Lucene search
+L
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2015/03/05 1:10 a.m.67 views

Vane - WordPress Vulnerability Scanner (A GPL fork of WPScan)

Vane is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan. INSTALL Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Installing on Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2014/07/31 12:41 a.m.67 views

QuasiBot - Webshell Manager aka HTTP Botnet

QuasiBot is a complex webshell manager written in PHP, which operate on web-based backdoors implemented by user himself. Using prepared php backdoors, quasiBot will work as C&C trying to communicate with each backdoor. Tool goes beyond average web-shell managers, since it delivers useful function...

8.7AI score
Exploits0References2
Kitploit
Kitploit
added 2025/04/19 12:30 p.m.66 views

Maryam - Open-source Intelligence(OSINT) Framework

OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly. Installation Supported OS Linux FreeBSD Darwin OSX $ pip install maryam Alternatively, you...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2024/06/19 12:30 p.m.66 views

Volana - Shell Command Obfuscation To Avoid Detection Systems

Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to bestealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part...

7.7AI score
Exploits0References6
Kitploit
Kitploit
added 2023/03/04 11:30 a.m.66 views

X-force - IBM Security Utilitary Library In Python. Search And Query All Sources: Threat_Activities And Groups, Malware_Analysis, Industries

IBM Security X-FORCE Exchange library in Python 3. Search: threatactivities, threatgroups, malwareanalysis, collector and industries. Install pip3 install XForce Use Using you APIKEY make a basic authentication. After make a base64 code → Key + : + Password: printf...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/01/29 11:30 a.m.66 views

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Visually inspect all of the regex matches and their sexier, more cloak and dagger cousins, the YARA matches found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start pipx install yaralyzer Scan against YARA...

7.2AI score
Exploits0References15
Kitploit
Kitploit
added 2022/07/07 12:30 a.m.66 views

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2022/06/17 12:30 p.m.66 views

LambdaGuard - AWS Serverless Security

AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. LambdaGuard is an AWS Lambda auditing tool designed to create asset...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2022/05/10 9:30 p.m.66 views

Spring4Shell-Poc - Spring Core RCE 0-day Vulnerability

Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean packag...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2022/04/25 9:30 p.m.66 views

Wpgarlic - A Proof-Of-Concept WordPress Plugin Fuzzer

A proof-of-concept WordPress plugin fuzzer used in the research described in https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html that helped to discover more than 140 vulnerablities in WordPress plugins installed on almost 15 million sites. If you want to continue the research, start with...

6.5CVSS5.6AI score0.03005EPSS
Exploits6References4
Kitploit
Kitploit
added 2021/07/13 9:30 p.m.66 views

Whisker - A C# Tool For Taking Over Active Directory User And Computer Accounts By Manipulating Their msDS-KeyCredentialLink Attribute

Whisker is a C tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account. This tool is based on code from DSInternals by Michael Grafnetter @MGrafnetter. For this attack to...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/11 9:30 p.m.66 views

VAST - Visibility Across Space And Time

The network telemetry engine for data-driven security investigations. Getting Started — Installation — Documentation — Development — Changelog — License and Scientific Use Chat with us on Gitter, or join us on Matrix at tenzirvast:gitter.im. Key Features High-Throughput Ingestion : import numerou...

7.2AI score
Exploits0References7
Kitploit
Kitploit
added 2021/05/03 9:30 p.m.66 views

Evasor - A Tool To Be Used In Post Exploitation Phase For Blue And Red Teams To Bypass APPLICATIONCONTROL Policies

The Evasor is an automated security assessment tool which locates existing executables on the Windows operating system that can be used to bypass any Application Control rules. It is very easy to use, quick, saves time and fully automated which generates for you a report including description,...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2021/04/11 9:30 p.m.66 views

Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool

Simplistic yet fancy CPU architecture fetching tool 1. Support cpufetch currently supports x8664 CPUs both Intel and AMD and ARM. Platform | x8664 | ARM | Notes ---|---|---|--- Linux | ✔️ | ✔️ | Prefered platform. Experimental ARM support Windows | ✔️ | ❌ | Some information may be missing. Colors...

