Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2013/02/26 1:27 a.m.85 views

[ADHD v.0.4.1] Active Defense Harbinger Distribution

The Active Defense Harbinger Distribution ADHD is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys. ADHD has tools whos...

9.8AI score
Exploits0
kitploit
kitploit
added 2023/09/16 11:30 a.m.84 views

ADCSKiller - An ADCS Exploitation Automation Tool Weaponizing Certipy And Coercer

ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services ADCS vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2022/04/27 12:30 p.m.84 views

O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2021/03/28 8:30 p.m.84 views

BadOutlook - (Kinda) Malicious Outlook Reader

A simple PoC which leverages the Outlook Application Interface COM Interface to execute shellcode on a system based on a specific trigger subject line. By utilizing the Microsoft.Office.Interop.Outlook namespace, developers can represent the entire Outlook Application or at least according to...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/03/24 11:30 a.m.84 views

Kraker - Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2021/01/04 11:30 a.m.84 views

XSS-Scanner - XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting XSS is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by...

6AI score
Exploits0References1
kitploit
kitploit
added 2020/11/17 8:30 p.m.84 views

Rehex - Reverse Engineers' Hex Editor

A cross-platform Windows, Linux, Mac hex editor for reverse engineering, and everything else. Features Large 1TB+ file support Decoding of integer/floating point value types Disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparision of selections...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2020/11/15 8:30 p.m.84 views

Go_Parser - Yet Another Golang Binary Parser For IDAPro

Yet Another Golang Binary Parser For IDAPro  NOTE : This master branch is written in Python2 for IDAPython, and tested only on IDA7.2/IDA7.0. If you use IDAPython with Python3 and higher version of IDAPro, please use Python3 Branch for goparser. Inspired by golangloaderassist and...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2020/05/08 1:0 p.m.85 views

How to Set Up a VPN on Kodi in 2 Minutes or Less

VPNs are useful for masking your identity when online. Without a VPN, you run the risk of having your data exposed to your Internet Service Provider ISP. This is something that you should think about since your ISP has access to all of your data, including the streaming data from your streaming...

6.6AI score
Exploits0References1
kitploit
kitploit
added 2020/04/13 12:0 p.m.84 views

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/04/07 9:30 p.m.84 views

MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)

A password spraying tool for Microsoft Online accounts Azure/O365. The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! Why...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/04/05 10:30 p.m.84 views

Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State

Use angr inside GDB. Create an angr state from the current debugger state. Install pip install angrgdb echo "python import angrgdb.commands" /.gdbinit Usage angrgdb implements the angrdbg API in GDB. You can use it in scripts like this: from angrgdb import gdb.execute"b 0x004005f9" gdb.execute"r...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2019/07/23 9:54 p.m.84 views

AMIRA - Automated Malware Incident Response & Analysis

AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All : the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket,...

6.8AI score
Exploits0References9
kitploit
kitploit
added 2019/05/15 12:54 p.m.84 views

Trigmap - A Wrapper For Nmap To Automate The Pentest

Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable easy to run not only on Kali Linux and very efficient thanks to the optimized Nmap algorithms. Detail...

6.9AI score
Exploits0References3
kitploit
kitploit
added 2019/01/08 8:45 p.m.84 views

Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

Stretcher is a tool to search for open elasticsearch servers. Usage: python stretcher.py --shodan key --action analyze --threads 0..100 --dork python stretcher.py --help / // / / // / \ / / / / / / / / / / / // / / / // // / / / / / //// //// //// Tool designed to help identify incorrectly...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/12/14 12:12 p.m.84 views

NETworkManager - A Powerful Tool For Managing Networks And Troubleshoot Network Problems!

A powerful tool for managing networks and troubleshoot network problems! Features Network Interface - Information, Configure IP-Scanner Port-Scanner Ping Traceroute DNS Lookup Remote Desktop PuTTY requires PuTTY TightVNC requires TightVNC SNMP - Get, Walk, Set v1, v2c, v3 Wake on LAN HTTP Headers...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2018/11/09 8:48 p.m.84 views

Invisi-Shell - Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)

Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features ScriptBlock logging, Module logging, Transcription, AMSI by hooking .Net assemblies. The hook is performed via CLR Profiler API. Work In Progress This is still a preliminary version intended as a...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/10/07 9:34 p.m.84 views

