Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2017/10/17 1:30 p.m.490 views

cve-search - A Tool To Perform Local Searches For Known Vulnerabilities

cve-search is a tool to import CVE Common Vulnerabilities and Exposures and CPE Common Platform Enumeration into a MongoDB to facilitate search and processing of CVEs. The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually fast...

7.8CVSS9.1AI score0.89497EPSS
Exploits18References6
Kitploit
Kitploit
added 2017/10/02 8:45 p.m.490 views

TeleShadow - Telegram Desktop Session Stealer (Windows)

Stealing desktop telegrams has never been so easy ! Set the email and sender details of the sender and recipient and send it to the victim after compiling. How do I use the session file? Delete everything inside folder at "C:\Users\YourName\AppData\Roaming\Telegram Desktop\tdata" Then Replace...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/03/19 1:22 p.m.490 views

gdbgui - A browser-based frontend/gui for GDB

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browser. Install sudo pip install gdbgui --upgrade Since gdbgui is under active development, consider...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/04/06 12:30 p.m.487 views

Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc...

Scylla is an OSINT tool developed in Python 3.6. Scylla lets users perform advanced searches on Instagram & Twitter accounts, websites/webservers, phone numbers, and names. Scylla also allows users to find all social media profiles main platforms assigned to a certain username. In continuation,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/23 12:0 p.m.487 views

KsDumper - Dumping Processes Using The Power Of Kernel Space

I always had an interest in reverse engineering. A few days ago I wanted to look at some game internals for fun, but it was packed & protected by EAC EasyAntiCheat. This means its handle were stripped and I was unable to dump the process from Ring3. I decided to try to make a custom driver that...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2019/11/19 8:44 p.m.487 views

WinPwn - Automation For Internal Windows Penetrationtest / AD-Security

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal...

8AI score
Exploits0References19
Kitploit
Kitploit
added 2018/10/02 9:37 p.m.487 views

pwnedOrNot v1.1.0 - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabricatio...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/09 8:25 p.m.486 views

rootOS - macOS Root Helper

Tries to use various CVEs to gain sudo or root access. All exploits have an end goal of adding ALL ALL=ALL NOPASSWD: ALL to /etc/sudoers allowing any user to run sudo commands. Exploits CVE-2008-2830 CVE-2015-3760 CVE-2015-5889 CVE-2017-13872 AppleScript Dynamic Phishing Sudo Piggyback Link Run...

8.1CVSS7.1AI score0.36886EPSS
Exploits23References1
Kitploit
Kitploit
added 2015/12/15 9:45 p.m.486 views

Collection Of Awesome Honeypots

A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. Honeypots Database Honeypots Elastic honey - A Simple Elasticsearch Honeypot mysql - A mysql honeypot, still very very...

7.2AI score
Exploits0References91
Kitploit
Kitploit
added 2021/03/24 8:30 p.m.484 views

OSCP-Exam-Report-Template-Markdown - Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report

I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer needed during your Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam! Now you can be efficient and faster during your exam report redaction! Speed up writing , don...

7.2AI score
Exploits0References13
Kitploit
Kitploit
added 2021/07/21 9:47 p.m.482 views

Hash-Buster v3.0 - Crack Hashes In Seconds

Why crack hashes when you can bust them? Features Automatic hash type identification Supports MD5, SHA1, SHA256, SHA384, SHA512 Can extract & crack hashes from a file Can find hashes from a directory, recursively Multi-threading Insallation & Usage Note: Hash Buster isn't compatible with python2,...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/12/28 11:30 a.m.481 views

Top 20 Most Popular Hacking Tools in 2023

As last year, this year we made a ranking with the most popular tools between January and December 2023. The tools of this year encompass a diverse range of cybersecurity disciplines, including AI-Enhanced Penetration Testing, Advanced Vulnerability Management, Stealth Communication Techniques,...

6.5AI score
Exploits0
Kitploit
Kitploit
added 2020/06/29 9:30 p.m.481 views

Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark

kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Tests are configured with YAML files, making this tool easy to update as test specifications evolve. Please Note 1. kube-bench implements the CIS...

6.7AI score
Exploits0References10
Kitploit
Kitploit
added 2020/03/12 11:30 a.m.481 views

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. NEWS Modules PTF UPDATE PTF OPtions...

9.8CVSS10AI score0.99999EPSS
Exploits123References1
Kitploit
Kitploit
added 2016/09/06 2:44 p.m.476 views

winfsp - Windows File System Proxy

WinFsp is a set of software components for Windows computers that allows the creation of user mode file systems. In this sense it is similar to FUSE Filesystem in Userspace, which provides the same functionality on UNIX-like computers. Some of the benefits and features of using WinFsp are listed...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/04/11 8:42 p.m.473 views

M0B-tool - Auto Detect CMS And Exploit

Tool to auto detect CMS and exploit. Features: Bing dork scanner by domain Dork by country BRUTE FORCE WordPress auto scrap name - Joomla - Drupal - Opencart - Magento Shell finder Ip scanner and brute force Auto detect cms and exploit Run perl MENU.pl Install git clone...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/03 2:10 p.m.472 views

Fluxion - Set Up Fake AP, Fake DNS, And Create Captive Portal To Trick Users Into Giving You Their Password

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with hopefully less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering phishing attack. It's compatible wit...

