Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/10/16 11:30 a.m.61 views

HackBrowserData - Decrypt Passwords/Cookies/History/Bookmarks From The Browser

hack-browser-data is an open-source tool that could help you decrypt data passwords / bookmarks / cookies / history from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux. Supported Browser Windows Browser | Password | Cookie | Bookmark | Histor...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/06/02 12:30 p.m.61 views

GhostShell - Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions. Bypass Techniques Anti-Debugger To try bypass the Debuggers, I'm using the "IsDebuggerPresent" of "Windows.h" librarie to checks if a...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2020/05/12 9:30 p.m.61 views

Clipboardme - Grab And Inject Clipboard Content By Link

Grab/Inject Clipboard Content Browsers are implementing a new JavaScript API for asynchronous clipboard access to integrate copy and paste into web applications. It is a replacement for the synchronous execCommand-based copy & paste. Async Clipboard requests doesn't block the page while waiting t...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/04/29 9:30 p.m.61 views

Elemental - An MITRE ATTACK Threat Library

Elemental is a centralized threat library of MITRE ATT&CK techniques, Atomic Red Team tests, and over 280 Sigma rules. It provides an alternative way to explore the ATT&CK dataset, mapping relevant Atomic Red Team tests and Sigma rules to their respective technique. Elemental allows defenders to...

7.3AI score
Exploits0References10
kitploit
kitploit
added 2020/04/12 10:0 p.m.61 views

Inhale - A Malware Analysis And Classification Tool

Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations. This is the beta release version, for testing purposes, feedback, and community development. Background Inhale started as a series of small scripts that I used when...

7.5AI score
Exploits0References5
kitploit
kitploit
added 2020/01/21 8:36 p.m.61 views

TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries

A tiny framework for easily manipulate the tty and create fake binaries. How it works? The framework has three main functions, tasexecv, tasforkpty, and tasttyloop. tasexecv: It is a function similar to execv, but it doesn't re-execute the current binary, something very useful for creating fake...

7.7AI score
Exploits0References3
kitploit
kitploit
added 2019/08/15 1:0 p.m.61 views

DockerSecurityPlayground - A Microservices-based Framework For The Study Of Network Security And Penetration Test Techniques

Docker Security Playground is an application that allows you to: Create network and network security scenarios , in order to understand network protocols, rules, and security issues by installing DSP in your PC. Learn penetrationtesting techniques by simulating vulnerability labs scenarios Manage...

7.2AI score
Exploits0References13
kitploit
kitploit
added 2019/04/17 1:12 p.m.61 views

Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go

A modern multiple reverse shell sessions/clients manager via terminal written in go. Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service Screenshot Network Topology Attack IP: 192.168.1.2 Reverse Shell Service: 0.0.0.0:8080 RESTful Service:...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2018/04/14 9:42 p.m.61 views

Rp++ - Tool That Aims To Find ROP Sequences In PE/Elf/Mach-O X86/X64 Binaries

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O doesn't support the FAT binaries x86/x64 binaries. It is open-source, documented with Doxygen well, I'm trying to.. and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion 10.7.3. Moreover, it ...

6.9AI score
Exploits0References3
kitploit
kitploit
added 2017/07/05 9:30 p.m.61 views

Debinject - Inject malicious code into *.debs

Inject malicious code into .debs CLONE git clone https://github.com/UndeadSec/Debinject.git RUNNING cd Debinject python debinject.py If you have another version of Python: python2.7 debinject.py RUN ON TARGET SIDE chmod 755 default.deb dpkg -i backdoored.deb PREREQUISITES dpkg dpkg-deb metasploit...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2017/05/23 3:1 p.m.61 views

Cangibrina - A Fast And Powerfull Dashboard (Admin) Finder

Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone http://github.com/fnk0c/cangibrina.git cd...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/02/15 2:30 p.m.61 views

wafpass - WAF Security Benchmark

██╗ ██╗ █████╗ ███████╗██████╗ █████╗ ███████╗███████╗ ██║ ██║██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔════╝██╔════╝ ██║ █╗ ██║███████║█████╗ ██████╔╝███████║███████╗███████╗ ██║███╗██║██╔══██║██╔══╝ ██╔═══╝ ██╔══██║╚════██║╚════██║ ╚███╔███╔╝██║ ██║██║ ██║ ██║ ██║███████║███████║ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2016/10/01 2:30 p.m.61 views

ONIOFF - Onion URL Inspector

A simple tool - written in pure python - for inspecting Deep Web URLs or onions. Compatible with Python 2.6 & 2.7. Author: Nikolaos Kamarinakis nikolaskama.me Installation You can download ONIOFF by cloning the Git Repo and simply installing its requirements: $ git clone...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2014/12/22 2:55 a.m.61 views

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker

John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS. It is one of the most popular password testing and...

