Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2014/05/26 2:35 a.m.74 views

MagicTree - Penetration Tester Productivity Tool

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we...

7.9AI score
Exploits0
kitploit
kitploit
added 2024/05/24 12:30 p.m.73 views

PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools

A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446"The Pool Party You Will Never Forget: New Process Injection Techniques UsingWindows Thread...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2023/08/15 12:30 p.m.73 views

Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms

Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2022/10/12 11:30 a.m.73 views

SteaLinG - Open-Source Penetration Testing Framework Designed For Social Engineering

The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim's device and run it disclaimers: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2022/08/10 12:30 p.m.73 views

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...

7.5CVSS7.8AI score0.07443EPSS
Exploits2References6
kitploit
kitploit
added 2021/12/02 11:30 a.m.73 views

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/06/27 9:30 p.m.73 views

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/06/03 12:30 p.m.73 views

403Fuzzer - Fuzz 403/401Ing Endpoints For Bypasses

Fuzz 403ing endpoints for bypasses Follow on twitter! @intrudir This tool will check the endpoint with a couple of headers such as X-Forwarded-For It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path. e.g. /%2e/test/test2...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2021/05/12 9:30 p.m.73 views

ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache

Bypass User Account Control UAC to gain elevated Administrator privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How it works ByeIntegrity hijacks a DLL located in the Native Image Cache NIC. The NIC is used ...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/04/08 9:30 p.m.73 views

Max - Maximizing BloodHound

Maximizing BloodHound. Description New Release: dpat - The BloodHound Domain Password Audit Tool DPAT A simple suite of tools: get-info - Pull lists of information from the Neo4j database mark-owned - Mark a list of objects as Owned mark-hvt - Mark a list of objects as High Value Targets query...

6.7AI score
Exploits0References11
kitploit
kitploit
added 2021/02/14 8:30 p.m.73 views

UDdup - Urls De-Duplication Tool For Better Recon

The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably repetitive and points to the same web template. For example: https://www.example.com/product/123 https://www.example.com/product/456 https://www.example.com/product/123?isprod=false...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/11/25 8:30 p.m.73 views

RedShell - An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server

An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r...

7.8AI score
Exploits0References3
kitploit
kitploit
added 2020/09/30 11:30 a.m.73 views

mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool. Features Simple and modular code base making it easy to contribute. CID...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/08/26 9:30 p.m.73 views

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2020/08/23 12:30 p.m.73 views

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

7.3AI score
Exploits0References16
kitploit
kitploit
added 2020/02/23 9:0 p.m.73 views

DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities

DLLPasswordFilterImplant is a custom password filter DLL that allows the capture of a user's credentials. Each password change event on a domain will trigger the registered DLL in order to exfiltrate the username and new password value prior successfully changing it in the Active Directory AD. Fo...

7AI score
Exploits0References1
kitploit
kitploit
added 2018/11/13 12:39 p.m.73 views

Arjun v1.1 - HTTP Parameter Discovery Suite

Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2018/10/01 9:1 p.m.73 views

SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...

7AI score
Exploits0References1
kitploit
kitploit
added 2017/10/15 9:0 p.m.73 views

PowerSAP - Powershell SAP Assessment Tool

PowerSAP is a simple powershell re-implementation of popular & effective techniques of all public tools such as Bizploit, Metasploit auxiliary modules, or python scripts available on the Internet. This re-implementation does not contain any new or undisclosed vulnerability. PowerSAP allows to rea...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2024/09/15 11:30 a.m.72 views

ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again

ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again. Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/Imperius Download ModTracer...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2023/07/13 12:30 p.m.72 views

ZeusCloud - Open Source Cloud Security

ZeusCloud is an open source cloud security platform. Discover, prioritize, and remediate your risks in the cloud. Build an asset inventory of your AWS accounts. Discover attack paths based on public exposure, IAM, vulnerabilities, and more. Prioritize findings with graphical context. Remediate...

7.4AI score
Exploits0References4
kitploit
kitploit
added 2023/02/12 11:30 a.m.72 views

DNSrecon-gui - DNSrecon Tool With GUI For Kali Linux

DNSRecon is a DNS scanning and enumeration tool written in Python, which allows you to perform different tasks, such as enumeration of standard records for a defined domain A, NS, SOA, and MX. Top-level domain expansion for a defined domain. With this graph-oriented user interface, the different...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2022/08/31 12:30 p.m.72 views

Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security

A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash...

7.3AI score
Exploits0References92
kitploit
kitploit
added 2022/03/27 8:30 p.m.72 views

Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2022/03/19 11:30 a.m.72 views

Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...

6.6AI score
Exploits0References4
kitploit
kitploit
added 2022/02/16 8:30 p.m.72 views

Macrome - Excel Macro Document Reader/Writer For Red Teamers And Analysts

An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be found here and here. Installation / Building Clone or download this repository, the tool can then be executed using dotnet - for example: dotnet run -- build --decoy-documen...

7.8AI score
Exploits0References8
kitploit
kitploit
added 2021/07/08 9:30 p.m.72 views

Ipa-Medit - Memory Search And Patch Tool For Resigned Ipa Without Jailbreak

Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be...

7.2AI score
Exploits0References7
kitploit
kitploit
added 2021/05/28 12:30 p.m.72 views

AnalyticsRelationships - Get Related Domains / Subdomains By Looking At Google Analytics IDs

subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar " Get related domains / subdomains by looking at Google Analytics IDs Python/GO versions By @JosueEncinar This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First sear...

