Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2022/03/08 8:30 p.m.50 views

GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser

ScreenShots Install chmod +x install.sh ./install.sh as root Usage ARP Discovery -ar CIDR -s: Scan ports in all hosts discovered -ap: Scan to 65535 Ports -pr MINPORT MAXPORT: Define Port Range to Scan -1000: Scan Top 1000 ports like nmap -t: Set Timeout in milliseconds EXAMPLES go run...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2021/10/02 4:23 a.m.50 views

Pwncat - Fancy Reverse And Bind Shell Handler

pwncat is a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but ther...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/08/09 9:30 p.m.50 views

ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...

8AI score
Exploits0References1
kitploit
kitploit
added 2021/07/19 9:30 p.m.50 views

MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!

Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported: PDF DOCX XLSX PPTX any text-based format and many more!! MAN-SPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/07/16 12:30 p.m.50 views

Exploit_Mitigations - Knowledge Base Of Exploit Mitigations Available Across Numerous Operating Systems, Architectures And Applications And Versions

The goal is to list exploitation mitigations added over time in various operating systems, software, libraries or hardware. It becomes handy to know if a given vulnerability is easily exploitable or not depending on exploitation mitigations in place. An example is the following: Supported targets...

6.6AI score
Exploits0References14
kitploit
kitploit
added 2021/05/07 12:30 p.m.50 views

CANalyse - A Vehicle Network Analysis And Attack Tool

CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces such as Telegram. Basically, while using this tool the attacker can provide a bot-ID and use the tool over the internet through telegram-bot. CANalyse is made ...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2021/02/08 8:30 p.m.50 views

Wifi-Password - Quickly Fetch Your WiFi Password And If Needed, Generate A QR Code Of Your WiFi To Allow Phones To Easily Connect

Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect. Works on macOS and Linux and Windows Installation Install usingpip $ python3 -m pip install --user wifi-password Install usinggit $ git clone...

7.5AI score
Exploits0References5
kitploit
kitploit
added 2020/11/01 8:30 p.m.50 views

Adaz - Automatically Deploy Customizable Active Directory Labs In Azure

This project allows you to easily spin up Active Directory labs in Azure with domain-joined workstations, Windows Event Forwarding, Kibana, and Sysmon using Terraform/Ansible. It exposes a high-level configuration file for your domain to allow you to customize users, groups and workstations...

7.2AI score
Exploits0References16
kitploit
kitploit
added 2020/10/18 8:30 p.m.50 views

RmiTaste - Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria

RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2020/09/13 8:30 p.m.50 views

DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks

DockerENT is activE ruN time application security scanning T ool RAST tool and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit. DockerENT has been designed keeping in mind that during deployments there weak...

7.7AI score
Exploits0References14
kitploit
kitploit
added 2020/08/01 9:30 p.m.50 views

CWFF - Create Your Custom Wordlist For Fuzzing

CWFF is a tool that creates a special High quality fuzzing/content discovery wordlist for you at the highest speed possible using concurrency and it's heavily inspired by @tomnomnom's Who, What, Where, When, Wordlist NahamCon2020. Usage CWFF -h --threads --github --subdomains --recursive...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2020/06/26 10:0 p.m.50 views

VBSmin - VBScript Minifier

VBScript minifier Features Remove extra whitespace Trailing whitespace Leading whitespace Blank lines Inline extra spaces Remove comments Single quote start of the line Single quote inline REM One-line Line splitting underscore Colon Quick start Quick install $ gem install vbsmin See more install...

6.5AI score
Exploits0References4
kitploit
kitploit
added 2020/05/03 12:30 p.m.50 views

OSSEM - A Tool To Assess Data Quality

A tool to assess data quality, built on top of the awesome OSSEM project. Mission Answer the question: I want to start hunting ATT&CK techniques, what log sources and events are more suitable? Create transparency on the strengths and weaknesses of your log sources Provide an easy way to evaluate...

6.8AI score
Exploits0References12
kitploit
kitploit
added 2020/04/08 10:0 p.m.50 views

Chromepass - Hacking Chrome Saved Passwords

Chromepass is a python-based console application that generates a windows executable with the following features: Decrypt Chrome saved paswords Send a file with the login/password combinations remotely email or reverse-http Custom icon Completely undetectable by AntiVirus Engines AV Detection! Du...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/03/22 9:0 p.m.50 views

ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions

Scoring Engine for Red/White/Blue Team Competitions Getting started Download Docker. If you are on Mac or Windows, Docker Compose will be automatically installed. On Linux, make sure you have the latest version of Compose. If you're using Docker for Windows on Windows 10 pro or later, you must al...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/06/30 10:8 p.m.50 views

Lst2X64Dbg - Extract labels from IDA .lst or Ghidra .csv file and export x64dbg database

This script extracts all the labels found in the LST file that is given as the script's single argument. An x64dbg database is created in the current directory based on the extracted labels. The LST file can be generated in IDA from the File menu: Produce file - Create LST file... Example $ pytho...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2018/11/14 12:46 p.m.50 views

Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation : Manticore automatically generates inputs that trigger unique code paths Crash Discovery : Manticore discovers inputs that...

