Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2021/07/18 12:30 p.m.78 views

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2021/06/05 9:30 p.m.78 views

Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS

This is an IN PROGRESS persistance tool using Windows Background Intelligent Transfer Service BITS. Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command line arguments -d remoteLocation, writePath:...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/06/26 4:33 a.m.78 views

Spyse: All-In-One Cybersecurity Search Engine

Spyse is a cybersecurity search engine for finding technical information about different internet entities, business data, and vulnerabilities. It’s an all-in-one platform for fast and effortless reconnaissance without using any additional tools. Spyse engine implements a ready-to-use database wi...

4.9CVSS6.4AI score0.02138EPSS
Exploits1
kitploit
kitploit
added 2020/05/22 12:30 p.m.78 views

Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments

Minimalistic SMB loginbruteforcer smblogin.ps1 A simple SMB login attack and password spraying tool. It takes a list of targets and credentials username and password as parameters and it tries to authenticate against each target using the provided credentials. Despite its minimalistic design, the...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/03/11 11:33 a.m.78 views

Sifter - A OSINT, Recon And Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/02/23 12:30 p.m.78 views

Ohmybackup - Scan Victim Backup Directories & Backup Files

ohmybackup - Scan Victim's Backup Directories & Backup Files ohmybackup Scans backup folders on target sites. Searches archived files in the folders it finds. With the 2-file scanning system, it adds extensions and filenames in different ways, making it more likely to be found. 1 -...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/02/19 12:0 p.m.78 views

0L4Bs - Cross-site Scripting Labs For Web Application Security Enthusiasts

Cross-site scripting labs for web application security enthusiasts List of Chall : Chall 1 | URL Chall 2 | Form Chall 3 | User-Agent Chall 4 | Referrer Chall 5 | Cookie Chall 6 | LocalStorage Chall 7 | Login Page Chall 8 | File Upload Chall 9 | Base64 Encoding Chall 10 | Removes Alert Chall 11 |...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2020/02/17 12:0 p.m.78 views

DrSemu - Malware Detection And Classification Tool Based On Dynamic Behavior

Dr.Semu runs executables in an isolated environment, monitors the behavior of a process, and based on Dr.Semu rules created by you or the community, detects if the process is malicious or not. whoami:@qazqaz With Dr.Semu you can create rules to detect malware based on dynamic behavior of a proces...

7.2AI score
Exploits0References8
kitploit
kitploit
added 2019/12/01 9:1 p.m.78 views

Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust

Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.31.1. Add to your Cargo.toml dependencies goblin = "0.1" Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation - wow! zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o pars...

7AI score
Exploits0References41
kitploit
kitploit
added 2019/11/20 9:23 p.m.78 views

Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests

This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite Scanner, Intruder, Repeater, Proxy History and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! : Don't forget to click save button ! Changelog 24...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2019/07/09 10:11 p.m.78 views

Regipy - An OS Independent Python Library For Parsing Offline Registry Hives

Regipy is a python library for parsing offline registry hives. regipy has a lot of capabilities: Use as a library: Recurse over the registry hive, from root or a given path and get all subkeys and values Read specific subkeys and values Apply transaction logs on a registry hive Command Line Tools...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2018/11/02 9:23 p.m.78 views

Frida-Wshook - Script Analysis Tool Based On Frida.re

frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn't implement function stubs or proxies within the targeted scripting...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/09/03 3:53 p.m.78 views

SMBetray - SMB MiTM Tool With A Focus On Attacking Clients Through File Content Swapping, Lnk Swapping, As Well As Compromising Any Data Passed Over The Wire In Cleartext

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known. Background Released at Defcon26 at "SMBetray - Backdooring and Breaking Signatures" In SMB...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2017/03/07 2:30 p.m.78 views

BlackArch Linux 2017.03.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1707 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: add more than 50 new tools update...

