Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2022/02/20 8:30 p.m.55 views

Voltron - A Hacky Debugger UI For Hackers

Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers LLDB, GDB, VDB and WinDbg by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you ca...

7AI score
Exploits0References20
kitploit
kitploit
added 2022/01/19 11:30 a.m.55 views

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...

7.5CVSS8.3AI score0.03855EPSS
Exploits1References5
kitploit
kitploit
added 2021/11/03 8:30 p.m.55 views

TIWAP - Totally Insecure Web Application Project

TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities. Inspired by DVWA, the contributors have tried their best to regenerate various web vulnerabilities The application is solely made for educational purpose and to learn...

8.3AI score
Exploits0References3
kitploit
kitploit
added 2021/09/23 11:30 a.m.55 views

Wordlistgen - Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs Or Paths

wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your wordlists. Wordlists are much more effective when you take the application's context into consideration. wordlistgen pulls out URL components, such as subdomain names, paths, query strings, etc. and spits...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/09/17 8:30 p.m.55 views

Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files

A tool for generating multiple types of NTLMv2 hash theft files. ntlmtheft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the...

7AI score
Exploits0References5
kitploit
kitploit
added 2021/09/03 12:30 p.m.55 views

MobileAudit - SAST and Malware Analysis for Android Mobile APKs

Django Web application for performing Static Analysis and detecting malware in Android APKs In each of the scans, it would have the following information: Application Info Security Info Components SAST Findings Best Practices Implemented Virus Total Info Certificate Info Strings Databases Files F...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2021/08/22 9:30 p.m.55 views

Keimpx - Check For Valid Credentials Across A Network Over SMB

keimpx is an open source tool, released under the Apache License 2.0. It can be used to quickly check for valid credentials across a network over SMB. Credentials can be: Combination of user / plain-text password. Combination of user / NTLM hash. Combination of user / NTLM logon session token. If...

7.7AI score
Exploits0References9
kitploit
kitploit
added 2021/06/27 12:30 p.m.55 views

HoneyCreds - Network Credential Injection To Detect Responder And Other Network Poisoners

HoneyCreds network credential injection to detect responder and other network poisoners. Requirements Requires Python 3.6+ tested on Python 3.9 smbprotocol cffi splunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.git cd HoneyCreds pip3 install -r requirements.txt Running python...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/02/10 8:30 p.m.55 views

Patriot-Linux - Host IDS For Desktop Users

Patriot Linux is a HIDS for desktop users who wants real time graphical alerts when something suspicious happens Patriot detect: 1- Suspicious process running 2- New process starting TCP/IP Connection 3- Auditd alerts 4- New keyboards plugged Installation You need to configure Auditd with this...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/01/09 8:30 p.m.55 views

Longtongue - Customized Password/Passphrase List Inputting Target Info

Customized Password/Passphrase List inputting Target Info Installation git clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.py Usage usage: longtongue.py -h -p | -c | -v -l | -L -y -n Customized Password/Passphrase List inputting Target Info optional arguments:...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2020/12/11 8:30 p.m.55 views

Gustave - Embedded OS kernel fuzzer

GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL and all of its forkserver siblings. It allows to fuzz OS kernels like simple applications. Thanks to QEMU, it is multi-platform. One can see GUSTAVE as a AFL forkserver implementation inside QEMU, with fine grain...

7AI score
Exploits0References9
kitploit
kitploit
added 2020/10/27 8:30 p.m.55 views

Grype - A Vulnerability Scanner For Container Images And Filesystems

A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages Alpine BusyBox CentOS / Red Hat Debian Ubunt...

