Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/11/26 8:30 p.m.49 views

N1QLMap - The Tool Exfiltrates Data From Couchbase Database By Exploiting N1QL Injection Vulnerabilities

N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here: https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database. Usage Help usage:...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2020/09/12 8:30 p.m.49 views

Some-Tools - Install And Keep Up To Date Some Pentesting Tools

Some-Tools Why I was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo which you can see at the bottom of the page and it gave me...

7.5AI score
Exploits0References50
kitploit
kitploit
added 2020/08/19 3:46 a.m.49 views

Kali Linux 2020.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! Quarter 3 – Kali Linux 20202.3. This release has various impressive updates. A quick overview of what’s new since the last release in May 2020: New Shell – Starting the process to switch from “Bash” to “ZSH “ The release of “Win-Kex ” – Get readyWSL2 Automatin...

7.3AI score
Exploits0
kitploit
kitploit
added 2020/08/05 9:30 p.m.49 views

UEFI_RETool - A Tool For UEFI Firmware Reverse Engineering

A tool for UEFIfirmware reverse engineering. UEFI firmware analysis withuefiretool.py script Usage: Copy idaplugin/uefianalyser.py script and idaplugin/uefianalyser directory to IDA plugins directory Edit config.json file PEDIR is a directory that contains all executable images from the UEFI...

7.1AI score
Exploits0References6
kitploit
kitploit
added 2020/04/15 12:0 p.m.49 views

crauEmu - An uEmu Extension For Developing And Analyzing Payloads For Code-Reuse Attacks

crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks. Slides from ZeroNights 2019 Demo 1 - X32-64, Edge, rop-gadgets from pwnjs Demo 2 - ARM64, checkm8 callback-chain Mascot designed by@kottsarapkin RopEditor Installation 1. Put the file crauEmu.py in same...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2020/04/09 10:0 p.m.49 views

Eavesarp - Analyze ARP Requests To Identify Intercommunicating Hosts And Stale Network Address Configurations (SNACs)

A reconnaissance tool that analyzes ARP requests to identify hosts that are likely communicating with one another, which is useful in those dreaded situations where LLMNR/NBNS aren't in use for name resolution. Requirements/Installation This is only gon' work on Kali or other Debian-basedLinux...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2019/08/01 1:8 p.m.49 views

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domains; you can target a single domain or a list of...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2019/04/28 8:45 p.m.49 views

Parrot Security 4.6 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

After 3 months of heavy development Parrot 4.6 is officially released. How to update Update your existing Parrot system with the following command: sudo parrot-upgrade System Changes Appearance The desktop-base and parrot-wallpapers also received some love and are updated to reflect such changes...

7.3AI score
Exploits0
kitploit
kitploit
added 2018/10/17 12:46 p.m.49 views

imR0T - Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13)

imR0T: Send a quick message with simple text encryption to your whatsapp contact and protect your text by encrypting and decrypting, basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution. How To Use It's simple: Clone this repository git clone...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/08/26 1:12 p.m.49 views

Microctfs - Small CTF Challenges Running On Docker

Small CTF challenges running on Docker logviewer Build and Start logviewer challenge exposed on port 8000 cd logviewer docker build -t logviewer . docker run -d -p 8000:80 --name logchallenge logviewer Restart logviewer challenge docker rm -f logchallenge && docker run -d -p 8000:80 --name...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/07/20 10:21 p.m.49 views

Security Monkey - Tool To Monitors Your AWS And GCP Accounts For Policy Changes And Alerts On Insecure Configurations

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories. It provides a single UI to brow...

7.3AI score
Exploits0References17
kitploit
kitploit
added 2018/06/15 10:23 p.m.49 views

wpCrack - Wordpress Hash Cracker

Wordpress Hash Cracker. Installation git clone https://github.com/MrSqar-Ye/wpCrack.git Video Download wpCrack...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2018/03/18 9:25 p.m.49 views

Taipan - Web Application Security Scanner

Taipan is a an automated web application scanner which allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which include other components, like a web dashboard where you can manage your scan or download a PDF report and a scanner...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2018/01/23 8:30 p.m.49 views

Trojanizer - Trojanize Your Payload (WinRAR [SFX] Automatization)

The Trojanizer tool uses WinRAR SFX to compress the two files input by user, and transforms it into an SFX executable.exe archive. The sfx archive when executed it will run both files our payload and the legit appl at the same time. To make the archive less suspicious to target at execution time,...