7AI score
Exploits0References6
Kitploit
Kitploit
added 2020/12/21 11:30 a.m.66 views

Watcher - Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...

7.3AI score
Exploits0References11
Kitploit
Kitploit
added 2020/12/10 11:30 a.m.66 views

DarkSide - Tool Information Gathering And Social Engineering

Features: Hacker Dashboard Hacker News thehackernews.com/ New Exploits Exploit-db.com Hacking Tutorials Video youtube.com The Latest Prices OF Digital Currencies Rials , Usd Information Gathering Bypass Cloud Flare Cms Detect Trace Toute Reverse IP Port Scan IP location Finder Show HTTP Header Fi...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/11/25 11:30 a.m.66 views

Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")

wsb-detect enables you to detect if you are running in Windows Sandbox "WSB". The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox WSB for short. The...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/11/22 11:30 a.m.66 views

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/11/10 8:30 p.m.66 views

Py3Webfuzz - A Python3 Module To Assist In Fuzzing Web Applications

Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of vulnerabilities in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/11/09 8:30 p.m.67 views

ReconNote - Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters

Web Application Security ReconAutomation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like - Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Statu...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2020/08/27 12:30 p.m.66 views

Bashtop - Linux/OSX/FreeBSD Resource Monitor

Bpytop, bashtop python port is now available at https://github.com/aristocratos/bpytop It's a lot faster and about a third as cpu heavy and has more features, including: Mouse support Toggleable mini mode More customization Graphs for memory consumption It's also a lot easier for me to bug fix an...

7.1AI score
Exploits0References13
Kitploit
Kitploit
added 2020/05/07 12:30 p.m.66 views

HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace. Often, this i...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2020/02/05 11:30 a.m.66 views

Dufflebag - Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage EBS snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around! The tool is organized as an Elastic Beanstalk "EB", not to be confused with EBS...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/21 11:30 a.m.66 views

Corsy v1.0 - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Requirements Corsy only works with Python 3 and has the following depencies: tld requests To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt Usag...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/01/03 12:38 p.m.66 views

The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2018/11/29 11:33 a.m.66 views

Parrot Security 4.4 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.4 is now available for download. This release provides security and stability updates and is the starting point for the plan to develop an LTS edition of Parrot. Parrot 4.4 Development Goals The Parrot 4.4 development process involved the ideas of many people in the community, and the go...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2017/12/02 9:1 p.m.66 views

difuze - Fuzzer for Linux Kernel Drivers

Fuzzer for Linux Kernel Drivers Tested on Ubuntu = 14.04.5 LTS As explained in our paper, There are two main components of difuze: Interface Recovery and Fuzzing Engine 1. Interface Recovery The Interface recovery mechanism is based on LLVM analysis passes. Every step of interface recovery are...

6.6AI score
Exploits0References9
Kitploit
Kitploit
added 2017/08/20 1:57 p.m.66 views

dockerscan - Docker Security Analysis and Hacking Tools

What's dockerscan A Docker analysis tools Very quick install python3.5 -m pip install -U pip python3.5 -m pip install dockerscan Show options: dockerscan -h Available actions Currently Docker Scan support these actions: Scan: Scan a network trying to locate Docker Registries Registry Delete: Dele...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/06/17 3:25 p.m.66 views

SigPloit - Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP

SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SiGploit aims to cover all used protocols used in the...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/01/16 6:50 p.m.66 views

Project Arsenal X - As HackTheGame But Real

Project Arsenal X New version of my Arsenal X written in Delphi with the following options: + Gmail Inbox + Whois Client + Table + Downloader + Get IP + Locate IP + K0bra SQLI Scanner + Crack multiple hashes + Search admin panel + Port Scanner + Multi Cracker with support for FTP, TELNET, POP3 +...