7.6AI score
Exploits0References7
Kitploit
Kitploit
added 2020/07/04 10:0 p.m.471 views

FastNetMon Community - Very Fast DDoS Analyzer With Sflow/Netflow/Mirror Support

FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines NetFlow, IPFIX, sFlow, AFPACKET, SnabbSwitch, netmap, PFRING obsoleted, PCAP. What do we do? We detect hosts in the deployed network sending or receiving large volumes of traffic,...

7.1AI score
Exploits0References8
Kitploit
Kitploit
added 2019/06/02 10:22 p.m.471 views

Python-Iocextract - Advanced Indicator Of Compromise (IOC) Extractor

Advanced Indicator of Compromise IOC extractor. Overview This library extracts URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora. It includes some encoded and "defanged" IOCs in the output, and optionally decodes/refangs them. The Problem It is common practice...

7AI score
Exploits0References4
Kitploit
Kitploit
added 2022/01/17 8:30 p.m.468 views

reFlutter - Flutter Reverse Engineering Framework

This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis in a convenient way. Key features:...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2022/08/24 12:30 p.m.467 views

Ox4Shell - Deobfuscate Log4Shell Payloads With Ease

Deobfuscate Log4Shell payloads with ease. Description Since the release of the Log4Shell vulnerability CVE-2021-44228, many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shel...

10CVSS9.6AI score0.99999EPSS
Exploits354References1
Kitploit
Kitploit
added 2020/03/06 12:0 p.m.467 views

Ghost Framework - An Android Post Exploitation Framework That Uses An Android Debug Bridge To Remotely Access A n Android Device

Ghost Framework is an Android post exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation cd ghost chmod +x install.sh ./install....

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/22 1:36 p.m.467 views

XAttacker - Website Vulnerability Scanner & Auto Exploiter

XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi Installation git clone https://github.com/Moham3dRiahi/XAttacker.git Auto Cms Detect 1 WordPress : + Adblock Blocker + WP All Import + Blaze + Catpro + Cherry Plugin + Download Manager + Formcraft +...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2024/03/14 11:30 a.m.465 views

Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting Live Tool Broad domain search w/ negative search site:example.com -www -shop -share -ir -mfa PHP extension w/ parameters site:example.com ext:php inurl:? Disclosed XSS and Open Redirects site:openbugbounty.org...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/14 10:15 p.m.465 views

TeleKiller - A Tool Session Hijacking And Stealer Local Passcode Telegram Windows

A Tools Session Hijacking And Stealer Local passcode Telegram Windows. Features : Session Hijacking Stealer Local Passcode Keylogger Shell Bypass 2 Step Verification Bypass Av Coming Soon InstallationWindows git clone https://github.com/ultrasecurity/TeleKiller.git cd TeleKiller pip install -r...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/06/27 3:23 p.m.463 views

XSStrike - Fuzz and Bruteforce Parameters for XSS

XSStrike is a python which can fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs. Installing XSStrike Use the following command to download it git clone https://github.com/UltimateHackers/XSStrike/ After downloading, navigate to XSStrike directory with the following comma...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2017/03/14 5:30 p.m.464 views

strutszeiro - Telegram Bot to manage botnets created with struts vulnerability (CVE-2017-5638)

Telegram Bot to manage botnets created with struts vulnerabilityCVE-2017-5638 Dependencies pip install -r requeriments.txt Config Create a telegram bot, save the API token in config/token.conf Create a telegram group, save the group id in config/group.conf Start python strutszeiro.py Telegram Usa...

9.8CVSS10AI score0.99999EPSS
Exploits44References1
Kitploit
Kitploit
added 2021/11/28 8:30 p.m.462 views

DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk

DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2019/12/03 8:30 p.m.461 views

Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response

Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-SecretFinder/master/SecretFinder.py or git clone https://github.com/m4ll0k/BurpSuite-SecretFinder.git now open Burp Extender Extensions Add se...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/07/10 9:30 p.m.460 views

Nexfil - OSINT Tool For Finding Profiles By Username

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds. The goal behind this tool was to get results quickly while maintaining low amounts of false positives. If you like my work please star this proje...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2020/10/28 8:30 p.m.458 views

Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android's Google Play Cor...

8.8CVSS9.1AI score0.02883EPSS
Exploits1References59
Kitploit
Kitploit
added 2019/02/02 12:38 p.m.458 views

LOLBAS - Living Off The Land Binaries And Scripts (LOLBins And LOLScripts)

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques. All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io thanks @ConsciousHacker for this bit of eyecandy and the team ov...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2018/01/28 1:21 p.m.457 views

Infoga - Email Information Gathering

Infoga is a tool for gathering e-mail accounts information ip,hostname,country,... from different public sources search engines, pgp key servers. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2018/01/31 12:39 p.m.456 views

SocialFish - Ultimate phishing tool with Ngrok integrated

Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP TESTED ON Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip install -r requirements.txt python SocialFish.py AVAILABLE PAGES + Facebook...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2022/03/17 8:30 p.m.455 views

Mip22 - An Advanced Phishing Tool

The program is made for educational purposes only for to see how the phishing method works. Any unnecessary use of the program is prohibited and the manufacturer has no responsibility for any illegal use by anyone. Use the tool at your own risk and avoid any sloppy actions. Installation...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2019/06/26 1:8 p.m.455 views

VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS

VulnX Wiki • How To Use • Compatibility • Library • Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerability Scanning of the target like subdomains, IP addresses, country, org, timezone,...