DNSDiag - DNS Diagnostics And Performance Measurement Tools

Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to mak...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2016/06/14 12:58 a.m.84 views

Lalin - Hackpack & Kali Linux Tools

Lalin is a remake of Lazykali by bradfreda with fixed bugs , added new features and uptodate tools . It's compatible with the latest release of Kali Rolling Changelog Lalin gets updated weekly with new features, improvements and bugfixes. Be sure to check out the Changelog How it works Extract Th...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2015/02/04 12:23 a.m.84 views

IP Thief - Simple IP Stealer in PHP

A simple PHP script to capture the IP address of anyone that send the "imagen.php" file with the following options: + It comes with an administrator to view and delete IP + You can change the redirect URL image + Can you see the country of the visitor Download IP Thief...

7.3AI score
Exploits0
kitploit
kitploit
added 2014/07/02 8:20 p.m.84 views

WebBrowserPassView - Recover lost passwords stored in your Web browser

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer Version 4.0 - 10.0, Mozilla Firefox All Versions, Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website,...

6.8AI score
Exploits0
kitploit
kitploit
added 2022/10/28 11:30 a.m.83 views

Sandman - NTP Based Backdoor For Red Team Engagements In Hardened Networks

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP a protocol to sync time & date to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2022/09/09 12:30 p.m.83 views

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2021/08/28 12:30 p.m.83 views

Pantagrule - Large Hashcat Rulesets Generated From Real-World Compromised Passwords

gargantuan hashcat rulesets generated from compromised passwords Project maintenance warning : This project is deemed completed. No pull requests or changes will be made to this project in the future unless they are actual bugs or migrations to allow these rules to work with newer versions of...

7.2AI score
Exploits0References13
kitploit
kitploit
added 2021/02/27 8:30 p.m.83 views

Pillager - Filesystems For Sensitive Information With Go

Pillager is designed to provide a simple means of leveraging Go's strong concurrency model to recursively search directories for sensitive information in files. Pillager does this by standing on the shoulders of a few giants. Once pillager finds files that match the specified pattern, the file is...

7AI score
Exploits0References10
kitploit
kitploit
added 2020/09/04 12:30 p.m.83 views

SNIcat - Server Name Indication Concatenator

SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2020/08/16 1:0 p.m.83 views

Spybrowse - Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files. This code will do the following: 1. Copy itself into the %TMP% directory & name itself ursakta.exe 2. Add a registry entry to execute...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2020/07/09 12:30 p.m.83 views

dorkScanner - A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs

A typical search engine dork scanner that scrapes search engines with queries that you provide in order to find vulnerable URLs. Introduction Dorking is a technique used by newsrooms, investigative organisations, security auditors as well as tech savvy criminals to query various search engines fo...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/05/16 1:0 p.m.83 views

URLBrute - Tool To Brute Website Sub-Domains And Dirs

What is this URLBrute is a tool to help you brute forcing website sub-domains and dirs. Can be used with python3 and python2. Dependencies urlbrute.py requests = 2.21.0 bs4 = 0.0.1 datetime = 4.3 How to install In Linux: chmod +x install.sh sudo ./install.sh In Windows, install python 3.7, then r...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/03/27 12:0 p.m.83 views

ProjectOpal - Stealth Post-Exploitation Framework For Wordpress

Stealth post-exploitation framework for Wordpress CMS Official ProjectOpal Repository. What is it and why was it made? We intentionally made it for our penetration testing jobs however its getting grey hairs now so we thought we would like to pass it on to the public!. ProjectOpal or Opal. Is a...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/01/22 11:30 a.m.83 views

AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model

AlertResponder is a serverless framework for automatic response of security alert. Overview AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. 1. Inspector investigates entiti...

7AI score
Exploits0References3
kitploit
kitploit
added 2019/12/27 11:30 a.m.83 views

RansomCoin - A DFIR Tool To Extract Cryptocoin Addresses And Other Indicators Of Compromise From Binaries

Extracting metadata and hardcoded Indicators of Compromise from ransomware, in a scalable, efficient, way with cuckoo integrations. Ideally, is it run during cuckoo dynamic analysis, but can also be used for static analysis on large collections of ransomware. Designed to be fast, with low false...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2019/12/01 11:30 a.m.83 views

CCAT - Cloud Container Attack Tool For Testing Security Of Container Environments

Cloud Container Attack Tool CCAT is a tool fortesting security of container environments. Quick reference Where to get help : the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues : https://github.com/RhinoSecurityLabs/ccat/issues Maintained by : the Rhino Assessment Tea...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2018/09/17 9:7 p.m.83 views

CyberChef - The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis]

The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression an...

