Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2021/04/26 12:30 p.m.567 views

Profil3r - OSINT Tool That Allows You To Find A Person'S Accounts And Emails + Breached Emails

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails. Prerequisite Python 3 Installation git clone...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/23 9:30 p.m.566 views

Onex - A Library Of Hacking Tools For Termux And Other Linux Distributions

"onex a hacking tools library." Onex is a kali linux hacking tools installer for termux and other linux distribution. It's package manager for hacker's. onex manage large number's of hacking tools that can be installed on single click.Using onex, you can install all hacking tools in Termux and...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/01/20 11:30 a.m.566 views

Ghauri - An Advanced Cross-Platform Tool That Automates The Process Of Detecting And Exploiting SQL Injection Security Flaws

An advanced cross-platform tool that automates the process of detecting andexploiting SQL injection security flaws Requirements Python 3 Python pip3 Installation cd to ghauri directory. install requirements: python3 -m pip install --upgrade -r requirements.txt run: python3 setup.py install or...

8.6AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/06 8:30 p.m.565 views

Lockphish - The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it's the first tool 07/04/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial:https://www.kalilinux.in/2020/05/lockphish.html Author: The Linux Choice Who deleted his GitHub repository...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/16 8:30 p.m.563 views

SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...

7.5AI score
Exploits0References12
Kitploit
Kitploit
added 2019/09/04 10:43 p.m.563 views

PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters

PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/06/27 9:55 p.m.562 views

Lynis 2.7.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2021/01/07 11:30 a.m.560 views

Sarenka - OSINT Tool - Data From Services Like Shodan, Censys Etc. In One Place

SARENKA is an Open Source Intelligence OSINT tool which helps you obtaining and understanding Attack Surface. The main goal is to gathering infromation from search engines for Internet-connected devices https://censys.io/ , https://www.shodan.io/. It scraps data about Common Vulnerabilities and...

6.5AI score
Exploits4References5
Kitploit
Kitploit
added 2019/05/07 12:39 p.m.560 views

10Minutemail - Python Temporary Email

10minutemail.net is a free, disposable e-mail service. Your temporary e-mail address will expire after 10 minutes, after which you cannot access it. You can extend the time by 10 minutes. The website you are registering with could be selling your personal information; you never know where your...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/15 12:30 p.m.557 views

DiscordRAT - Discord Remote Administration Tool Fully Written In Python

Discord Remote Administration Tool fully written in Python3. This is a RAT controlled over Discord with over 20 post exploitation modules. Disclaimer: This tool is for educational use only, the author will not be held responsible for any misuse of this tool. This is my first project on github as...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/16 12:30 p.m.556 views

CamPhish - Grab Cam Shots From Target'S Phone Front Camera Or PC Webcam Just Sending A Link.

Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish? CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/08/16 10:0 p.m.556 views

Iris - WinDbg Extension To Perform Basic Detection Of Common Windows Exploit Mitigations

Iris WinDbg extension performs basic detection of common Windows exploit mitigations 32 and 64 bits. The checks implemented, as can be seen in the screenshot above, are for the loaded modules: DynamicBase ASLR DEP SEH SafeSEH CFG RFG GS AppContainer If you don't know the meaning of some of the...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2019/06/27 1:18 p.m.555 views

Project iKy - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Project First of all we want to advice you that we have changed the Frontend from AngularJS to Angular 7. For this reason we left the project with...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2018/02/16 1:23 p.m.554 views

IntruderPayloads - A Collection Of Burpsuite Intruder Payloads, Fuzz Lists And File Uploads

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. Author: 1N3@CrowdShield https://crowdshield.com PENTEST METHODOLOGY v2.0 BASIC PASSIVE AND ACTIVE CHECKS:...

8.3AI score
Exploits0References1
Kitploit
Kitploit
added 2019/02/16 12:32 p.m.549 views

Ponce - IDA Plugin For Symbolic Execution Just One-Click Away!

Ponce pronounced 'poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...

8.1AI score
Exploits0References13
Kitploit
Kitploit
added 2019/07/26 12:49 p.m.547 views

grapheneX - Automated System Hardening Framework

grapheneX In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2019/06/08 10:13 p.m.546 views

Shellphish - Phishing Tool For 18 Social Media (Instagram, Facebook, Snapchat, Github, Twitter...)

Phishing Tool for 18 social media: Instagram, Facebook, Snapchat, Github, Twitter, Yahoo, Protonmail, Spotify, Netflix, Linkedin, Wordpress, Origin, Steam, Microsoft, InstaFollowers, Gitlab, Pinterest. This script uses some webpages generated bySocialFish Tool...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2021/08/31 12:30 p.m.545 views

Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid. @Gwen001 has scripted the entire process available here and it can be found here Table of Contents ABTasty API Key Algolia API key Amplitude API Keys Asana Access token AWS Acce...