7AI score
Exploits0References9
Kitploit
Kitploit
added 2021/04/15 9:30 p.m.454 views

Defeat-Defender - Powerful Batch Script To Dismantle Complete Windows Defender Protection And Even Bypass Tamper Protection

Powerfull Batch File To Disable Windows Defender,Firewall,Smartscreen And Execute the payload Usage : 1. Edit Defeat-Defender.bat on this line https://github.com/swagkarna/Defeat-Defender/blob/93823acffa270fa707970c0e0121190dbc3eae89/Defeat-Defender.batL72 and replace the direct url of your paylo...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2020/09/21 8:30 p.m.452 views

VMPDump - A Dynamic VMP Dumper And Import Fixer

A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After Usage VMPDump.exe "" -ep= -disable-reloc Arguments: : The ID of the target process, in decimal or hex form. : The name of the module which should be dumped and fixed. This can be an empty string "...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/10/22 12:53 p.m.452 views

PatrOwl - Open Source, Free And Scalable Security Operations Orchestration Platform

PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations scans, searches, API calls, ..., aggregating the results, relaying alerts on...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2020/03/21 12:0 p.m.450 views

uDork - Google Hacking Tool

uDork is a script written in Python that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web applications, and so on. uDork does NOT make attacks against any server, it only uses predefined dorks and/or official...

6.6AI score
Exploits0References3
Kitploit
Kitploit
added 2019/02/09 8:47 p.m.448 views

Volatility Workbench - A GUI For Volatility Memory Forensics

Volatility Workbench is a graphical user interface GUI for the Volatility tool. Volatility is a command line memory analysis and forensics tool for extracting artifacts from memory dumps. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2021/12/01 8:30 p.m.446 views

ShonyDanza - A Customizable, Easy-To-Navigate Tool For Researching, Pen Testing, And Defending With The Power Of Shodan

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan. With ShonyDanza, you can: Obtain IPs based on search criteria Automatically exclude honeypots from the results based on your pre-configured thresholds Pre-configure all IP searches to filte...

10CVSS9.7AI score0.99999EPSS
Exploits153References1
Kitploit
Kitploit
added 2017/11/04 1:30 p.m.440 views

Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework

kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts. Requirements python3 Currently supported CVE's: CVE-2017-1000367 CVE-2017-1000112 CVE-2017-7308 CVE-2017-6074 CVE-2017-5123 CVE-2016-5195 CVE-2016-2384 CVE-2016-0728 CVE-2015-7547...

8.8CVSS8.4AI score0.89557EPSS
Exploits241References2
Kitploit
Kitploit
added 2017/07/22 8:30 p.m.435 views

Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]

Eternal scanner is a network scanner for Eternal Blue exploit CVE-2017-0144. Requirements masscan metasploit-framework How to Install git clone https://github.com/peterpt/eternalscanner.git cd eternalscanner && ./escan OR ./escan -h to change scanner speed Install Requirements apt-get install...

8.8CVSS8.9AI score0.9923EPSS
Exploits55References2
Kitploit
Kitploit
added 2016/01/15 9:30 p.m.435 views

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt wa...

9.8AI score
Exploits0References1
Kitploit
Kitploit
added 2021/09/14 11:30 a.m.432 views

targetedKerberoast - Kerberoast With ACL Abuse Capabilities

targetedKerberoast is a Python script that can, like many others e.g. GetUserSPNs.py, print "kerberoast" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one abuse of a write permission on the...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2021/07/15 9:30 p.m.430 views

Ventoy - A New Bootable USB Solution

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHDx/EFI files. With ventoy, you don't need to format the disk over and over, you just need to copy the image files to the USB drive and boot it. You can copy many image files at a time and ventoy will give you a boot menu...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/26 9:30 p.m.429 views

Cook - A Customizable Wordlist And Password Generator

Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function. You can use this tool to easily create complex endpoints and passwords. Customizing tool according to your unique secrets keywords. Easy UX, Checkout Usage Installation Using Go g...

7.3AI score
Exploits0References9
Kitploit
Kitploit
added 2020/01/03 8:30 p.m.429 views

SysWhispers - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Introduction Various security products place hooks in user-mode APIs which allow...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2019/10/04 8:30 p.m.428 views

Fenrir - Simple Bash IOC Scanner

Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise IOCs: Hashes MD5, SHA1 and SHA256 using md5sum, sha1sum, sha -a 256 File Names string - checked for substring of the full path, e.g. "temp/p.exe" in "/var/temp/p.exe"...

7.3AI score
Exploits0References3
Total number of security vulnerabilities5000