7.4AI score
Exploits0
kitploit
kitploit
added 2016/01/05 10:0 p.m.78 views

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2024/09/19 11:30 a.m.77 views

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2024/03/21 11:30 a.m.77 views

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2022/08/07 12:30 p.m.77 views

BlackStone - Pentesting Reporting Tool

BlackStone project or "BlackStone Project" is a tool created in order to automate the work of drafting and submitting a report on audits of ethical hacking or pentesting. In this tool we can register in the database the vulnerabilities that we find in the audit, classifying them by internal,...

7.1AI score
Exploits0References7
kitploit
kitploit
added 2021/08/28 9:30 p.m.77 views

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

7.4AI score
Exploits0References4
kitploit
kitploit
added 2021/08/14 9:30 p.m.77 views

Bantam - A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems...

8.1AI score
Exploits0References15
kitploit
kitploit
added 2021/06/13 9:30 p.m.77 views

EmailFinder - Search Emails From A Domain Through Search Engines

\ \ /| \ | /| /| \ || \ | | | | | \ | || | || | | | | \ \ || | | || | | | | \ || | || \ | /| | \ || / | \ \ /|/ |/ / |/ / | Author: @JosueEncinar | Description: Search emails from a domain through search engines. | Version: 0.1b | Usage: emailfinder -d domain.com Installation: pip3 install...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/01/30 11:30 a.m.77 views

SSRF-King - SSRF Plugin For Burp Automates SSRF Detection In All Of The Request

SSRF plugin for burp that Automates SSRF Detection in all of the Request Upcoming Features Checklist It will soon have a user Interface to specifiy your own call back payload It will soon be able to test Json & XML Test for SMTP SSRF How to Install/Build git clone...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2020/12/06 9:30 p.m.77 views

Hijackthis - A Free Utility That Finds Malware, Adware And Other Security Threats

HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new...

7.3AI score
Exploits0References17
kitploit
kitploit
added 2020/06/25 9:30 p.m.77 views

Colabcat - Running Hashcat On Google Colab With Session Backup And Restore

Run Hashcat on Google Colab with session restore capabilities with Google Drive. Usage Go to the link below to open a copy of the colabcat.ipynb file in Google Colab: https://colab.research.google.com/github/someshkar/colabcat/blob/master/colabcat.ipynb Click on Runtime, Change runtime type, and...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2020/04/27 9:30 p.m.77 views

DeathRansom - A Ransomware Developed In Python, With Bypass Technics, For Educational Purposes

What is a ransomware? A ransomware is malware that encrypts all your files and shows a ransom request, which tells you to pay a set amount, usually in bitcoins BTC, in a set time to decrypt your files, or he will delete your files. How it works? First, the script checks if it's in a sandbox,...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/03/30 11:30 a.m.77 views

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

7.8AI score
Exploits0References4
kitploit
kitploit
added 2020/03/10 12:0 p.m.77 views

SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go

This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to. Features Repsond to any HTTP method GET, POST, PUT, DELETE, etc. Configurable...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/03/04 8:30 p.m.77 views

PrivescCheck - Privilege Escalation Enumeration Script For Windows

This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation. I built on the amazing work done by @harmj0y and @mattifestation in PowerUp. I...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/02/04 11:0 a.m.77 views

Nfstream - A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2019/08/28 1:0 p.m.77 views

NebulousAD - Automated Credential Auditing Tool

NebulousAD Automated Credential Auditing Tool. Installation Simply download the precompiled release requires no python interpreter, or build from source: Requires Python2.7 for now Run git clone [email protected]:NuID/nebulousAD.git Next, install with python setup.py install Then initialize...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/11/17 1:13 p.m.77 views

Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

7.5AI score
Exploits0References7
kitploit
kitploit
added 2018/10/04 8:58 p.m.77 views

Malwoverview - Tool To Perform An Initial And Quick Triage On Either A Directory Containing Malware Samples Or A Specific Malware Sample

Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples not zipped. This tool aims to : 1. Determining similar executable malware samples PE/PE+ according to the import table imphash and group them by different colors pay attention to the...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/02/09 1:10 p.m.77 views