7.2AI score
Exploits0References76
Kitploit
Kitploit
added 2021/04/01 11:30 a.m.544 views

Seatbelt - A C# Project That Performs A Number Of Security Oriented Host-Survey "Safety Checks" Relevant From Both Offensive And Defensive Security Perspectives

Seatbelt is a C project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. @andrewchiles' HostEnum.ps1 script and @tifkin's Get-HostProfile.ps1 provided inspiration for many of the artifacts to collect. @harmj0...

7AI score
Exploits0References24
Kitploit
Kitploit
added 2021/02/18 11:30 a.m.537 views

Ghidra_Kernelcache - A Ghidra Framework For iOS Kernelcache Reverse Engineering

This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in the kernel and have automated most of the things I really wanted to see in Ghidra to speed up the process of reversing, and this proven to be effective and saves a l...

6.8AI score
Exploits0References12
Kitploit
Kitploit
added 2020/11/21 8:30 p.m.537 views

Fuzzilli - A JavaScript Engine Fuzzer

A coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language "FuzzIL" which can be mutated and translated to JavaScript. Usage The basic steps to use this fuzzer are: 1. Download the source code for one of the supported JavaScript engines. See the Targets/...

9.8CVSS9.3AI score0.37951EPSS
Exploits38References46
Kitploit
Kitploit
added 2020/08/21 12:30 p.m.536 views

ADBSploit - A Python Based Tool For Exploiting And Managing Android Devices Via ADB

A python based tool for exploiting and managing Android devices via ADB Currently on development Screenrecord Stream Screenrecord Extract Contacts Extract SMS Extract Messasing App Chats WhatsApp/Telegram/Line Install Backdoor And more... Installation First Download or clone repo git clone...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/04 9:29 p.m.536 views

DVWA - Damn Vulnerable Web Application

Damn Vulnerable Web Application DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

9AI score
Exploits0References4
Kitploit
Kitploit
added 2021/04/10 9:30 p.m.534 views

Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques

An open-source Go project to test different web application firewalls WAF for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let's say you defined 2 payloads, 3 encoders Base64, JSON, and...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/04 2:11 p.m.534 views

Universal Radio Hacker - Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include hardware interfaces for common Software Defined Radios easy demodulation of signals assigning participants to keep overview of your data customizable decodings to crack even sophisticated...

6.7AI score
Exploits0References3
Kitploit
Kitploit
added 2019/09/26 12:0 p.m.533 views

MemProcFS - The Memory Process File System

The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file...

6.8AI score
Exploits0References15
Kitploit
Kitploit
added 2021/07/07 12:30 p.m.531 views

GitDump - A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled

GitDump dumps the source code from .git when thedirectory traversal is disabled Requirements Python3 Tested on Windows Kali Linux What it does Dump source code from website/.git directory when directory traversal is disabled. How it works Fetch all common files .git/index, .git/HEAD, .git/ORIGHEA...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2020/03/24 8:30 p.m.530 views

Zphisher - Automated Phishing Tool

Zphisher is an upgraded form of Shellphish. The main source code is fromShellphish . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal . It also has 4 Port Forwarding Tools . You ca...

7.6AI score
Exploits0References8
Kitploit
Kitploit
added 2018/02/10 9:9 p.m.529 views

VENOM 1.0.15 - Metasploit Shellcode Generator/Compiler/Listener

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh injects the shellcode generated into one template example: python "the python funtion will execute the shellcode into ram" and uses compilers like gcc gnu cross compiler or...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2021/05/29 12:30 p.m.528 views

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

6.9AI score
Exploits0References5
Kitploit
Kitploit
added 2021/01/09 11:30 a.m.528 views

Emp3R0R - Linux Post-Exploitation Framework Made By Linux User

linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect in future releases packer: cryptor + memfdcreate packer: use shmopen in older Linux kernels dropper: shellcode injector - python injector: inject shellcode...

6.6CVSS7.4AI score0.2704EPSS
Exploits39References20
Kitploit
Kitploit
added 2019/05/08 8:43 p.m.526 views

CQTools - The New Ultimate Windows Hacking Toolkit

CQURE Team has prepared tools used during penetration testing and packed those in a toolkit named CQTools. This toolkit allows to deliver complete attacks within the infrastructure, starting with sniffing and spoofing activities, going through information extraction, password extraction, custom...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2019/03/14 8:12 p.m.524 views

SocialFish v2 - Educational Phishing Tool & Information Collector

Ultimate phishing tool with Ngrok integrated. Are you looking for SF's mobile controller? UndeadSec/SocialFishMobile PREREQUISITES Python 2.7 Wget from Python PHP TESTED ON Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/11/05 11:30 a.m.523 views

PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact

PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...

