Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/12/14 11:30 a.m.82 views

Stegseek - Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second

Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built as a fork of the original steghide project and, as a result, it is thousands of times faster than other crackers and can run through the entirety of rockyou.txt in under 2 seconds. Stegse...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2020/12/02 11:30 a.m.82 views

Hacktory platform packed with new game-playing features

Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only way to make learning worthwhile. There are so many courses to fit any demand. However, boring lectures, outdated textbooks, and vague, complex tasks become obstacles...

7AI score
Exploits0
kitploit
kitploit
added 2020/10/05 8:30 p.m.82 views

Kube-Score - Kubernetes Object Analysis With Recommendations For Improved Reliability And Security

kube-score is a tool that performs static code analysis of your Kubernetes object definitions. The output is a list of recommendations of what you can improve to make your application more secure and resilient. You can test kube-score out in the browser with the online demo source. Installation...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2020/01/16 11:30 a.m.82 views

LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol

LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...

8.2AI score
Exploits0References5
kitploit
kitploit
added 2020/01/13 8:51 p.m.82 views

laravelN00b - Automated Scan .env Files And Checking Debug Mode In Victim Host

Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug mode in victim host. Scan rationale Scan host. Resolve IP adress and check .env file in IP Adress Checking debug mode Laravel Read .env variables Installation...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/12/23 11:30 a.m.82 views

Shelly - Simple Backdoor Manager With Python (Based On Weevely)

Shelly adalah sebuah tool sederhana yang ditulis menggunakan Python, yang berfungsi untuk meremote sebuah website Instalation : $ git clone https://github.com/tegal1337/Shelly $ cd Shelly $ python3 shell.py Requirements : sudo pip install -r requirements.txt Example : python3 shell.py -g backdoor...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2019/11/17 12:30 p.m.82 views

Seeker v1.1.9 - Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a link which we will forward to the...

7AI score
Exploits0References1
kitploit
kitploit
added 2019/08/03 9:31 p.m.82 views

MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory

Secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa2...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2018/11/05 8:48 p.m.82 views

Parrot Security 4.3 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.3 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Linux 4.18 Linux was updated to the 4.18.10 version, and linux 4.19 will be released soon. Firefox 63 Firefox 63 provides...

7.3AI score
Exploits0
kitploit
kitploit
added 2018/10/06 9:42 p.m.82 views

TakeOver v1 - Extracts CNAME Record Of All Subdomains At Once

What isSubdomain Takeover? Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service su...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2018/09/19 12:25 p.m.82 views

EggShell - iOS/macOS/Linux Remote Administration Tool

EggShell is a post exploitation surveillance tool written in Python. It gives you a command line session with extra functionality between you and a target machine. EggShell gives you the power and convenience of uploading/downloading files, tab completion, taking pictures, location tracking, shel...

7.9AI score
Exploits0References2
kitploit
kitploit
added 2018/09/12 8:35 p.m.82 views

Parrot Security 4.2.2 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Updated kernel and core packages Parrot 4.2 is powered by the latestLinux 4.18 debianized kernel with all the usual wireless patches. A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images. Firmware packages were updated to add broader hardware...

7.5AI score
Exploits0
kitploit
kitploit
added 2018/08/05 2:10 p.m.82 views

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2018/06/22 2:12 p.m.82 views

Fuxi Scanner - Network Security Vulnerability Scanner

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions. Vulnerability detection & management Authentication Tester IT asset discovery & management Port scanner Subdomain scanner Acunetix Scanner Integrate Acunetix API Installation Documentation Usa...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2018/03/08 8:22 p.m.82 views

sigma - Generic Signature Format for SIEM Systems

Generic Signature Format for SIEM Systems. What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this...

7.5AI score
Exploits0References9
kitploit
kitploit
added 2016/10/24 2:0 p.m.82 views

ssh-audit - SSH Server Auditing

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2014/06/02 6:29 p.m.82 views

Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa

Bradamsa is a Burp Suite extension for Radamsa, a well-known fuzzer made by the Oulu University Secure Programming Group. Inspired by burp-radamsa, this plugin allows to generate Intruder payloads using Radamsa. Features Java-based plugin using native Burp Suite extension APIs Intruder payloads...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2014/05/26 2:31 a.m.82 views

Tails - The Amnesic Incognito Live System Released

Tails , The Amnesic Incognito Live System, is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete...

7.5AI score
Exploits0
kitploit
kitploit
added 2014/03/21 1:25 a.m.82 views

[MultiMonitorTool] Enable/disable/configure multiple monitors on Windows

MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do...

9.8AI score
Exploits0
kitploit
kitploit
added 2013/02/25 11:35 p.m.82 views

[Automater 1.2] IP and URL Analysis Tool

Automater is a IP and URL Analysis tool we created to help automate the analysis process. You can see a video of Automater in action in TekTip episode 15. Download Automater 1.2...

9.8AI score
Exploits0References1
kitploit
kitploit
added 2024/06/05 12:30 p.m.81 views

X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans

A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects all...