6.7AI score
Exploits0References9
kitploit
kitploit
added 2018/03/07 1:11 p.m.83 views

Harpoon - CLI Tool For Open Source And Threat Intelligence

OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon --process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/08/03 3:7 p.m.83 views

BAF - Blind Attacking Framework

What is BAF ? it's a framework written in python 2.7 that is being made specially for blind attacking , ie : attacking random targets with common security issues , targets are generated by the hackers search engine "shodan" and vulnerable hosts are hacked in an automated way . this framework is...

6.7AI score
Exploits0References1
kitploit
kitploit
added 2016/05/26 11:39 p.m.83 views

stickyKeysHunter - A Script to Test an RDP Host for Sticky Keys and Utilman Backdoor

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result. How does it work? 1. Connects to RDP using rdesktop 2. Sends shift 5 times using xdotool to trigger sethc.exe backdoors...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2015/05/22 10:11 p.m.83 views

SmarTTY - Multi-tabbed SSH Client with SCP Support

SmarTTY is a free multi-tabbed SSH client that supports copying files and directories with SCP on-the-fly and editing files in-place. One SSH session - multiple tabs Most SSH servers support up to 10 sub-sessions per connection. SmarTTY makes the best of it: no annoying multiple windows, no need ...

7.7AI score
Exploits0
kitploit
kitploit
added 2015/03/29 10:59 p.m.83 views

Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

7.9AI score
Exploits0References1
kitploit
kitploit
added 2012/12/17 3:16 p.m.83 views

[ScanPlanner] Scanner Nmap Online

ScanPlanner is the easiest, fastest way to run NMAP scans and tests from the web. Schedule and track your network scans and vulnerability tests with our intuitive online interface. WEB:http://scanplanner.com/...

7.2AI score
Exploits0
kitploit
kitploit
added 2024/05/27 12:30 p.m.82 views

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

7.5AI score
Exploits0References100
kitploit
kitploit
added 2024/04/30 12:30 p.m.82 views

ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities

ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post ca...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2023/07/14 12:30 p.m.82 views

Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike

Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2022/12/13 11:30 a.m.82 views

Codecepticon - .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code

Codecepticon is a .NET application that allows you to obfuscate C, VBA/VB6 macros, and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other obfuscators is that it targets the source code rather than the compil...

7.2AI score
Exploits0References17
kitploit
kitploit
added 2022/02/17 11:30 a.m.82 views

Snaffler - A Tool For Pentesters To Help Find Delicious Candy

Snaffler is a tool for pentesters to help find delicious candy needles creds mostly, but it's flexible in a bunch of horrible boring haystacks a massive Windows/AD environment. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an "audit" tool. I don'...

7AI score
Exploits0References5
kitploit
kitploit
added 2021/08/01 12:30 p.m.82 views

CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/05/20 9:30 p.m.82 views

ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers

A Black Path Toward The Sun TCP tunneling over HTTP for web application servers https://www.blackhat.com/us-16/arsenal.htmla-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package1 to tunnel TCP traffic over an HTTP/HTTP...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/03/30 11:30 a.m.82 views

Android_Hid - Use Android As Rubber Ducky Against Another Android Device

Use Android as Rubber Ducky against another Android device HID attack using Android Using Android as Rubber Ducky against Android. This is not a new technique, just a demo how to perform HID attack using Android instead of rubber ducky. For targeted Android device it is not necessary to be rooted...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2021/01/03 11:30 a.m.82 views

Urlhunter - A Recon Tool That Allows Searching On URLs That Are Exposed Via Shortener Services

urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. How? A group named URLTeam kudos to them are brute forcing the URL shortener services and publishing matched results on a daily basis. urlhunter...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2020/12/20 11:30 a.m.82 views

Fawkes - Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, --query - Dork that will be used in the search engine. -r, --results - Number of results brought by the search engine. -s, --start-page - Home page of search results. -t...

7.8AI score
Exploits0References1
Total number of security vulnerabilities5000