7.4AI score
Exploits0References17
Kitploit
Kitploit
added 2013/10/22 12:42 a.m.522 views

[Facebook Password Decryptor v5.5 ] Facebook Password Recovery Software

Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers. It is one of our most popular software with over One Million Downloads worldwide. Here is the complete list of supported applications. Internet Explorer...

9.3AI score
Exploits0
Kitploit
Kitploit
added 2019/04/11 12:46 p.m.521 views

QRLJacker v2.0 - QRLJacking Exploitation Framework

QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code a...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2021/06/23 12:30 p.m.520 views

CamOver - A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password

CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popular camera models such as CCTV, GoAhead and Netwave. Optimized to exploit multiple cameras at one time from list with threading enabled. Simple CLI and API...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/12/27 12:34 p.m.518 views

Infoga - Email OSINT

Infoga is a tool gathering email accounts informations ip,hostname,country,... from different public source search engines, pgp key servers and shodan and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration tes...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/28 1:3 p.m.515 views

XSStrike v3.0 - Most Advanced XSS Detection Suite

Why XSStrike? Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are...

6.4AI score
Exploits0References4
Kitploit
Kitploit
added 2019/04/14 12:56 p.m.513 views

pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabricatio...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/12/23 8:42 p.m.512 views

Hatch - Tool To Brute Force Most Websites

Hatch is a brute force tool that is used to brute force most websites Installation Instructions git clone https://github.com/MetaChar/Hatch python2 main.py Requirements pip2 install selenium pip2 install pyvirtualdisplay pip2 install requests sudo apt-get install xserver-xephyr chrome driver and...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/31 8:12 p.m.511 views

Kali Linux 2018.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

Welcome to our fourth and final release of 2018, Kali Linux 2018.4, which is available for immediate download. This release brings kernel up to version 4.18.10, fixes numerous bugs, includes many updated packages, and a very experimental 64-bit Raspberry Pi 3 image. New Tools and Tool Upgrades...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2018/11/22 12:38 p.m.510 views

NodeJsScan - A Static Security Code Scanner For Node.js Applications

Static security code scanner SAST for Node.js applications. Configure & Run NodeJsScan Install Postgres and configure SQLALCHEMYDATABASEURI in core/settings.py pip3 install -r requirements.txt python3 migrate.py Run once to create database entries required python3 app.py Testing Environment...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/03 9:30 p.m.509 views

Doldrums - A Flutter/Dart Reverse Engineering Tool

To flutter: to move in quick, irregular motions, to beat rapidly, to be agitated. Doldrums: a period of stagnation. Doldrums is a reverse engineering tool for Flutter apps targetting Android. Concretely, it is a parser and information extractor for the Flutter/Dart Android binary, conventionally...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2021/07/20 12:30 p.m.506 views

Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service ReDoS. More info onthe Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input...

7.5CVSS7.7AI score0.06617EPSS
Exploits9References19
Kitploit
Kitploit
added 2023/02/25 11:30 a.m.505 views

CVE-Vulnerability-Information-Downloader - Downloads Information From NIST (CVSS), First.Org (EPSS), And CISA (Exploited Vulnerabilities) And Combines Them Into One List

Common Vulnerability Scoring System CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. Exploit Prediction Scoring System EPSS estimates the likelihood that a software vulnerability will be exploited in the wild. CISA publishes a list ...

10CVSS10AI score0.99999EPSS
Exploits354References4
Kitploit
Kitploit
added 2020/07/20 12:30 p.m.496 views

Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools

Lazymux tools installer is very easy to use, only provided for lazy termux users; it's huge list of Many Hacking tools and PEN TESTING! NOTE: Am not Responsible of bad use of this project. Requirements • Linux environment • Python 2.x • git Installation and Using Lazymux git clone...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2018/09/30 1:10 p.m.494 views

BYOB - Build Your Own Botnet

BYOB Build Your Own Botnet Disclaimer : This project should be used for authorized testing or educational purposes only. BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/28 9:51 p.m.492 views

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

7.1AI score
Exploits0References15
Kitploit
Kitploit
added 2018/08/12 9:7 p.m.490 views

Hashcat v4.2.1 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

7.5AI score
Exploits0
Total number of security vulnerabilities5000