6.3AI score
Exploits0References1
kitploit
kitploit
added 2024/01/12 11:30 a.m.81 views

EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials

This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2021/07/11 12:30 p.m.81 views

JWTweak - Detects The Algorithm Of Input JWT Token And Provide Options To Generate The New JWT Token Based On The User Selected Algorithm

With the global increase in JSON Web Token JWT usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementatio...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2021/05/27 12:30 p.m.81 views

FireStorePwn - Firestore Database Vulnerability Scanner Using APKs

fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. Install fsp sudo wget...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/03/28 11:30 a.m.81 views

CallObfuscator - Obfuscate Specific Windows Apis With Different APIs

Obfuscate hide the PE imports from static/dynamic analysis tools. Theory This's pretty forward, let's say I've used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the IAT so that the thunk that points to VirtualProtect will point instead to Sleep, now at executing...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2021/03/14 11:30 a.m.81 views

Girsh - Automatically Spawn A Reverse Shell Fully Interactive

Who didn't get bored of manually typing the few lines to upgrade a reverse shell to a full interactive reverse shell tty spawn, stty size ..., stty raw -echo or typing the command to use ConPTY. Description With Girsh, just run it and it will detect the OS and execute the correct commands to...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2021/01/22 8:30 p.m.81 views

Sigurlx - A Web Application Attack Surface Mapping Tool

sigurlx a web application attack surface mapping tool, it does ...: Categorize URLs URLs' categories: endpoint js js style css data json|xml|csv archive zip|tar|tar.gz doc pdf|xlsx|doc|docx|txt media jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff Next, probe HTTP requests to th...

7.1AI score
Exploits0References8
kitploit
kitploit
added 2020/12/25 8:30 p.m.81 views

Aura - Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attac...

7AI score
Exploits0References2
kitploit
kitploit
added 2020/07/23 12:30 p.m.81 views

Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools

A graphical interface to use information security tools by the browser. Getting Started Kali Linux Tools Interface is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest...

7AI score
Exploits0References2
kitploit
kitploit
added 2020/07/07 12:30 p.m.81 views

Airshare - Cross-platform Content Sharing In A Local Network

Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2020/04/06 10:0 p.m.81 views

DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer: Support for multiple files Gzip compression supported Now supports...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/22 12:0 p.m.81 views

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/19 8:30 p.m.81 views

InstaSave - Python Script To Download Images, Videos & Profile Pictures From Instagram

InstaSave is a python script to download images, videos & profile pictures from Instagram without any API access. Features Download Instagram Photos Download Instagram Videos Download Instagram Profile Pictures Git Installation clone the repo $ git clone...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/05 8:30 p.m.81 views

Extended-XSS-Search - Scans For Different Types Of XSS On A List Of URLs

This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/01/30 11:30 a.m.81 views

See-SURF - Python Based Scanner To Find Potential SSRF Parameters

A Python based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in web, I see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2020/01/25 11:30 a.m.81 views

AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...

7.3AI score
Exploits0References7
kitploit
kitploit
added 2020/01/20 11:30 a.m.81 views

Grouper2 - Find Vulnerabilities In AD Group Policy

What is it for? Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2019/12/19 11:8 a.m.81 views

Silver - Mass Scan IPs For Vulnerable Services

masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more. Note: Silver...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2019/11/04 9:15 p.m.81 views

Mallory - HTTP/HTTPS Proxy Over SSH

HTTP/HTTPS proxy over SSH. Installation Local machine: go get github.com/justmao945/mallory/cmd/mallory Remote server: need our old friend sshd Configueration Config file Default path is $HOME/.config/mallory.json, can be set when start program mallory -config path/to/config.json Content: idrsa i...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/09/29 1:4 p.m.81 views

JShell - Get A JavaScript Shell With XSS

JShell - Get a JavaScript shell with XSS. Usages Run shell.py and JShell will automatically try to detect your IP address, default LPORT is 33. As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim. As soon as you do that, you will get a...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/09/15 9:7 p.m.81 views

Wildpwn - Unix Wildcard Attack Tool

Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often. First things first! Read: https://www.exploit-db.com/papers/33930/ Basic usage It goes something like...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2018/05/11 12:3 p.m.81 views

ShellPop - Pop Shells Like A Master

Pop shells like a master Shell pop is all about popping shells. With this tool you can generate easy and sofisticated reverse or bind shell commands to help you during penetration tests. Don't waste more time with .txt files storing your Reverse shells! Installation Python 2.x is required. 3.0+...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/02/24 1:6 p.m.81 views

meg - Fetch Many Paths For Many Hosts (Without Killing The Hosts)

meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating. You get lots of results quickly, but non of the individual hosts get flooded with traffic...

7AI score
Exploits0References3
kitploit
kitploit
added 2017/11/17 1:23 p.m.81 views

Enigma - Multiplatform Payload Dropper

Enigma is a Multiplatform payload dropper. Run git clone https://github.com/UndeadSec/Enigma.git cd Enigma python enigma.py or python3 enigma3.py Prerequisites python 2.7 for enigma.py python 3.x for enigma.py metasploit Tested on Kali Linux - ROLLING EDITION Video Download Enigma...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2017/10/10 2:13 p.m.81 views

OSXAuditor - Free Mac OS X Computer Forensics Tool

OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system a...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2017/02/18 2:36 p.m.81 views

dirsearch - Brute Force Directories and Files in Websites

dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions -e|--extensions asp,php Reporting plain text, JSON...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2024/02/22 11:30 a.m.80 views

SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits

SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It'...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2023/01/14 11:30 a.m.80 views

Fuzzable - Framework For Automating Fuzzable Target Discovery With Static Analysis

Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it...

7.4AI score
Exploits0References12
kitploit
kitploit
added 2023/01/03 11:30 a.m.80 views

PXEThief - Set Of Tooling That Can Extract Passwords From The Operating System Deployment Functionality In Microsoft Endpoint Configuration Manager

PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager https://forum.defcon.org/node/241925 against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager or ConfigMgr, still...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2022/12/08 11:30 a.m.80 views

R4Ven - Track Ip And GPS Location

Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location latitude and longitude of the target along with IP Address and Device Information. This tool is a Proof of...

7AI score
Exploits0References5
Total number of security vulnerabilities5000