Lucene search
+L
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2020/12/03 11:30 a.m.63 views

JSFScan.sh - Automation For Javascript Recon In Bug Bounty

Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list to it and options according to your...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/20 8:30 p.m.63 views

Zap-Hud - The OWASP ZAP Heads Up Display (HUD)

The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with a Heads Up Display Video: The OWASP ZAP HUD - Usable Security Tooling Wiki: Inside the HUD Using the HUD Downloading You can try out ZAP enabled with the HUD via any of: Downloa...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2020/09/20 8:30 p.m.63 views

Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet

A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet. Development Status frp is under development. Try the latest release version in the master branch, or use the dev branch for the version in development. The protocol might change at a release and we...

7.1AI score
Exploits0References8
Kitploit
Kitploit
added 2020/09/06 11:30 a.m.63 views

VPS-Docker-For-Pentest - Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest

Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target. Requirements Terraform installed Ansible installed SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage 1.- Clone the repository...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2020/05/21 9:27 p.m.63 views

Carina - Webshell, Virtual Private Server (VPS) And cPanel Database

Carina is a web application used to store webshell, Virtual Private Server VPS and cPanel data. Carina is made so that we don't need to store webshell, VPS or cPanel data in "strange places". Screenshots Install Carina 1. $ git clone https://github.com/c0delatte/carina && cd carina 2. Run compose...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/04/13 9:30 p.m.63 views

Lollipopz - Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To /etc/shadow - HTTP GET requests Server ./lollipopz-cli.py -m lollipopz.methods.http.paramcipher.GETServer -lp 80 -o output.log Client $ ./lollipopz-cli.py...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2020/03/27 12:45 a.m.63 views

ConEmu - Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More

ConEmu-Maximus5 is a Windows console emulator with tabs, which represents multiple consoles as one customizable GUI window with various features. Initially, the program was created as a companion to Far Manager, my favorite shell replacement - file and archive management, command history and...

7.4AI score
Exploits0References11
Kitploit
Kitploit
added 2020/02/13 9:0 p.m.63 views

Aduket - Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add respons...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/08/13 1:38 p.m.63 views

Goop - Google Search Scraper (Bypass CAPTCHA)

goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits. How it works? Facebook provides a debugger tool for its scraper. Interestingly, Google doesn't limit the requests made by this debugger whitelisted? and hence it can be used to scrap the google searc...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/11/01 12:39 p.m.63 views

SharpSploitConsole - Console Application Designed To Interact With SharpSploit

Console Application designed to interact with SharpSploit released by @cobbrio SharpSploit is a tool written by @cobbrio that combines many techniques/C code from the infosec community and combines it into one sweet DLL. It's awesome so check it out! Description SharpSploit Console is just a quic...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2018/04/19 8:49 p.m.63 views

PenCrawLer - An Advanced Web Crawler And DirBuster

An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to using in penetration testing based on Windows Os. Web Crawler Features: Follow Redirects Rendering Javascript Extract links from custom HTML-Elements Extract links with Regex-Pattern Black-List...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/02 1:23 p.m.63 views

XSSSNIPER - An Automatic XSS Discovery Tool

XSSSNIPER is an handy xss discovery tool with mass scanning functionalities. Usage: Usage: xsssniper.py options Options: -h, --help show this help message and exit -u URL, --url=URL target URL --post try a post request to target url --data=POSTDATA post data to use --threads=THREADS number of...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/14 9:35 p.m.63 views

MHA - Mail Header Analyzer

Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can: Identify hop delays. Identify the source of the email. Identify hop country. MHA is an alternative for the following: Name | Dev | Issues ---|---|---...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/12/12 2:11 p.m.63 views

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2016/11/29 2:0 p.m.63 views

Fireaway - Next Generation Firewall Audit and Bypass Tool

Fireaway is a tool for auditing, bypassing, and exfiltrating data against layer 7/AppID inspection rules on next generation firewalls. These tactics are based on the principle of having to allow connections to establish through the NGFW in order to see layer 7 data to filter, as well as spoofing...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/09/24 4:38 p.m.63 views

TestingWhiz - Codeless Software Testing Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2015/09/22 9:9 p.m.63 views

CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks and auto-injecting Mimikatz into memory using Powershell! The biggest improvements over the above tools are: Pure...

