Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2023/05/09 12:30 p.m.59 views

Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover

OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...

7.3AI score
Exploits0References24
kitploit
kitploit
added 2022/09/13 11:30 a.m.59 views

Pinecone - A WLAN Red Team Framework

Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box. This tool is designed for...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2022/09/10 12:30 p.m.59 views

GraphCrawler - GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2022/06/03 9:30 p.m.59 views

SMB-Session-Spoofing - Tool To Create A Fake SMB Session

Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2022/05/17 9:30 p.m.59 views

Grafiki - Threat Hunting Tool About Sysmon And Graphs

Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugg...

7.7AI score
Exploits0References4
kitploit
kitploit
added 2022/02/24 11:30 a.m.59 views

Win-Brute-Logon - Crack Any Microsoft Windows Users Password Without Any Privilege (Guest Account Included)

This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Win Brute Logon Proof Of Concept Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version 1909 Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usag...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2021/09/19 11:30 a.m.59 views

QLOG - Windows Security Logging

QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and it doesn’t require a driver to be installed on the target system, QLOG only uses ETW to retrieve its telemetry...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/07/26 9:30 p.m.59 views

Dorothy - Tool To Test Security Monitoring And Detection For Okta Environments

Created by David French @threatpunter at Elastic Security Dorothy is a tool to help security teams test their monitoring and detection capabilities for their Okta environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and...

6.8AI score
Exploits0References8
kitploit
kitploit
added 2021/01/20 8:30 p.m.59 views

Reconftw - Simple Script For Full Recon

This is a simple script intended to perform a full recon on an objective with multiple subdomains tl;dr Requires Go Run ./install.sh before first run apt, rpm, pacman compatible git clone https://github.com/six2dez/reconftw cd reconftw chmod +x .sh ./install.sh ./reconftw.sh -d target.com -a...

6.4AI score
Exploits0References1
kitploit
kitploit
added 2020/12/18 11:30 a.m.60 views

Go365 - An Office365 User Attack Tool

Go365 is a tool designed to perform user enumeration and password guessing attacks on organizations that use Office365 now/soon Microsoft365. Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2020/11/06 8:30 p.m.59 views

GWTMap - Tool to help map the attack surface of Google Web Toolkit

GWTMap is a tool to help map the attack surface of Google Web Toolkit GWT based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application's obfuscated client-side code, and attempt to generate example GWT-RPC...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/10/13 8:30 p.m.59 views

Nuubi Tools - Information Ghatering, Scanner And Recon

Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2020/08/27 9:30 p.m.59 views

SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/08/17 12:30 p.m.59 views

Urlbuster - Powerful Mutable Web Directory Fuzzer To Bruteforce Existing And/Or Hidden Files Or Directories

Powerful web directory fuzzer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but with a lot of mutation options. Installation pip install urlbuster Features Proxy support Cookie support Basic Auth Digest Auth Retries for slow servers Persistent and...

8.2AI score
Exploits0References9
kitploit
kitploit
added 2020/06/27 1:0 p.m.59 views

Screenspy - Capture user screenshots using shortcut file (Bypass SmartScreen/Defender)

Capture user screenshots using shortcut file Bypass SmartScreen/Defender. Suport Multi-monitor Legal disclaimer: Usage of ScreenSpy for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/05/20 12:30 p.m.59 views

Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)

A Password Spraying tool for Active Directory Credentials by Jacob WilkinGreenwolf Getting Started These instructions will show you the requirements for and how to use Spray. Prerequisites All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curlowa & ly...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2020/03/31 8:30 p.m.59 views

Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments

auspex ˈau̯s.pɛks noun : An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds. awspx is a graph-based tool for visualizing effective access and resource relationships within AWS. It resolves policy information to determine what actions affect which...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/08/06 1:0 p.m.59 views

Theo - Ethereum Recon And Exploitation Tool

Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...