7.9AI score
Exploits0References6
kitploit
kitploit
added 2018/08/07 10:23 p.m.50 views

Apfell - A macOS, Post-Exploit, Red Teaming Framework

A macOS, post-exploit, red teaming framework built with python3 and JavaScript. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. Details Check out thre blog post on the initial release of the...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2018/05/31 10:39 p.m.50 views

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2017/09/28 9:13 p.m.50 views

DBeaver - Free Universal DataBase Manager and SQL Client

Free multi-platform database tool for developers, SQL programmers, database administrators and analysts. Supports any database which has JDBC driver which basically means - ANY database. EE version also supports non-JDBC datasources WMI, MongoDB, Cassandra, Redis. Has a lot of features including...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2016/07/11 11:38 p.m.50 views

T50 - The Fastest Packet Injector

T50 f.k.a. F22 Raptor is a tool designed to perform "Stress Testing". The concept started on 2001, right after release 'nb-isakmp.c', and the main goal was: Having a tool to perform TCP/IP protocol fuzzer, covering common regular protocols, such as: ICMP, TCP and UDP. Things have changed, and the...

7.9AI score
Exploits0References1
kitploit
kitploit
added 2015/10/16 7:12 p.m.50 views

B374K - PHP Webshell with handy features

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. Features : File manager view, edit, rename, delete, upload, download, archiver, etc Search file, file content,...

8.3AI score
Exploits0References1
kitploit
kitploit
added 2015/07/27 9:21 p.m.50 views

Inveigh - A Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client...

7.7AI score
Exploits0References1
kitploit
kitploit
added 2014/12/13 11:10 p.m.50 views

LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application

Low Orbit Ion Cannon LOIC is an open source network stress testing and denial-of-service attack application, written in C. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms. LOIC performs a...

7.1AI score
Exploits0
kitploit
kitploit
added 2014/02/20 10:46 p.m.50 views

[Gmail Password Dump v.20] Command-line Tool to Recover Google Password from GTalk, Picasa, GDesktop, Browsers and Messengers

Gmail Password Dump is the command-line tool to instantly recover your lost gmail password from various Google applications as well as popular web browsers and messengers. Currently it can recover your Gmail password from following applications, Google Talk Google Picassa Google Desktop Seach Gma...

6.7AI score
Exploits0
kitploit
kitploit
added 2013/05/05 4:11 p.m.50 views

[Show Threads] Tool to list all the Threads in the running Process

Show Threads is the small command-line Tool to list all the Threads in the running Process. You can either specify the Process ID or Process Name to enumerate the threads. For each thread, it displays Thread ID and the Base Priority. Being a command-line tool makes it easy for automation. It can ...

7.2AI score
Exploits0
kitploit
kitploit
added 2024/05/20 12:30 p.m.49 views

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS

Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as moder...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2024/04/27 4:55 p.m.49 views

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2024/01/09 11:30 a.m.49 views

Nysm - A Stealth Post-Exploitation Container

A stealth post-exploitation container. Introduction With the raise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to our mind: Would it be possible to make eBPFinvisible in its own eyes? From there, we created nysm,...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2023/10/08 11:30 a.m.49 views

Chromecookiestealer - Steal/Inject Chrome Cookies Over The DevTools Protocol

Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON objects using Chrome's own format. The same format is used for cookies to be loaded. For legal use only. Features Dump Chrome...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2023/09/03 11:30 a.m.49 views

Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists. Installation From Git git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git cd associated-threat-analyzer && pip3...

7.1AI score
Exploits0References6
kitploit
kitploit
added 2023/08/21 12:30 p.m.49 views

MSSqlPwner - An Advanced And Versatile Pentesting Tool Designed To Seamlessly Interact With MSSQL Servers And Based On Impacket

MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact with MSSQL servers and based on Impacket. The MSSqlPwner tool empowers ethical hackers and security professionals to conduct comprehensive security assessments on MSSQL environments. With MSSqlPwner, users can...