8.4AI score
Exploits0References4
kitploit
kitploit
added 2017/11/18 9:21 p.m.49 views

Excalibur - An Eternalblue exploit payload based Powershell

Excalibur is an Eternalblue exploit based "Powershell" for the Bashbunny project. It's purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain. Excalibur may be used only for demostrations purposes only, and the developers are not responsible to any misuse or illeagal...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2017/11/06 9:30 p.m.49 views

CrunchRAT - HTTPS-based Remote Administration Tool (RAT)

CrunchRAT currently supports the following features: File upload File download Command execution It is currently single-threaded only one task at a time, but multi-threading or multi-tasking is currently in the works. Additional features will be included at a later date. Server The server-side of...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2016/05/11 10:18 p.m.49 views

Airgeddon - A Multi-use Bash Script for Linux Systems to Audit Wireless Networks

Features Interface mode switcher Monitor-Managed. DoS over wireless networks with different methods. Assisted Handshake file capture. Cleaning and optimizing Handshake captured files. Offline password decrypt on WPA/WPA2 captured files dictionary and bruteforce. Compatibility with many Linux...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2016/04/07 10:47 p.m.49 views

GetDataReport - Script to collect information to the client side

Script in PHP+JS for get information of target through a web application, use $SERVER functions and JS functions for get information of our client. Plugin WEBApps in some web applications need to collect information from the client to perform tasks with this plugin will be easier to work with the...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2014/04/14 12:17 a.m.49 views

HULK - Web Server DoS Tool

HULK is a web server denial of service tool DDoS Tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool. The Hulk Web server is a brainchild of Barry...

7.3AI score
Exploits0
kitploit
kitploit
added 2014/02/22 1:54 a.m.49 views

[Havij 1.17] Automated and Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and...

9.4AI score
Exploits0
kitploit
kitploit
added 2014/01/14 4:17 a.m.49 views

[WiFi Password Decryptor v3.0] Wireless Password Recovery Software

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays followi...

6.9AI score
Exploits0
kitploit
kitploit
added 2013/12/22 2:16 p.m.49 views

[WinAppDbg 1.5] Python Debugger

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach...

8AI score
Exploits0
kitploit
kitploit
added 2024/02/19 11:30 a.m.48 views

SwaggerSpy - Automated OSINT On SwaggerHub

SwaggerSpy is a tool designed for automated Open Source Intelligence OSINT on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2024/02/15 11:30 a.m.48 views

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2024/01/14 11:30 a.m.48 views

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

7AI score
Exploits0References2
kitploit
kitploit
added 2023/12/24 11:30 a.m.48 views

KnowsMore - A Swiss Army Knife Tool For Pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS And DCSync)

KnowsMore officially supports Python 3.8+. Main features Import NTLM Hashes from .ntds output txt file generated by CrackMapExec or secretsdump.py Import NTLM Hashes from NTDS.dit and SYSTEM Import Cracked NTLM hashes from hashcat output file Import BloodHound ZIP or JSON file BloodHound importer...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2023/11/25 11:30 a.m.48 views

OSINT-Framework - OSINT Framework

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2023/07/26 1:41 p.m.48 views

Bashfuscator - A Fully Configurable And Extendable Bash Obfuscation Framework

Documentation What is Bashfuscator? Bashfuscator is a modular and extendable Bash obfuscation framework written in Python 3. It provides numerous different ways of making Bash one-liners or scripts much more difficult to understand. It accomplishes this by generating convoluted, randomized Bash...

7.6AI score
Exploits0References11
kitploit
kitploit
added 2023/03/20 11:30 a.m.48 views

NimPlant - A Light-Weight First-Stage C2 Implant Written In Nim

ByCas van Cooten @chvancooten, with special thanks to some awesome folks: Fabian Mosch @S3cur3Th1sSh1t for sharing dynamic invocation implementation in Nim and the Ekko sleep mask function snovvcrash @snovvcrash for adding the initial version of execute-assembly & self-deleting implant option...

7.2AI score
Exploits0References11
kitploit
kitploit
added 2023/03/17 11:30 a.m.48 views

Wifi_Db - Script To Parse Aircrack-ng Captures To A SQLite Database

Script to parse Aircrack-ng captures into a SQLite database and extract useful information like handshakes in 22000 hashcat format, MGT identities, interesting relations between APs, clients and it's Probes, WPS information and a global view of all the APs seen. / | | || | \ \ /\ / /| || | | | / ...

