Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2022/01/15 8:30 p.m.51 views

Iptable_Evil - An Evil Bit Backdoor For Iptables

iptableevil is a very specific backdoor for iptables that allows all packets with the evil bit set, no matter the firewall rules. The initial implementation is in iptableevil.c, which adds a table to iptables and requires modifying a kernel header to insert a spot for it. The second implementatio...

7AI score
Exploits0References6
kitploit
kitploit
added 2021/11/08 8:30 p.m.51 views

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which i...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2021/06/26 9:30 p.m.51 views

SharpHook - Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials

SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials. In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and...

7.6AI score
Exploits0References6
kitploit
kitploit
added 2021/03/23 8:30 p.m.51 views

CTF-Party - A Ruby Library To Enhance And Speed Up Script/Exploit Writing For CTF Players

A library to enhance and speed up script/exploit writing for CTF players or security researchers, bug bounty hunters, pentesters but mostly focused on CTF by patching the String class to add a short syntax of usual code patterns. The philosophy is also to keep the library to be pure ruby no...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2021/03/07 11:30 a.m.51 views

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...

6.6CVSS6.6AI score0.01533EPSS
Exploits0References4
kitploit
kitploit
added 2021/02/21 8:30 p.m.51 views

Perfusion - Exploit For The RpcEptMapper Registry Key Permissions Vulnerability (Windows 7 / 2088R2 / 8 / 2012)

On Windows 7 , Windows Server 2008R2 , Windows 8 , and Windows Server 2012 , the registry key of the RpcEptMapper and DnsCache 7/2008R2 only services is configured with weak permissions. Any local user can create a Performance subkey and then leverage the WindowsPerformance Counters to load an...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2021/02/02 8:30 p.m.51 views

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2021/01/28 8:30 p.m.51 views

JWT Key ID Injector - Simple Python Script To Check Against Hypothetical JWT Vulnerability

Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow:...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/12/07 11:30 a.m.51 views

Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting th...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2020/11/03 11:30 a.m.51 views

Webshell-Analyzer - Web Shell Scanner And Analyzer

Web shell analyzer is a cross platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The web shell analyzer is the bigger brother to the web shell scanner project http://github.com/tstillz/webshell-scan, which only...

7AI score
Exploits0References3
kitploit
kitploit
added 2020/10/19 8:30 p.m.51 views

Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk

Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can b...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2020/09/21 11:30 a.m.51 views

Moriarty-Project - This Tool Gives Information About The Phone Number That You Entered

What IS Moriarty? Advanced Information Gathering And Osint Tool Moriarty is a tool that tries to find good information about the phone number that you provieded; -Tries To Find Owner Of The Number -Tries To Find Risk Level Of The Number -Tries To Find Location,Time Zone Of The Number,Carrier -Tri...

7AI score
Exploits0References1
kitploit
kitploit
added 2020/07/20 9:30 p.m.51 views

PENIOT - Penetration Testing Tool for IoT

PENIOT is a penetration testing tool for Internet of Things IoT devices. It helps you to test/penetrate your devices by targeting their internet connectivity with different types of security attacks. In other words, you can expose your device to both active and passive security attacks. After...

7AI score
Exploits0References3
kitploit
kitploit
added 2020/07/19 1:0 p.m.51 views

Bramble - A Hacking Open Source Suite

Bramble software has been designed for the bramble project. It incorporates many features of pentesting and IT Security. It's easy to use and completely editable. It allows beginners to learn hacking and gives more experienced users a customisable plug and play hacking tools so they can add their...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/07/10 9:30 p.m.51 views

OWASP Threat Dragon - Cross-Platform Threat Modeling Application

Threat Dragon is a free, open-source, cross-platform threat modeling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project. The focus of the project is on great UX, a powerful rule engine and integration with other...

7AI score
Exploits0References3
kitploit
kitploit
added 2020/06/13 10:30 p.m.51 views

Shodanfy.py - Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)

Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan no apikey! no rate limit! Usage python3 shodanfy.py OPTIONS e.g: python3 shodanfy.py 111.111.111.111 python3 shodanfy.py 111.111.111.111 --getports python3 shodanfy.py 111.111.111.111 --getvuln python3 shodanfy.py...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/04/16 12:7 p.m.51 views

Crescendo - A Swift Based, Real Time Event Viewer For macOS - It Utilizes Apple's Endpoint Security Framework

Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework. Getting Started Apple has introduced some new security mechanisms that we need to enable to get Crescendo running. 1.- Ensure that you have moved the app to your /Applications director o...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2020/03/10 8:30 p.m.51 views

FuzzBench - Fuzzer Benchmarking As A Service

FuzzBench is a free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale. The goal of FuzzBench is to make it painless to rigorously evaluate fuzzing research and make fuzzing research easier for the community to adopt. We invite members of the research...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2020/01/28 11:50 p.m.51 views

Kali Linux 2020.1 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the first release of 2020, Kali Linux 2020.1. 2020.1 includes some exciting new updates: Non-Root by default Kali single installer image Kali NetHunter Rootless Improvements to theme & kali-undercover New tools Non-Root Throughout the history of Kali and its...

