Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2019/04/30 9:49 p.m.54 views

HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Taking screenshots was also added as a beta functionality. Demo Currently GitLab's marku...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/11/26 11:27 a.m.54 views

Trape v2.0 - People Tracker On The Internet: OSINT Analysis And Research Tool

Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/01/24 9:1 p.m.54 views

Pupy - Opensource, Cross-Platform (Windows, Linux, OSX, Android) Remote Administration And Post-Exploitation Tool

Pupy is an opensource, cross-platform Windows, Linux, OSX, Android, multi function RAT Remote Administration Tool and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports,...

8.6AI score
Exploits0References6
kitploit
kitploit
added 2017/11/18 1:41 p.m.54 views

Phishing Catcher - Catching malicious phishing domain names using Certstream SSL certificates live stream

Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs. Installation The script should work fine using Python2 or Python3. You will need the following python packages installe...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2017/11/08 9:37 p.m.54 views

Parrot Security 3.9 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...

7.3AI score
Exploits0
kitploit
kitploit
added 2017/04/21 2:23 p.m.54 views

MultiScanner - Modular File Scanning/Analysis Framework

MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2016/08/16 2:30 p.m.54 views

Raptor - Web-based Source Code Vulnerability Scanner

Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...

7.2AI score
Exploits0References18
kitploit
kitploit
added 2016/06/21 10:50 p.m.54 views

Scansploit - Tool for Injecting Malicious Payloads Into Barcodes (code128, QRCodes, DataMatrix and EAN13)

Tool for Injecting Malicious Payloads Into Barcodes Barcodes code128 QRCodes DataMatrix EAN13 Requirements Python3 PyStrich pip3 install pystrich Incase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk Pillow pip3...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2024/06/20 3:41 p.m.53 views

BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!

A proof-of-concept User-Defined Reflective Loader UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin | @s4ntiago...

7.5AI score
Exploits0References14
kitploit
kitploit
added 2024/04/14 9:24 p.m.53 views

Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking

This tool compilation is carefully crafted with the purpose of being useful both for the beginners and veterans from the malware analysis world. It has also proven useful for people trying their luck at the cracking underworld. It's the ideal complement to be used with the manuals from the site,...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2024/03/02 11:30 a.m.53 views

Moukthar - Android Remote Administration Tool

Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and screenshots Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2024/01/10 11:30 a.m.53 views

WebCopilot - An Automation Tool That Enumerates Subdomains Then Filters Out Xss, Sqli, Open Redirect, Lfi, Ssrf And Rce Parameters And Then Scans For Vulnerabilities

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools. The script first enumerate all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler and crt then...

7.6AI score
Exploits0References44
kitploit
kitploit
added 2023/11/15 11:30 a.m.53 views

Goblob - A Fast Enumeration Tool For Publicly Exposed Azure Storage Blobs

Goblob is a lightweight and fast enumeration tool designed to aid in the discovery of sensitive information exposed publicy in Azure blobs, which can be useful for various research purposes such as vulnerability assessments, penetration testing, and reconnaissance. Warning. Goblob will issue...

6.9AI score
Exploits0References7
kitploit
kitploit
added 2023/10/27 8:2 p.m.53 views

Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

Arsenal is just a quick inventory, reminder and launcher for pentest commands. This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionali...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2023/10/24 11:30 a.m.53 views

Facad1ng - The Ultimate URL Masking Tool - An Open-Source URL Masking Tool Designed To Help You Hide Phishing URLs And Make Them Look Legit Using Social Engineering Techniques

Facad1ng is an open-source URL masking tool designed to help you Hide Phishing URLs and make them look legit using social engineering techniques. Your phishing link: https://example.com/whatever Give any custom URL: gmail.com Phishing keyword: anything-u-want Output:...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2023/09/23 11:30 a.m.53 views

HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations

The full explanation what is HTML Smuggling may be found here. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code. By exploiting the...

7AI score
Exploits0References7
kitploit
kitploit
added 2023/09/14 11:30 a.m.53 views

NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications

NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. NucleiFuzzer streamlines the process, making it easier for security...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2023/09/04 11:30 a.m.53 views

WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow With WiFi Pineapple Mark VII API

PINEAPPLE MARK VII REST CLIENT The leading rogue access point and WiFi pentest toolkit for close access operations. Passive and active attacks analyze vulnerable and misconfigured devices. https://hak5.org/collections/sale/products/wifi-pineapple Author :: TW-D Version :: 1.3.7 Copyright ::...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2023/06/03 12:30 p.m.53 views

Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications

It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests XHR, fetch, websockets, etc issued during the crawling allowing them to be forwarded to...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2023/01/25 11:30 a.m.53 views

DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts

DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...