7.7AI score
Exploits0References5
kitploit
kitploit
added 2020/08/15 9:30 p.m.55 views

CheckXSS - Detect XSS vulnerability in Web Applications

DetectXSS vulnerability in Web Applications Screenshots Easy Installation As simple as below, Just one line of code: curl -L -s https://raw.githubusercontent.com/Jewel591/CheckXSS/master/docs/install.sh|bash Usage Instructions python3.6 checkxss.py -h Support POST and GET request methods, support...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2020/08/10 9:30 p.m.55 views

Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

Flask Session Cookie Decoder/Encoder Depencencies Python 2 or Python 3 itsdangerous Flask Installation BlackArch Linux pacman -S flask-session-cookie-manager3,2 Git ArchLinux Both python3 etn python2: $ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2020/05/05 12:30 p.m.55 views

Generator-Burp-Extension - Everything You Need About Burp Extension Generation

Everything You Need About Burp Extension Generation Installation First, install Yeoman and generator-burp-extension using npm we assume you have pre-installed node.js. npm install -g yo npm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featur...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2018/12/04 11:45 a.m.55 views

LightBulb Framework - Tools For Auditing WAFS

LightBulb is an open source python framework for auditing web application firewalls and filters. Synopsis The framework consists of two main algorithms: GOFA : An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active...

6.3AI score
Exploits0References3
kitploit
kitploit
added 2018/07/27 1:43 p.m.55 views

Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. Web Pentest / Information Gathering: Banner Grab Whois Traceroute DNS Record Reverse DNS Lookup Zone Transfer Lookup Port Scan Admin Panel Scan Subdomain Scan CMS Identify Reverse IP Lookup Subnet Lookup Extract Page...

8.3AI score
Exploits0References2
kitploit
kitploit
added 2018/07/18 2:30 p.m.55 views

Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator

A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...

7.1AI score
Exploits0References5
kitploit
kitploit
added 2018/07/09 2:7 p.m.55 views

Autocrack - Hashcat Wrapper To Help Automate The Cracking Process

This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/09/18 2:30 p.m.55 views

Inventus - A Spider Designed To Find Subdomains Of A Specific Domain By Crawling

Inventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers. It's a Scrapy spider, meaning it's easily modified and extendable to your needs. Demo Requirements Linux -- I haven't tested this on Windows. Python 2.7 or Python 3.3+ Scrapy 1.4....

7.8AI score
Exploits0References1
kitploit
kitploit
added 2017/06/12 3:13 p.m.55 views

Belati - The Traditional Swiss Army Knife for OSINT

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2017/03/24 2:54 p.m.55 views

FalconGate - A smart gateway to stop hackers and Malware attacks

A smart gateway to stop hackers, Malware and more... Motivation Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2017/02/11 2:30 p.m.55 views

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2016/12/21 2:24 p.m.55 views

Wifi-Dumper - Tool To Dump The Wifi Profiles And Cleartext Passwords Of The Connected Access Points On The Windows Machine

This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements. Features Option 1: Shows t...

7AI score
Exploits0References1
kitploit
kitploit
added 2016/11/28 2:21 p.m.55 views

NEET - Network Enumeration and Exploitation Tool

Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2015/06/06 3:12 p.m.55 views

ChromePass - Chrome Browser Password Recovery Tool

ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. Y...

6.4AI score
Exploits0
kitploit
kitploit
added 2014/04/29 2:5 p.m.55 views

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking

Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries. All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains. The...

7.5AI score
Exploits0
kitploit
kitploit
added 2014/02/24 2:18 a.m.55 views

[WAF-FLE v0.6.3] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...

7.3AI score
Exploits0
kitploit
kitploit
added 2014/01/20 11:23 p.m.55 views

[Password Sniffer Spy v2.0] Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

Password Sniffer Spy is the all-in-one Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of supported protocols, HTTP...

7.2AI score
Exploits0
kitploit
kitploit
added 2012/12/03 6:51 p.m.55 views

[Nmap 6.25] 85 new NSE scripts

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 . It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages...