7.7AI score
Exploits0
kitploit
kitploit
added 2019/09/15 10:4 p.m.51 views

PrivExchange - Exchange Your Privileges For Domain Admin Privs By Abusing Exchange

POC tools accompanying the blog Abusing Exchange: One API call away from Domain Admin. Requirements These tools require impacket. You can install it from pip with pip install impacket, but it is recommended to use the latest version from GitHub. privexchange.py This tool simply logs in on Exchang...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/01/23 8:40 p.m.51 views

Parrot Security 4.5 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.5 is officially released, and there are some major changes under the hood, powered by the long-term supported Linux 4.19 kernel series, preparing the project for the upcoming Parrot 5.0 LTS release. For future releases, Parrot Security plans to a support two kernels, stable kernel and a...

7.3AI score
Exploits0
kitploit
kitploit
added 2019/01/09 12:51 p.m.51 views

Aztarna - A Footprinting Tool For Robots

This repository contains Alias Robotics' aztarna, a footprinting tool for robots. Alias Robotics supports original robot manufacturers assessing their security and improving their quality of software. By no means we encourage or promote the unauthorized tampering with running robotic systems. Thi...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2017/12/28 1:30 p.m.51 views

PiKarma - Detects Wireless Network Attacks

Detects wireless network attacks performed by KARMA module fake AP. Starts deauthentication attack for fake access points Working Principle for PiKarma Collects all the packets from Wireless Network. Probe Response Analyses all the packets in real time. If PiKarma finds more than one SSID info fr...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2017/08/30 2:30 p.m.51 views

DSSS - Damn Small SQLi Scanner

Damn SmallSQLi Scanner DSSS is a fully functional SQL injection vulnerability scanner supporting GET and POST parameters written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie. Sample runs $ python dsss.py...

8.3AI score
Exploits0References1
kitploit
kitploit
added 2017/06/15 3:0 p.m.51 views

RED HAWK - All In One Tool For Information Gathering, SQL Vulnerability Scannig and Crawling

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scannig and Crawling. Coded In PHP. Features Of The Tool: Server detection Cloudflare detector robots scanner CMS Detector WordPress Joomla Drupal Magento Whois GEO-IP Scan NMAP Port Scan DNS Lookup SubNet Calculator...

8AI score
Exploits0References1
kitploit
kitploit
added 2017/04/13 2:30 p.m.51 views

HashPump - A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512. Help Menu $ hashpump -h HashPump -h help -t test -s signature -d data -a additional -k keylength HashPump generates strings to exploit signatures vulnerable...

Exploits0References3
kitploit
kitploit
added 2016/12/06 1:32 p.m.51 views

Al-Khaser v0.65 - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you stay under the radar. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2016/11/02 2:30 p.m.51 views

Whitewidow 1.5.0 - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

7.9AI score
Exploits0References1
kitploit
kitploit
added 2016/09/26 2:30 p.m.52 views

WSSAT - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2016/09/19 3:22 p.m.51 views

PowerUpSQL - A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could...

8AI score
Exploits0References2
kitploit
kitploit
added 2016/06/07 10:21 p.m.51 views

Tor Browser 6.0 - Everything you Need to Safely Browse the Internet

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical...

7.5AI score
Exploits0
kitploit
kitploit
added 2015/06/01 9:52 p.m.51 views

Wireless Network Watcher v1.81 - Show Who is Connected to your Wireless Network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...

6.6AI score
Exploits0
kitploit
kitploit
added 2015/03/10 3:5 a.m.51 views

Maligno v2.0 - Metasploit Payload Server

Maligno is an open source penetration testing tool written in Python that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded prior to transmission. Maligno also comes with a client tool, which...

7.2AI score
Exploits0
kitploit
kitploit
added 2014/11/05 12:37 a.m.51 views

ZMap 1.2.1 - The Internet Scanner

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical...

7.4AI score
Exploits0
kitploit
kitploit
added 2014/07/05 5:15 p.m.51 views

ODAT - Oracle Database Attacking Tool

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that test the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a val...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2013/11/09 1:7 a.m.51 views

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python...