7.1AI score
Exploits0References29
kitploit
kitploit
added 2022/07/21 12:30 p.m.53 views

RESim - Reverse Engineering Software Using A Full System Simulator

Reverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process trees, system calls and individual programs Reverse execution to selected breakpoints and events Integrated with IDA Protm debugging client Fuzz with a customized AFL...

7.9AI score
Exploits0References3
kitploit
kitploit
added 2022/05/08 12:30 p.m.53 views

CVE-Tracker - With The Help Of This Automated Script, You Will Never Lose Track Of Recently Released CVEs

With the help of this automated script, you will never lose track of newly released CVEs. What does this powershell script do is exactly running the Microsoft Edge at system startup, navigate to 2 URLs ,and then put the browser in to full screen mode. As ethical hackers, it's vital that we keep...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2022/03/20 8:30 p.m.53 views

PSRansom - PowerShell Ransomware Simulator With C2 Server

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities. This tool helps you simulate encryption process of a generic ransomware in any system on any system with PowerShell installed on it. Thanks to the integrated C2 server, you can exfiltrate files and receive client informati...

7AI score
Exploits0References1
kitploit
kitploit
added 2021/09/24 8:30 p.m.53 views

Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing

Turns any junk text into a usable wordlist for brute-forcing. Installation go install github.com/hakluke/haklistgen@latest Usage Examples Scrape all words out of an HTTP response to build a directory bruteforce wordlist: curl https://wikipedia.org | haklistgen Pipe a list of subdomains to it to...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2021/06/11 12:30 p.m.53 views

BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D

Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically and quickly deploys a small HELK + Velociraptor R...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/05/24 12:30 p.m.53 views

MurMurHash - Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? MurmurHash is a non-cryptographic hash function suitable for general hash-based lookup. The name comes from two basic operations, multiply MU and rotate R, used i...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/04/13 9:30 p.m.53 views

Traitor - Automatic Linux Privesc Via Exploitation Of Low-Hanging Fruit E.G. GTFOBin

Automatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy! Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities including most of GTFOBins in order to pop a root shell. It'll exploit most sudo privileges listed in...

7.8AI score
Exploits0References3
kitploit
kitploit
added 2021/03/15 8:30 p.m.53 views

Confused - Tool To Check For Dependency Confusion Vulnerabilities In Multiple Package Management Systems

A tool for checking for lingering free namespaces for private package names referenced in dependency configuration for Python pypi requirements.txt, JavaScript npm package.json, PHP composer composer.json or MVN maven pom.xml. What is this all about? On 9th of February 2021, a security researcher...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2020/12/02 8:30 p.m.53 views

Fast-Security-Scanners - Security Checks For Your Researches

A small contribution to community : We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NStakeover Repo docker run --dns=8.8.8.8 -e VULNID=dnsnstakeover -e DOMAIN=site.com whitespots/dnsnstakeover CachePoisoning Repo docker run --rm...

7.2AI score
Exploits0References9
kitploit
kitploit
added 2020/10/28 11:30 a.m.53 views

iSH - Linux Shell For iOS

A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese may be out of date, i...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2020/10/15 8:30 p.m.53 views

Mail-Swipe - Script To Create Temporary Email Addresses And Receive Emails

Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address. It uses the API provided by 1secmail to create emails addresses and fetch emails. You can either generate your own email address or you can generate a random email address using th...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2020/09/13 11:30 a.m.53 views

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2020/08/13 12:30 p.m.53 views

Bastillion - A Web-Based SSH Console That Centrally Manages Administrative Access To Systems

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can logi...

7.3AI score
Exploits0References9
kitploit
kitploit
added 2020/06/08 9:30 p.m.53 views

Impost3r - A Linux Password Thief

Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2020/01/14 11:30 a.m.53 views

SWFPFinder - SWF Potential Parameters Finder

SWFPFinder is a simple and open source bash script designed to discovery the potential swf file parameters on the webapp analysing the swf file. SWFPFinder use swfmill tool, swfmill is a tool to process Adobe Flash SWF files. It can convert SWF from and to an XML dialect called “swfml”, which is...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2019/07/08 12:52 p.m.53 views

Whonix v15 - Anonymous Operating System

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One...

