oneliner to execute Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web when the -Web flag is...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2016/05/16 11:30 p.m.85 views

WiFi-Pumpkin v0.7.5 - Framework for Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is a security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5 Python 2.7 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin chmod +x installer.sh ./installer.sh --install refer t...

7.1AI score
Exploits0References7
Total number of security vulnerabilities5000