7.5AI score
Exploits0
kitploit
kitploit
added 2025/04/30 12:30 p.m.54 views

Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities

Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2024/05/23 12:30 p.m.54 views

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry

Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2023/12/06 11:30 a.m.54 views

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2023/11/05 11:30 a.m.54 views

NetworkAssessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor

The Network Compromise Assessment Tool is designed to analyze pcap files to detect potential suspicious network traffic. This tool focuses on spotting abnormal activities in the network traffic and searching for suspicious keywords. DNS Tunneling Detection : Identifies potential covert...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2023/10/30 11:30 a.m.54 views

Teams_Dump - PoC For Dumping And Decrypting Cookies In The Latest Version Of Microsoft Teams

PoC for dumping and decrypting cookies in the latest version of Microsoft Teams extract.py just dumps without arguments extract.exe is just extract.py packed into an exe List values in the database python.exe .\teamsdump.py teams --list Table: meta Columns in meta: key, value...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/12/11 11:30 a.m.54 views

Pyramid - A Tool To Help Operate In EDRs' Blind Spots

What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. This can be achieved because: 1. the Pytho...

7.9AI score
Exploits0References11
kitploit
kitploit
added 2022/08/04 12:30 p.m.54 views

Cirrusgo - A Fast Tool To Scan SAAS, PAAS App Written In Go

A fast tool to scan SAAS,PAAS App written in Go SAAS App Support : salesforce contentful next version Note flag -o output not working install : golang 1.18Ver go install -v github.com/Ph33rr/cirrusgo/cmd/cirrusgo@latest or go install -v github.com/Ph33rr/CirrusGo/cmd/cirrusgo@latest Help: cirrusg...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2022/06/02 9:30 p.m.54 views

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

7.3AI score
Exploits0References6
kitploit
kitploit
added 2021/12/12 11:30 a.m.54 views

CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2021/10/16 11:30 a.m.54 views

Packet-Sniffer - A pure-Python Network Packet Sniffing Tool

A simple pure-Python network packet sniffer. Packets are disassembled as they arrive at a given network interface controller and their information is displayed on the screen. This application maintains no dependencies on third-party modules and can be run by any Python 3.x interpreter. Installati...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2021/08/04 9:30 p.m.54 views

Uchihash - A Small Utility To Deal With Malware Embedded Hashes

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs especially in shellcode Checking running process used by analysts Anti-Analysis Checking VM or Antivirus artifacts Anti-Analysis...

7.1AI score
Exploits0References8
kitploit
kitploit
added 2021/07/09 9:30 p.m.54 views

Security Scorecards - Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...

7.4AI score
Exploits0References19
kitploit
kitploit
added 2021/04/08 12:30 p.m.54 views

NtHiM - Super Fast Sub-domain Takeover Detection

NtHiM - Super Fast Sub-domain Takeover Detection Installation Method 1: Using Pre-compiled Binaries The pre-compiled binaries for different systems are available in the Releases page. You can download the one suitable for your system, unzip the file and start using NtHiM. Method 2: Using Crates.i...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2021/03/26 8:30 p.m.54 views

cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule

A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product...

7.7AI score
Exploits0References3
kitploit
kitploit
added 2020/12/17 8:30 p.m.54 views

E9Patch - A Powerful Static Binary Rewriting Tool

E9Patch is a powerful static binary rewriting tool for x8664 Linux ELF binaries. E9Patch is: Scalable : E9Patch can reliably rewrite large/complex binaries including web browsers 100MB in size. Compatible : The rewritten binary is a drop-in replacement of the original, with no additional...

6.6AI score
Exploits0References6
kitploit
kitploit
added 2020/06/29 12:30 p.m.54 views

EvilNet - Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc...

Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../ install : sudo pip3 install -r requirements.txt EvilNet Attack Network Scan Network Wifi Attack !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJfriWP5PH79tY6f...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/06/10 12:30 p.m.54 views

Stegcloak - Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2020/06/08 9:30 p.m.54 views

Impost3r - A Linux Password Thief

Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2020/01/27 11:30 a.m.54 views

Mimir - Smart OSINT Collection Of Common IOC Types

Smart OSINT collection of common IOC types. Overview This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes. The title of this project is nam...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/01/10 12:30 p.m.54 views

LNAV - Log File Navigator

The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as timestamps and log levels. Using this extra semantic information, lnav can do things like interleaving messages from different...

7.2AI score
Exploits0References2
Total number of security vulnerabilities5000