7.5AI score
Exploits0References9
kitploit
kitploit
added 2018/12/19 12:31 p.m.53 views

Scavenger - Is A Multi-Threaded Post-Exploitation Scanning Tool For Scavenging Systems, Finding Most Frequently Used Files And Folders As Well As "Interesting" Files Containing Sensitive Information

scavenger : is a multi-threaded post-exploitation scanning tool for scavenging systems, finding most frequently used files and folders as well as "interesting" files containing sensitive information. Problem Definition: Scavenger confronts a challenging issue typically faced by Penetration Testin...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2018/12/17 12:12 p.m.53 views

R3Con1Z3R - A Lightweight Web Information Gathering Tool With An Intuitive Features (OSINT)

R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence OSINT web-based footprinting can be conducted quickly and thoroughly. Footprinting is the first phase of ethical hacking, it...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2018/09/28 12:12 p.m.53 views

Put2Win - Script To Automatize Shell Upload By PUT HTTP Method To Get Meterpreter

Script to automatize shell upload by PUT HTTP method to get meterpreter. Dependencies It's necessary to have installed nmap and msfvenom tools for a correct operation Installation git clone https://github.com/sysdevploit/put2win Usage ./Put2win.sh -h This script automatize shell upload by PUT HTT...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/08/27 1:2 p.m.53 views

BillCipher - Information Gathering Tool For A Website Or IP Address

Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...

7AI score
Exploits0References2
kitploit
kitploit
added 2018/04/05 1:3 p.m.53 views

Security Onion - Linux Distro For IDS, NSM, And Log Management

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wiza...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2017/12/11 9:47 p.m.53 views

ShellcodeToAssembly - Transform your Shellcode to Assembly (ARM, ARM64, MIPS, PPC, X86)

Transform your Shellcode to Assembly ARM, ARM64, MIPS, PPC, X86 Replace in shellcodetoasm.py with your shellcode. shellcode = '' Installation git clone https://github.com/blacknbunny/ShellcodeToAssembly.git && cd ShellcodeToAssembly/ && pip install -r requirements.txt && python2 shellcodetoasm.py...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/12/03 9:30 p.m.53 views

HonSSH - Log all SSH communications between a client and server

HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them. Features Captures all connection attempts to a text file, database or email alerts. When an attacker sends a password guess, HonSSH can...

7.3AI score
Exploits0References7
kitploit
kitploit
added 2017/10/08 8:52 p.m.53 views

AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets

AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2017/08/30 9:30 p.m.53 views

Wordpresscan - WPScan rewritten in Python + some WPSeku ideas

A simple Wordpress scanner written in python based on the work of WPScan Ruby version Install & Launch Dependencies pip install requests pip install tornado Install git clone https://github.com/swisskyrepo/Wordpresscan.git cd Wordpresscan Example 1 : Basic update and scan of a wordpress python...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2016/04/21 5:59 p.m.53 views

Ubuntu 16.04 LTS (Xenial Xerus) - The leading OS for PC, tablet, phone and cloud

Ubuntu is an ancient African word meaning ‘humanity to others’. It also means ‘I am what I am because of who we all are’. The Ubuntu operating system brings the spirit of Ubuntu to the world of computers. Where did it all begin? Linux was already established as an enterprise server platform in...

7.2AI score
Exploits0
kitploit
kitploit
added 2015/12/05 7:27 p.m.53 views

oclHashcat v2.01 - Worlds Fastest Password Cracker

oclHashcat is the world's fastest and most advanced GPGPU-based password recovery utility, supporting five unique modes of attack for over 170 highly-optimized hashing algorithms. oclHashcat currently supports AMD OpenCL and Nvidia CUDA graphics processors on GNU/Linux and Windows 7/8/10, and has...

7.2AI score
Exploits0
kitploit
kitploit
added 2015/06/09 12:30 p.m.53 views

MITMf - Framework for Man-In-The-Middle attacks

Framework for Man-In-The-Middle attacks Available plugins SMBtrap - Exploits the 'SMB Trap' vulnerability on connected clients Screenshotter - Uses HTML5 Canvas to render an accurate screenshot of a clients browser Responder - LLMNR, NBT-NS, WPAD and MDNS poisoner SSLstrip+ - Partially bypass...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2014/08/20 11:52 p.m.53 views

CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is a program that can be used to create encrypted files or encrypt entire drives including USB flash...

7.2AI score
Exploits0
kitploit
kitploit
added 2014/04/27 12:2 a.m.53 views

IronWASP 2014 - One of the world's best web security scannners

Find security issues on your website automatically using IronWASP, one of the world's best web security scannners. Here's what is new: 1 Login recording Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial. 2 Automatically...

7.6AI score
Exploits0
Total number of security vulnerabilities5000