7.5AI score
Exploits0References9
kitploit
kitploit
added 2012/11/02 3:18 p.m.51 views

[TCHead] TrueCrypt Password Cracking Tool

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers preboot authentication. Brute-force TrueCrypt : However, TrueCrypt passwords go through ma...

7.3AI score
Exploits0
kitploit
kitploit
added 2024/01/28 11:30 a.m.50 views

Raven - CI/CD Security Analyzer

RAVEN Risk Analysis andVulnerability Enumeration for CI/CD is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to identify...

8AI score
Exploits0References13
kitploit
kitploit
added 2023/11/10 11:30 a.m.50 views

Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns Features Afuzz automatically detects the development language used by the website, and generates extensions according to the language Uses blacklist to filter invalid pages Uses...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2023/08/06 12:30 p.m.50 views

AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition

AiCEF is a tool implementing the accompanying framework 1 in order to harness the intelligence that is available from online resources, as well as threat groups' activities, arsenal eg. MITRE, to create relevant and timely cybersecurity exercise content. This way, we abstract the events from the...

6.9AI score
Exploits0References6
kitploit
kitploit
added 2023/07/15 12:30 p.m.50 views

Hidden - Windows Driver With Usermode Interface Which Can Hide Processes, File-System And Registry Objects, Protect Processes And Etc

Hidden has been developed like a solution for reverse engineering and researching tasks. This is a windows driver with a usermode interface which is used for hiding specific environment on your windows machine, like installed RCE programs ex. procmon, wireshark, vm infrastructure ex. vmware tools...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2023/04/28 12:30 p.m.50 views

Bearer - Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

Discover, filter, and prioritize security risks and vulnerabilities impacting your code. Bearer is a static application security testing SAST tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive da...

7.4AI score
Exploits0References10
kitploit
kitploit
added 2023/02/20 11:30 a.m.50 views

Faraday - Open Source Vulnerability Management Platform

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on...

7.2AI score
Exploits0References10
kitploit
kitploit
added 2022/12/23 11:30 a.m.50 views

S3Crets_Scanner - Hunting For Secrets Uploaded To Public S3 Buckets

S3cret Scanner tool designed to provide a complementary layer for the Amazon S3 Security Best Practices by proactively hunting secrets in public S3 buckets. Can be executed as scheduled task or On-Demand Automation workflow The automation will perform the following actions: 1. List the public...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2022/12/10 9:45 p.m.50 views

AzureGraph - Azure AD Enumeration Over MS Graph

AzureGraph is an Azure AD information gathering tool over Microsoft Graph. Thanks to Microsoft Graph technology, it is possible to obtain all kinds of information from Azure AD, such as users, devices, applications, domains and much more. This application, allows you to query this data through th...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2022/11/16 11:30 a.m.50 views

TripleCross - A Linux eBPF Rootkit With A Backdoor, C2, Library Injection, Execution Hijacking, Persistence And Stealth Capabilities.

TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON...

7.9AI score
Exploits0References34
kitploit
kitploit
added 2022/10/22 11:30 a.m.50 views

Usbsas - Tool And Framework For Securely Reading Untrusted USB Mass Storage Devices

usbsas is a free and open source GPLv3 tool and framework for securely reading untrusted USB mass storage devices. Description Following the concept of defense in depth and the principle of least privilege, usbsas's goal is to reduce the attack surface of the USB stack. To achieve this, most of t...

7.3AI score
Exploits0References6
kitploit
kitploit
added 2022/09/27 11:30 a.m.50 views

pyFlipper - Unoffical Flipper Zero Cli Wrapper Written In Python

Unoffical Flipper Zero cli wrapper written in Python Functions and characteristics: Flipper serial CLI wrapper Websocket client interface Setup instructions: $ git clone https://github.com/wh00hw/pyFlipper.git $ cd pyFlipper $ python3 -m venv venv $ source venv/bin/activate $ pip install -r...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/07/25 12:30 p.m.50 views

Bpflock - eBPF Driven Security For Locking And Auditing Linux Machines

bpflock - eBPF driven security for locking and auditing Linux machines. Note: bpflock is currently in experimental stage , it may break, options and security semantics may change, some BPF programs will be updated to use Cilium ebpf library. 1. Introduction bpflock uses eBPF to strength Linux...

7.5AI score
Exploits0References22
kitploit
kitploit
added 2022/04/17 9:30 p.m.50 views

linWinPwn - A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the reposito...

7.6AI score
Exploits0References14
Total number of security vulnerabilities5000