7.4AI score
Exploits0References7
kitploit
kitploit
added 2017/08/23 9:41 p.m.59 views

Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH

Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2017/07/10 2:30 p.m.59 views

LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local File Inclusio...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2017/06/28 11:30 p.m.59 views

angryFuzzer - Tool for Information Gathering

AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb https://github.com/fuzzdb-project/fuzzdb project UrlFuzz3r- AngryFuzz3r1 Discover hidden files and directories on a web server. The application tries to find URL...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2016/07/19 11:12 p.m.59 views

nightHawkResponse - Incident Response Forensic Framework

Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2015/09/05 7:5 p.m.59 views

Discover - Custom bash scripts used to automate various pentesting tasks

For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Download, setup & usage git clone git://github.com/leebaird/discover.git /opt/discover/ All scripts must be ran from this location. cd /opt/discover/ ./setup.sh ./discover.sh RECON 1. Domain 2. Person 3. Parse...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2015/07/30 10:42 p.m.59 views

Hook Analyser 3.2 - Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather analyse & co-related threat intelligence related information or data from various open sources on the Internet. Essentially it’s a...

6.9AI score
Exploits0
kitploit
kitploit
added 2015/05/13 2:33 a.m.59 views

Tails 1.4 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...

7.5AI score
Exploits0
kitploit
kitploit
added 2013/02/22 3:48 a.m.59 views

[Hashkill 0.3.1] Password Cracker Tool Released

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods dictionary, bruteforce, hybrid. Hashkill has 35 plugins for different types of passwords ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2025/04/18 12:30 p.m.58 views

TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog

Welcome to TruffleHog Explorer , a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2024/05/29 12:30 p.m.58 views

LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In Order To Crack Passwords Of Domain Accounts

A tool to generate a wordlist from the information present in LDAP, in order to crack non-random passwords of domain accounts. Features The bigger the domain is, the better the wordlist will be. x Creates a wordlist based on the following information found in the LDAP: x User : name and...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2024/05/16 12:30 p.m.58 views

Invoke-SessionHunter - Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin Privileges Required)

Retrieve and display information about active user sessions on remote computers. No admin privileges required. The tool leverages the remote registry service to query the HKEYUSERS registry hive on the remote computers. It identifies and extracts Security Identifiers SIDs associated with active...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2024/05/03 12:30 p.m.58 views

MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs

What is MasterParser ? MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2024/03/31 11:30 a.m.58 views

DroidLysis - Property Extractor For Android Apps

DroidLysis is a pre-analysis tool for Android apps: it performs repetitive and boring tasks we'd typically do at the beginning of any reverse engineering. It disassembles the Android sample, organizes output in directories, and searches for suspicious spots in the code to look at. The output help...

7.5AI score
Exploits0References6
kitploit
kitploit
added 2023/11/17 11:30 a.m.58 views

LTESniffer - An Open-source LTE Downlink/Uplink Eavesdropper

LTESniffer is An Open-source LTE Downlink/Uplink Eavesdropper It first decodes the Physical Downlink Control Channel PDCCH to obtain the Downlink Control Informations DCIs and Radio Network Temporary Identifiers RNTIs of all active users. Using decoded DCIs and RNTIs, LTESniffer further decodes t...

6.8AI score
Exploits0References9
kitploit
kitploit
added 2023/08/30 12:30 p.m.58 views

Noir - An Attack Surface Detector Form Source Code

Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2023/08/16 8:58 p.m.58 views

InfoHound - An OSINT To Extract A Large Amount Of Data Given A Web Domain Name

During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization. InfoHound performs passive analysis techniques which do not interact directly with the target using OSINT to...

7AI score
Exploits0References6
kitploit
kitploit
added 2023/08/02 12:30 p.m.58 views

KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets

This POC is inspired by James Forshaw @tiraniddo shared at BlackHat USA 2022 titled “ Taking Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2023/02/27 7:30 p.m.58 views

IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2023/02/13 11:30 a.m.58 views

Email-Vulnerablity-Checker - Find Email Spoofing Vulnerablity Of Domains

Verify whether the domain is vulnerable to spoofing by Email-vulnerablity-checker Features This tool will automatically tells you if the domain is email spoofable or not you can do single and multiple domain input as well for multiple domain checker you need to have text file with domains in it...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/10/17 12:30 p.m.59 views

JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets

JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2022/09/14 11:30 a.m.58 views

SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon

/ // \ / \ \ / / / / / / / / / / / / \ | / / / / / / // / // / / / / / / // / // // / |/ / / / ///// // ///////|/// A easy-to-use python tool to perform dns recon with multiple options Installation: It can be installed in any OS with python3 Manual installation git clone...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/03/08 11:30 a.m.58 views

GraphQL Cop - Security Auditor Utility For GraphQL APIs

GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. Requirements Python3 Requests Library Detections Alias Overloading DoS Batch Queries DoS GET based Queries CSRF GraphQL Tracing / Debug Modes Info Leak Field Duplication DoS Field Suggestions Info Leak Graphi...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/10/30 8:30 p.m.58 views

Dockerized-Android - A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms

Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a browser. This project has been developed in order to provide a starting point for integrating mobile security components into Cyber Ranges but it can be used for an...

7.1AI score
Exploits0References12
kitploit
kitploit
added 2021/09/06 8:30 p.m.58 views

packetsifterTool - A Tool To Aid Analysts In Sifting Through A Packet Capture (Pcap) To Find Noteworthy Traffic

PacketSifter is a tool to perform batch processing of PCAP data to uncover potential IOCs. Simply initializePacketSifter with your desired integrations VirusTotal, AbuseIPDB and pass PacketSifter a pcap and the desired switches and PacketSifter will sift through the data and generate several outp...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2021/06/23 9:30 p.m.58 views

DarkLoadLibrary - LoadLibrary For Offensive Operations

LoadLibrary for offensive operations. How does is work? https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/ Usage DARKMODULE DarkModule = DarkLoadLibrary LOADLOCALFILE, // control flags L"TestDLL.dll", // local dll path, if loading from disk NULL, // DLL Buffer to load from if...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/05/06 9:30 p.m.58 views

Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool

Features: Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting ability Can be used before, during or after an incident For one to many workstations Scans the MFT, bypassing file permissions, file locks or OS file...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2021/04/21 9:30 p.m.58 views

Dnspeep - Spy On The DNS Queries Your Computer Is Making

dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeep query name server IP response A incoming.telemetry.mozilla.org 192.168.1.1 CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME:...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/03/21 7:55 p.m.58 views

Subcert - An Subdomain Enumeration Tool, That Finds All The Subdomains From Certificate Transparency Logs

Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Setup Step 1: Install Python 3 apt-get install python3-pip Step 2: Clone the Repository git clone https://github.com/A3h1nt/Subcert.git Step 3: Install Dependencies pip3 install -r...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2021/02/19 11:30 a.m.58 views

Galer - A Fast Tool To Fetch URLs From HTML Attributes By Crawl-In

A fast tool to fetch URLs from HTML attributes by crawl-in. Inspired by the @omespino Tweet, which is possible to extract src, href, url and action values by evaluating JavaScript through Chrome DevTools Protocol. Installation from Binary The installation is easy. You can download a prebuilt bina...

6.9AI score
Exploits0References3
kitploit
kitploit
added 2021/01/19 8:30 p.m.58 views

Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt

A tool to hunt for credentials in the GitHub wild AKA githunt Getting started 1. Install the tool 2. Configure your GitHub token 3. Search for credentials 4. See results cat results.json | jq  Installation requirements: virtualenv, python3 1. git clone https://github.com/d1vious/git-wild-hunt &&...

7.3AI score
Exploits0References10
kitploit
kitploit
added 2020/12/22 8:30 p.m.58 views

Grawler - Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File

Grawler is a tool written in PHP which comes with a web interface that automates the task of using google dorks, scrapes the results, and stores them in a file. General info Grawler aims to automate the task of using google dorks with a web interface, the main idea is to provide a simple yet...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2020/11/08 11:30 a.m.58 views

Hetty - An HTTP Toolkit For Security Research

Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community. Features Man-in-the-middle MITM HTTP/1.1 proxy with logs Project based...

7AI score
Exploits0References8
Total number of security vulnerabilities5000