8.4AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/03 11:41 p.m.63 views

Graudit - Find potential security flaws in source code using grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2013/01/09 3:2 a.m.63 views

[smbexec] A rapid psexec style attack with samba tools

smbexec A rapid psexec style attack with samba tools Original Concept and Script by PureHate & Brav0Hax Codename - Diamond in the Rough Gonna pha-q up - PurpleTeam Smash! Written because we got sick of Metasploit PSExec getting popped Special thanks to Carnal0wnage who's blog inspired us to go th...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2023/10/25 11:30 a.m.62 views

Puncia - Subdomain And Exploit Hunter Powered By AI

Puncia utilizes two of our intelligent APIs - Subdomain Center & Exploit Observer, to gather the results. Please note that although these results can sometimes bepretty inaccurate & unreliable, they can greatly differ from time to time due to their self-improvement capabilities. 1. From PyPi - pi...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/22 9:30 p.m.62 views

RedTeam-Physical-Tools - Red Team Toolkit - A Curated List Of Tools That Are Commonly Used In The Field For Physical Security, Red Teaming, And Tactical Covert Entry

Commonly used tools for Red Teaming Engagements, Physical Security Assessments, and Tactical Covert Entry. In this list I decided to share most of the tools I utilize in authorized engagements, along with my personal ranking of their value based on their usage and for you to consider if they shou...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/20 8:30 p.m.62 views

Registry-Recon - Cobalt Strike Aggressor Script That Performs System/AV/EDR Recon

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon. Author: Jess Hires Description As a red-team practitioner, we are often using tools that attempt to fingerprint details about a compromised system, preferably in the most stealthy way possible. Some of our usual tooling for this...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/08/25 9:30 p.m.62 views

SLSA - Supply-chain Levels For Software Artifacts

SLSA pronounced "salsa" is security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity. The best way to read about SLSA is to visitslsa.dev. What's in this repo? The primary content of this...

7.3AI score
Exploits0References15
Kitploit
Kitploit
added 2021/08/17 9:30 p.m.62 views

SGXRay - Automating Vulnerability Detection for SGX Apps

Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based security mechanism requires a strict programming model on memory usage, with complex APIs in and out the enclave boundary. Enclave developers are...

7.7AI score
Exploits0References6
Kitploit
Kitploit
added 2021/07/23 12:30 p.m.62 views

TeamsUserEnum - User Enumeration With Microsoft Teams API

Sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if an email is registered on teams or not. More details on the immunIT's blog Usage Microsoft Teams with the search features. This tool validates an email address or a list of...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2020/10/29 11:30 a.m.62 views

Scrying - A Tool For Collecting RDP, Web And VNC Screenshots All In One Place

A new tool for collecting RDP, web and VNC screenshots all in one place This tool is still a work-in-progress and should be mostly usable but is not yet complete. Please file any bugs or feature requests as GitHub issues Caveats Web screenshotting relies on Chromium or Google Chrome being install...

7AI score
Exploits0References7
Kitploit
Kitploit
added 2020/09/22 9:0 p.m.62 views

FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A Distributed Evolutionary Binary Fuzzer For Pentesters

FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will no...

5.3CVSS7.1AI score0.04082EPSS
Exploits0References9
Kitploit
Kitploit
added 2020/08/06 9:30 p.m.62 views

Gtunnel - A Robust Tunelling Solution Written In Golang

A TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection. I wanted to learn a new language, so I picked go and gRPC. Client executables have been tested on windows and linux. Dependencies...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/05/27 9:30 p.m.62 views

RepoPeek - A Python Script To Get Details About A Repository Without Cloning It

RepoPeek is a Python script to get details about a repository without cloning it. All the information are retrieved using the GitHub API. Please Note: API requests made by this module aren't using basic authentication or OAuth. Therefore the rate limit allows for up to 60 requests per hour...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2020/05/21 12:30 p.m.62 views

Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. By nikhilmitt Usage Import all the scripts in the current PowerShell session...

8.6AI score
Exploits0References80
Kitploit
Kitploit
added 2020/03/13 12:10 p.m.62 views

Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel

Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Installing Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. Setting up In order to capture traffic, you'll have to direct it to...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2020/01/12 9:18 p.m.62 views

LAVA - Large-scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora i.e., software that has known bugs with triggering inputs. LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that...