7.4AI score
Exploits0
kitploit
kitploit
added 2014/08/13 12:31 a.m.61 views

SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

7.3AI score
Exploits0
kitploit
kitploit
added 2014/07/03 9:37 p.m.61 views

Wireshark v1.10.8 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

4.3CVSS7.7AI score0.01413EPSS
Exploits1
kitploit
kitploit
added 2014/06/10 10:15 p.m.61 views

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation. NoSQL Databases are schema less databases. They were invented to store data easily and flexibly. NoSQL Databases have gained popularity and its security has always been under the scanner. The NoSQL Exploitation Framework focuses...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2013/12/31 5:24 p.m.61 views

[XSSless] An automated XSS payload generator written in python

An automated XSS payload generator written in python. Usage 1. Record requests with Burp proxy 2. Select requests you want to generate, then right click and select "Save items" 3. Use xssless to generate your payload: ./xssless.py burpexportfile 4. Pwn! A more detailed tutorial can be found here...

6.5AI score
Exploits0References3
kitploit
kitploit
added 2013/08/14 5:11 a.m.61 views

[Pyew v2.2] A Python tool for static malware analysis

Pyew is a command line python tool to analyse malware. It does have support for hexadecimal viewing, disassembly Intel 16, 32 and 64 bits, PE and ELF file formats it performs code analysis and let you write scripts using an API to perform many types of analysis, follows direct call/jmp instructio...

7.8AI score
Exploits0
kitploit
kitploit
added 2013/06/03 2:19 a.m.61 views

[Veil v1.2] A Payload Generator to Bypass Antivirus

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. Veil was designed to run on Kali Linux, but should function on any system capable of executing python scripts. Simply call Veil from the command line, and follow the menu to generate a payload. Upon...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2013/04/14 8:2 p.m.61 views

[REMnux] A Linux Distribution for Malware Analysis

REMnux incorporates a number of tools for analyzing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. This popular toolkit includes programs for analyzing malicious documents, such PDF files, and utilities for...

7AI score
Exploits0References3
kitploit
kitploit
added 2013/04/11 4:21 a.m.61 views

[Viproy] VoIP Penetration Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2013/04/02 12:24 a.m.61 views

[HTTrack Website Copier] Download a Website from the Internet to a Local Directory

HTTrack is a free GPL, libre/free software and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arrange...

6.9AI score
Exploits0
kitploit
kitploit
added 2025/05/04 12:30 p.m.60 views

CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents

🐫 CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various type...

7.5AI score
Exploits0References17
kitploit
kitploit
added 2024/09/17 11:30 a.m.60 views

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook

Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2024/04/28 12:30 p.m.60 views

CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training

CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response EDR. By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2024/01/29 11:30 a.m.60 views

BucketLoot - An Automated S3-compatible Bucket Inspector

BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. The tool can scan for bucke...

7AI score
Exploits0References4
kitploit
kitploit
added 2023/06/28 2:12 a.m.60 views

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

8.3AI score
Exploits0References4
kitploit
kitploit
added 2023/04/19 12:30 p.m.60 views

Katana - A Next-Generation Crawling And Spidering Framework

A next-generation crawling and spidering framework Features • Installation • Usage • Scope • Config • Filters • Join Discord Features Fast And fully configurable web crawling Standard and Headless mode support JavaScript parsing / crawling Customizable automatic form filling Scope control -...

7AI score
Exploits0References9
kitploit
kitploit
added 2023/02/02 11:30 a.m.60 views

Suborner - The Invisible Account Forger

What's this? A simple program to create a Windows account you will only know about : Create invisible local accounts without net user or Windows OS user management applications e.g. netapi32::netuseradd Works on all Windows NT Machines Windows XP to 11, Windows Server 2003 to 2022 Impersonate...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2023/01/27 11:30 a.m.60 views

BlueHound - Tool That Helps Blue Teams Pinpoint The Security Issues That Actually Matter

BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network It is a fork o...

7.2AI score
Exploits0References9
kitploit
kitploit
added 2022/05/17 9:30 p.m.60 views

Grafiki - Threat Hunting Tool About Sysmon And Graphs

Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugg...