8.1AI score
Exploits0References1
kitploit
kitploit
added 2023/03/29 11:30 a.m.49 views

Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget...

7.8AI score
Exploits0References5
kitploit
kitploit
added 2023/03/22 11:30 a.m.49 views

PortexAnalyzerGUI - Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE Structures: Import Section, Resource Section, Export Section, Debug Section...

7AI score
Exploits0References4
kitploit
kitploit
added 2022/12/25 11:30 a.m.49 views

OFRAK - Unpack, Modify, And Repack Binaries

OFRAK Open Firmware Reverse Analysis Konsole is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...

7.4AI score
Exploits0References7
kitploit
kitploit
added 2022/09/29 11:30 a.m.49 views

SpyCast - A Crossplatform mDNS Enumeration Tool

SpyCast is a crossplatform mDNS enumeration tool that can work either in active mode by recursively querying services, or in passive mode by only listening to multicast packets. Building cargo build --release OS specific bundle packages for example dmg and app bundles on OSX can be built via: car...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/09/01 12:30 p.m.49 views

Autodeauth - A Tool Built To Automatically Deauth Local Networks

A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x setup.sh $ sudo ./setup.sh Reading package lists... Done Building dependency tree... Done Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2022/07/18 12:30 p.m.49 views

Koh - The Token Stealer

Koh is a C and Beacon Object File BOF toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project no license, as well as KB180548. For why this is possible and Koh's approeach, see t...

7AI score
Exploits0References10
kitploit
kitploit
added 2022/04/20 12:30 p.m.49 views

DumpSMBShare - A Script To Dump Files And Folders Remotely From A Windows SMB Share

A script to dump files and folders remotely from a Windows SMB share. Features Only list shares with --list-shares. Select only files with given extensions with --extensions or all files. Choose the local folder to dump to with --dump-dir. Select base folder to search from in the share with...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2022/04/14 12:30 p.m.49 views

365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD We recommend installing the AzureADPreview module, Exchan...

6.7AI score
Exploits0References2
kitploit
kitploit
added 2022/03/16 5:29 a.m.49 views

Patching - An Interactive Binary Patching Plugin For IDA Pro

Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow...

7.3AI score
Exploits0References11
kitploit
kitploit
added 2022/01/31 11:30 a.m.49 views

Bluffy - Convert Shellcode Into Different Formats!

Bluffy is a utility which was used in experiments to bypass Anti-Virus products statically by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku's NinjaUUIDRunner and ChoiSG's UuidShellcodeExec, inspired the initial concept for Bluffy. So far, we...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2021/11/24 11:30 a.m.49 views

Whoc - A Container Image That Extracts The Underlying Container Runtime

A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud Village Azurescape - whoc-powered research, the first cross-account container takeover in the...

8.6CVSS8.7AI score0.9857EPSS
Exploits33References2
kitploit
kitploit
added 2021/10/07 8:30 p.m.49 views

Attack-Surface-Framework - Tool To Discover External And Internal Network Attack Surface

ASF aims to protect organizations acting as an attack surface watchdog, provided an “Object” which might be a: Domain, IP address or CIDR Internal or External, ASF will discover assets/subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible attacking an...

7.3AI score
Exploits0References10
kitploit
kitploit
added 2021/09/20 8:30 p.m.49 views

CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster Go vs Python, uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineere...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/09/07 11:30 a.m.49 views

Penelope - Shell Handler

Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way. Among the main...

7.6AI score
Exploits0References6
kitploit
kitploit
added 2021/07/13 12:30 p.m.49 views

DNSrr - A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS

DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS records, it uses different techniques like DNS Forward Bruteforce DNS Reverse Bruteforce DNS Cache Snooping DNS Zone Transfer To get you all the information that you can get, from a DNS server. Installation Install it...

6.9AI score
Exploits0References3
kitploit
kitploit
added 2021/06/20 9:30 p.m.49 views

NamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the projects Invoke-SMBExec.ps1 and RoguePotato. I faced...

7.8AI score
Exploits0References6
kitploit
kitploit
added 2021/06/14 9:30 p.m.49 views

defenselessV1 - Just Another Vulnerable Web Application

Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2021/04/27 12:30 p.m.49 views

Ldsview - Offline search tool for LDAP directory dumps in LDIF format

Offline search tool for LDAP directory dumps in LDIF format. Features Fast and memory efficient parsing of LDIF files Build ldapsearch commands to extract an LDIF from a directory Show directory structure UAC and directory time format translation Config Config options can be passed as CLI flags,...

7.2AI score
Exploits0References4
Total number of security vulnerabilities5000