7AI score
Exploits0References4
Kitploit
Kitploit
added 2018/10/31 12:43 p.m.62 views

DarkSpiritz v2.0 - A Penetration Testing Framework For Linux, MacOS, And Windows Systems

A penetration testing framework for Linux and Windows systems. What is DarkSpiritz? Created by the SynTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2018/10/17 9:46 p.m.62 views

Infog - Information Gathering Tool

InfoG is a Shellscript to perform Information Gathering. Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan Multi-threaded Check CMS Check DNS leaking Usag...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/07 2:33 p.m.62 views

Ph0Neutria - A Malware Zoo Builder That Sources Samples Straight From The Wild

ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and manageability. This project was inspired by Ragpicker https://github.com/robbyFux/Ragpicker, formerly known as "Malware Crawler". However, ph0neutria aims to: Limi...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2018/07/06 10:50 p.m.62 views

GlobaLeaks - The Open-Source Whistleblowing Software

GlobaLeaks is open-source / free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights. For the user manual refer to the GlobaLeaks's User Manual. For the developer documentation refer to the GlobaLeaks...

8.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/01/26 9:7 p.m.62 views

Web Shell Detector - PHP Script That Helps You Find And Identify PHP / CGI (Perl) / ASP / ASPX Shells

Web Shell Detector is a php script that helps you find and identify php/cgiperl/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2017/09/19 2:0 p.m.62 views

outis - Custom Remote Administration Tool (RAT)

outis is a custom Remote Administration Tool RAT or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit there are no exploits nor persistent management of targets. The focus is to communicate between server and target system and to...

8.1AI score
Exploits0References10
Kitploit
Kitploit
added 2017/06/13 10:12 p.m.62 views

Hashcat v3.6.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2014/12/22 2:55 a.m.62 views

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS. It is one of the most popular password testing and...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/09/24 1:36 a.m.62 views

[iodine] Tunnel application to forward IPv4 traffic through DNS servers (IP over DNS)

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limit...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2024/03/05 9:35 p.m.61 views

Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application

Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform. How work? The tool searches for fil...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2023/11/19 11:30 a.m.62 views

LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...

8.1AI score
Exploits0References4
Kitploit
Kitploit
added 2022/09/12 11:30 a.m.61 views

PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. --- The Why Why writing such a tool, you might ask. Well, for starters, I...

7.5AI score
Exploits0References8
Kitploit
Kitploit
added 2022/06/07 9:30 p.m.61 views

Nipe - An Engine To Make Tor Network Your Default Gateway

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence...

7.2AI score
Exploits0References6
Kitploit
Kitploit
added 2022/05/24 11:0 p.m.61 views

Tornado - Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding

anonymously reverse shell over onion network using hidden services without portfortwarding Explore the docs fully undetectable reverse shell · View Demo · bulletproof anonymity If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let's...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2022/04/12 12:30 p.m.61 views

NimPackt-v1 - Nim-based Assembly Packer And Shellcode Loader For Opsec And Profit

ByCas van Cooten @chvancooten With special thanks to Marcello Salvati @byt3bl33der and Fabian Mosch @S3cur3Th1sSh1t Description Update: NimPackt-v1 is among the worst code I have ever written I was just starting out learning Nim. Because of this, I started on a full rewrite of NimPackt, dubbed...

7.7AI score
Exploits0References4
Kitploit
Kitploit
added 2021/07/25 9:30 p.m.61 views

Rconn - Rconn Is A Multiplatform Program For Creating Generic Reverse Connections

rconn reverse connection is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding. This is achieved by creating a connection from the node behind the firewall/NAT to a port on you...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2021/05/25 9:30 p.m.61 views

Php_Code_Analysis - San your PHP code for vulnerabilities

This script willscan your code the script can find 1. checkfileupload issues 2. hostheaderinjection 3. SQl injection 4. insecure deserialization 5. openredirect 6. SSRF 7. XSS 8. LFI 9. commandinjection features 1. fast 2. simple report usage: python code.py this will scan one file python code.py...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/05/09 9:30 p.m.61 views

Lucifer - A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More...

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life Setup git clone https://github.com/Skiller9090/Lucifer.git cd Lucifer pip install -r...

7.2AI score
Exploits0References1
Total number of security vulnerabilities5000