10AI score
Exploits0References1
Kitploit
Kitploit
added 2025/04/22 12:30 p.m.65 views

Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)

A Python script to check Next.js sites for corrupt middleware vulnerability CVE-2025-29927. The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes by send a custom header x-middleware-subrequest. Next JS versions affected: - 11.1.4 and up...

9.1CVSS7.2AI score0.99301EPSS
Exploits58References2
Kitploit
Kitploit
added 2024/04/12 12:30 p.m.65 views

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2023/12/27 11:30 a.m.65 views

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2022/07/28 12:30 p.m.65 views

TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID | Cloud Service Company | Types Of Cloud...

7.5AI score
Exploits0References67
Kitploit
Kitploit
added 2022/04/04 12:30 p.m.65 views

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/05 12:30 p.m.65 views

Botkube - An App That Helps You Monitor Your Kubernetes Cluster, Debug Critical Deployments And Gives Recommendations For Standard Practices

For complete documentation visit www.botkube.io BotKube integration with Slack, Mattermost or Microsoft Teams helps you monitor your Kubernetes cluster, debug critical deployments and gives recommendations for standard practices by running checks on the Kubernetes resources. You can also ask...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2021/02/15 11:30 a.m.65 views

OSV - Open Source Vulnerability DB And Triage Service

OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impa...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2021/02/08 11:30 a.m.65 views

Ditto - A Tool For IDN Homograph Attacks And Detection

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/ https://clᴏudflare.com Using with Docker The image on docker hub is...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2021/01/21 8:30 p.m.65 views

WPCracker - WordPress User Enumeration And Login Brute Force Tool

WordPress user enumeration and login Brute Force tool for Windows and Linux With the Brute Force tool, you can control how aggressive an attack you want to perform, and this affects the attack time required. The tool makes it possible to adjust the number of threads as well as how large password...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2020/08/11 12:30 p.m.65 views

PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View

Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...

6.8AI score
Exploits0References5
Kitploit
Kitploit
added 2020/07/11 10:0 p.m.65 views

FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity

FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. Installation $ git clone https://github.com/dwisiswant0/findom-xss.git Dependencies: LinkFinder Configuration Change the value of LINKFINDER variable on line 3 with your main...

6.1AI score
Exploits0References3
Kitploit
Kitploit
added 2020/06/23 9:30 p.m.65 views

InQL - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2020/06/11 12:30 p.m.65 views

RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types e.g., java.lang.String, can be exploited by replacing the object with a serialize...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2020/06/04 12:30 p.m.65 views

GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules

GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some...

6.8AI score
Exploits0References4
Kitploit
Kitploit
added 2020/03/25 11:30 a.m.65 views

Envizon v3.0 - Network Visualization And Vulnerability Management/Reporting

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, 'envizon'. We hope your feedback will help to improve...

6.8AI score
Exploits0References3
Kitploit
Kitploit
added 2019/11/21 12:30 p.m.65 views

SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn't perform authentication against SMB everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/01 2:12 p.m.65 views

Masc - A Web Malware Scanner

A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...

6.8AI score
Exploits0References3
Kitploit
Kitploit
added 2018/06/28 1:30 p.m.65 views

SubFinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

SubFinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and has been aimed as a successor to sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/04/29 9:39 p.m.65 views

Invoke-ATTACKAPI - A PowerShell Script To Interact With The MITRE ATT& CK Framework Via Its Own API

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team @MITREattack. Goals Provide an easy way to interact with the MITRE ATT&CK Framework via its o...

8.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/07/29 10:51 p.m.65 views

JKS Private Key Cracker - Cracking passwords of private key entries in a JKS file

The Java Key Store JKS is the Java way of storing one or several cryptographic private and public keys for asymmetric cryptography in a file. While there are various key store formats, Java and Android still default to the JKS file format. JKS is one of the file formats for Java key stores, but J...

7.1AI score
Exploits0References9
Total number of security vulnerabilities5000