Meterpreter Paranoid Mode - Meterpreter over SSL/TLS connections

MeterpreterParanoidMode.sh allows users to secure your staged/stageless connection for Meterpreter by having it check the certificate of the handler it is connecting to. We start by generating a certificate in PEM format, once the certs have been created we can create a HTTP or HTTPS or EXE paylo...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2017/05/22 2:57 p.m.77 views

Cameradar - An RTSP Surveillance Camera Access Multitool

Cameradar hacks its way into RTSP CCTV cameras Cameradar allows you to: Detect open RTSP hosts on any accessible target Get their public info hostname, port, camera model, etc. Launch automated dictionary attacks to get their stream route for example /live.sdp Launch automated dictionary attacks ...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2015/10/18 8:46 p.m.77 views

TheFuck - Magnificent App Which Corrects Your Previous Console Command

Few examples: ➜ apt-get install vim E: Could not open lock file /var/lib/dpkg/lock - open 13: Permission denied E: Unable to lock the administration directory /var/lib/dpkg/, are you root? ➜ fuck sudo apt-get install vim enter/↑/↓/ctrl+c sudo password for nvbn: Reading package lists... Done ... ➜...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2024/09/14 3:22 p.m.76 views

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2024/01/05 11:30 a.m.76 views

D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux

Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2023/01/17 11:30 a.m.76 views

APTRS - Automated Penetration Testing Reporting System

APTRS Automated Penetration Testing Reporting System is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities...

7.3AI score
Exploits0References8
kitploit
kitploit
added 2022/12/18 11:30 a.m.76 views

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

7.7AI score
Exploits0References11
kitploit
kitploit
added 2022/11/26 11:30 a.m.76 views

MSMAP - Memory WebShell Generator

Msmap is a Memory WebShell Generator. Compatible with various Containers, Components, Encoder, WebShell / Proxy / Killer and Management Clients. 简体中文 The idea behind I, The idea behind II Function Dynamic Menu Automatic Compilation Generate Script Lite Mode Graphical Interface Container Java...

7.5AI score
Exploits0References14
kitploit
kitploit
added 2022/10/18 11:30 a.m.76 views

xnLinkFinder - A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target

About - v2.0 This is a tool used to discover endpoints and potential parameters for a given target. It can find them by: crawling a target pass a domain/URL crawling multiple targets pass a file of domains/URLs searching files in a given directory pass a directory name get them from a Burp projec...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2022/08/29 12:30 p.m.76 views

Erlik - Vulnerable Soap Service

Erlik - Vulnerable Soap Service Tested - Kali 2022.1 Description It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing. Features It contains the following vulnerabilities. LFI SQL Injection Informaion...

8AI score
Exploits0References17
kitploit
kitploit
added 2021/08/15 9:30 p.m.76 views

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2021/04/03 11:30 a.m.76 views

SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO

SharpGPOAbuse is a .NET application written in C that can be used to take advantage of a user's edit rights on a Group Policy Object GPO in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post:...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/05/31 9:30 p.m.76 views

Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...

6.7AI score
Exploits0References6
kitploit
kitploit
added 2020/03/21 9:0 p.m.76 views

HTTPS Everywhere - A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections. Getting Started Get the packages you need and install a git hook to run tests before push: bash install-dev-dependencies.sh Run the ruleset validations and browser...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2020/02/26 12:0 p.m.76 views

Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali Tools

Shell Script For Attacking Wireless Connections Using Built-In Kali Tools. Supports All Securities WEP, WPS, WPA, WPA2...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/11/01 12:0 p.m.76 views

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/08/06 10:0 p.m.76 views

Project iKy v2.1.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2019/04/24 1:16 p.m.76 views

Kubebot - A Security Testing Slackbot Built With A Kubernetes Backend On The Google Cloud Platform

A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform Architecture Demo Data Flow 1 - API request tool, target, options initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes K8s cluster and can be scaled. 2 - API...

7.5AI score
Exploits0References28
Total number of security vulnerabilities5000