7.7AI score
Exploits0References4
kitploit
kitploit
added 2021/08/07 12:30 p.m.60 views

cThreadHijack - Beacon Object File (BOF) For Remote Process Injection Via Thread Hijacking

. . . \ /| | | / | || || | | / | | | | \ / \ \ / / \ | | \ \ / | |/ / \ | | | Y \ | /\ / / / // \ Y / | | |/ \ | | || /| \ /\ || /|/| /\ | \ / / / / / / | / / / Beacon Object File BOF for remote process injection, via thread hijacking, without spawning a remote thread...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2021/06/22 9:30 p.m.60 views

HashCheck - Tool To Assist In The Search For Leaked Passwords

This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2021/04/23 12:30 p.m.60 views

CrossLinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization. This technique provides accurate results without the use of API keys, credentials, or even accessing the site directly. Formats can then be applied in the comman...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/04/20 5:21 a.m.60 views

KubiScan - A Tool To Scan Kubernetes Cluster For Risky Permissions

A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control RBAC authorization model. The tool was published as part of the "Securing Kubernetes Clusters by Eliminating Risky Permissions" research...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/03/22 8:30 p.m.60 views

ProxyLogon - PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell or ctrl+c By default, it...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/02/12 8:30 p.m.60 views

Diceware-Password-Generator - Python Implementation Of The Diceware Password Generating Algorithm

Please Note - This Program Do Not StorePasswords In Any Form And All The Passwords Are Generated Locally Inside You Device. Diceware is a method used to generate cryptographically strong memorable passphrases. This is a python implementation of the diceware password generating algorithm. Inspired...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2021/01/15 8:30 p.m.60 views

Ssh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulation

ssh-mitm is an intercepting mitm proxy server for security audits. Redirect/mirror Shell to anotherssh client supported in 0.2.8 Replace File in SCP supported in 0.2.6 Replace File in SFTP supported in 0.2.3 Transparent proxy support in 0.2.2! - intercepting traffic to other hosts is now possible...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2021/01/14 11:30 a.m.60 views

K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads

pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2020/06/05 12:30 p.m.60 views

Recox - Master Script For Web Reconnaissance

The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2020/05/11 9:30 p.m.60 views

Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack

wifipumpkin3 is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and reverse engineers to mount a wireless network to conduct a man-in-the-middle attack. Main Features Rogue access point attack Man-in-the-middle attack...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2020/04/18 1:0 p.m.60 views

RS256-2-HS256 - JWT Attack To Change The Algorithm RS256 To HS256

JWT Attack to change the algorithm RS256 to HS256 Usage usage: RS2562HS256JWT.py -h payload pubkey positional arguments: payload JSON payload from JWT to attack pubkey Public key file to use for signing optional arguments: -h, --help show this help message and exit Example Download RS256-2-HS256...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/01/02 12:32 p.m.60 views

MISP - Malware Information Sharing Platform and Threat Sharing

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System NIDS, LIDS but also log analysi...

6.9AI score
Exploits0References8
kitploit
kitploit
added 2018/11/19 12:39 p.m.60 views

CAINE 10.0 - GNU/Linux Live Distribution For Digital Forensics Project, Windows Side Forensics And Incident Response

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti Bari - Italy. CAINE offers a complete forensic environment that is organized to integrate existing software tools as...

7.2AI score
Exploits0
kitploit
kitploit
added 2018/10/16 9:4 p.m.60 views

RemoteRecon - Remote Recon And Collection

RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot or some other miniscule task against a person/host of...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2018/04/16 12:27 p.m.60 views

Tinfoleak v2.4 - The Most Complete Open-Source Tool For Twitter Intelligence Analysis

The most complete open-source tool for Twitter intelligence analysis Introduction tinfoleak is an open-source tool within the OSINT Open Source Intelligence and SOCMINT Social Media Intelligence disciplines, that automates the extraction of information on Twitter and facilitates subsequent analys...

7AI score
Exploits0References1
kitploit
kitploit
added 2018/03/12 1:20 p.m.60 views

TwLocation - Python Script That Gets Twitter Users' Tweets Location

Python script that gets Twitter users' tweets location Features Gets Twitter Usernames based on a latitude and longitude Profiles URLs Tweet Latitude and Longitude Google Maps link to Latitude and Longitude Usage TwLocation should work on all Linux distros running Python 2.7 First, clone it by...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/08/23 9:41 p.m.60 views

Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH

Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2014/09/22 10:57 p.m.60 views

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. See this links for more info: - CWE-601:Open Redirect - OWASP:URL Redirector Abuse Main features: --version show program's version number and exit -v,...

7.3AI score
Exploits0
Total number of security vulnerabilities5000