7AI score
Exploits0References3
kitploit
kitploit
added 2021/05/25 12:30 p.m.72 views

Solr-GRAB - Steal Apache Solr Instance Queries With Or Without A Username And Password

Steal Apache Solr instance Queries with or without a username and password. DISCLAIMER : This project should be used for authorized testing and educational purposes only. Download git clone https://github.com/GnosticPlayers/Solr-GRAB Usage You can search for Apache Solr Instances via Censys, with...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/05/17 12:30 p.m.72 views

Eyeballer - Convolutional Neural Network For Analyzing Pentest Screenshots

Eyeballer is meant for large-scope network penetration tests where you need to find "interesting" targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like normal EyeWitness or GoWitness and then run them through Eyeballer to tell you what's likely to...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/12/19 11:30 a.m.72 views

Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications

A bento 弁当, bentō is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. It has the portability of Docker with the addition of X, so you can also run GUI application like burp...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2020/11/16 8:30 p.m.72 views

MacC2 - Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities

MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed to command line executions. The client is written in python2, which though deprecated is still being shipped with base Big Sur installs. It is possible down the road that Apple wil...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2020/10/23 11:30 a.m.73 views

GitDorker - A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks

GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query. The Primary purpose of GitDorker is to provide the user with a clean and...

6.8AI score
Exploits0References4
kitploit
kitploit
added 2020/10/14 8:30 p.m.72 views

Mikrot8Over - Fast Exploitation Tool For Mikrotik RouterOS

mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4 This is reworked original Mikrotik Exploit. Added Python 2 compatibility and multithreading scan features. Python version Utility was tested on a python2.6 , python2.7 , python3. If you have found any bugs, don't hesitate to...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2020/07/15 9:30 p.m.72 views

Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/03/12 8:30 p.m.72 views

Dirble - Fast Directory Scanning And Scraping Tool

Dirble is a website directory scanning tool for Windows and Linux. It's designed to be fast to run and easy to use. How to Use Download one of the precompiled binaries for Linux, Windows, or Mac, or compile the source using Cargo, then run it from a terminal. The default wordlist Dirble uses is...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2019/05/01 9:27 p.m.72 views

Adidnsdump - Active Directory Integrated DNS Dumping By Any Authenticated User

By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer. This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks. For more info, read the associated blog post...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2017/12/05 1:21 p.m.72 views

Shodanwave - Exploring and Obtaining Information from Netwave IP Camera

Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online. What does the tool to? Look, a list! Search Brute force SSID and WPAPSK Password Disclosure E-mail...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/11/23 1:20 p.m.72 views

sAINT - A Spyware Generator for Windows systems written in Java

sAINT is a Spyware Generator for Windows systems written in Java. Features Keylogger Take Screenshot Webcam Capture Persistence Tested On KaliLinux - ROLLING EDITION How To Use Install dependencies you need Maven and JDK 8 package installed $ apt install maven default-jdk default-jre openjdk-8-jd...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2015/07/17 3:1 p.m.72 views

MicEnum - Mandatory Integrity Control Enumerator for Windows

In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control MIC is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity LevelsIL-based isolation to running processes and objects...

7AI score
Exploits0
kitploit
kitploit
added 2014/08/12 11:36 p.m.72 views

SimpleProgramDebugger - Simple program debugger that shows all debug events

SimpleProgramDebugger is a simple debugging tool for Windows that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit...

7.3AI score
Exploits0
kitploit
kitploit
added 2013/11/13 9:34 p.m.72 views

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files Hash Calculator Hash...

6.5AI score
Exploits0
kitploit
kitploit
added 2013/11/04 3:15 a.m.72 views

[Laudanum] Collection of injectable files

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others. Download Laudanum...

10AI score
Exploits0
kitploit
kitploit
added 2013/06/03 2:46 a.m.72 views

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured ...

7.3AI score
Exploits0
kitploit
kitploit
added 2022/11/14 11:30 a.m.71 views

Unblob - Extract Files From Any Kind Of Container Formats

unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats , extracts their content recursively , and carves out unknown chunks that have not been accounted for. Unblob is free to use ,...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2022/11/09 11:45 a.m.71 views

RDPHijack-BOF - Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking

Cobalt Strike Beacon Object File BOF that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket e.g., golden ticket of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2022/06/08 9:30 p.m.71 views

AutoPWN Suite - Project For Scanning Vulnerabilities And Exploiting Systems Automatically

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. How does it work? AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2021/05/11 12:30 p.m.71 views

Baserunner - A Tool For Exploring Firebase Datastores

A tool for exploring and exploiting Firebase datastores. Set up 1. git clone https://github.com/iosiro/baserunner.git 2. cd baserunner 3. npm install 4. npm run build 5. npm start 6. Go to http://localhost:3000 in your browser. Usage The Baserunner interface looks like this: First, use the...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/04/20 9:30 p.m.71 views

BetterXencrypt - A Better Version Of Xencrypt - Xencrypt It Self Is A Powershell Runtime Crypter Designed To Evade AVs

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs. cause Xencrypt is not FUD anymore and easily get caught by AMSI,i recode the stub and now it FUD again. And the original Xencrypt,if you see on the screenshot proof,he's tested on Windows 8,and if...

6.4AI score
Exploits0References2
kitploit
kitploit
added 2020/12/08 8:30 p.m.71 views

Packer-Fuzzer - A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call,...

8.2AI score
Exploits0References1
Total number of security vulnerabilities5000