7.3AI score
Exploits0References7
kitploit
kitploit
added 2023/01/15 11:30 a.m.48 views

AVIator - Antivirus Evasion Project

AviAtor Ported to NETCore 5 with an updated UI AV|Ator About ://name AV : AntiVirus Ator : Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air https://en.wikipedia.org/wiki/Ator About ://purpose AV|Ator is a backdoor...

7.8AI score
Exploits0References3
kitploit
kitploit
added 2022/12/03 11:30 a.m.48 views

Shells - Little Script For Generating Revshells

A script for generating common revshells fast and easy. Especially nice when in need of PowerShell and Python revshells, which can be a PITA getting correctly formated. PowerShell revshells Shows username@computer, above the prompt and working-directory Has a partial AMSI-bypass, making some stuf...

6.8AI score
Exploits0References9
kitploit
kitploit
added 2022/11/13 11:30 a.m.48 views

SCMKit - Source Code Management Attack Toolkit

S ource C ode M anagement Attack Toolkit - SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials username/password or API key to the respective SCM system. Currently, the SCM...

7.5AI score
Exploits0References10
kitploit
kitploit
added 2022/10/31 11:30 a.m.49 views

Reverse_SSH - SSH Based Reverse Shell

Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets Full windows shell Mutual client & server authentication to create high trus...

8.1AI score
Exploits0References3
kitploit
kitploit
added 2022/10/29 11:30 a.m.48 views

Threatest - Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post:...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2022/10/24 11:30 a.m.48 views

Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

bomber is an application that scans SBOMs for security vulnerabilities. Overview So you've asked a vendor for an Software Bill of Materials SBOM for one of their closed source products, and they provided one to you in a JSON file... now what? The first thing you're going to want to do is see if a...

7.1AI score
Exploits0References13
kitploit
kitploit
added 2022/08/26 12:30 p.m.48 views

ReconPal - Leveraging NLP For Infosec

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon...

7.7AI score
Exploits0References6
kitploit
kitploit
added 2022/08/23 12:30 p.m.48 views

System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

System Informer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Project Website - Project Downloads System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2022/07/27 12:30 p.m.48 views

Pretender - Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2022/06/25 9:30 p.m.48 views

DFSCoerce - PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method and probably more but am lazy and its just PoC :P . Documentation: https://docs.microsoft.com/en-us/openspecs/windowsprotocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam @topotam77...

7.7AI score
Exploits0References4
kitploit
kitploit
added 2022/06/10 9:30 p.m.48 views

Jeeves - Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves  $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2021/10/26 8:30 p.m.48 views

Keeweb - Free Cross-Platform Password Manager Compatible With KeePass

This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app. Quick Links Apps: Web, Desktop Timeline: Release Notes, TODO On one page: Features, FAQ Website:...

7.3AI score
Exploits0References16
kitploit
kitploit
added 2021/10/22 11:30 a.m.48 views

PortBender - TCP Port Redirection Utility

PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port e.g., 445/TCP to another TCP port e.g., 8445/TCP. PortBender includes an aggressor script that operators can leverage to integrate the tool with Cobalt Strike. Howeve...

7.8AI score
Exploits0References4
kitploit
kitploit
added 2021/10/08 8:30 p.m.48 views

Viper - Intranet Pentesting Tool With Webui

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper ha...

7.6AI score
Exploits0References12
kitploit
kitploit
added 2021/09/20 8:30 p.m.48 views

CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster Go vs Python, uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineere...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/07/14 9:30 p.m.48 views

Wpscvn - Wpscvn Is A Tool For Pentesters, Website Owner To Test If Their Websites Had Some Vulnerable Plugins Or Themes

wpscvn is a tool for pentesters, website owner to test if their websites had some vulnerable plugins or themes The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law. requires : Python 3 usage ...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/06/30 12:30 p.m.48 views

Forblaze - A Python Mac Steganography Payload Generator

Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2021/05/13 9:30 p.m.48 views

3klCon - Automation Recon Tool Which Works With Large And Medium Scope

Full Automation Recon tool which works with Small and Medium scopes. ّIt's recommended to use it on VPS, it'll discover secrets and searching for vulnerabilities So, Welcome and let's deep into it 3 Updates Version 1.1, what's new? Very Recommended 1. Fixing multiple issues with the used tools. 2...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/05/06 12:30 p.m.48 views

Priv2Admin - Exploitation Paths Allowing You To (Mis)Use The Windows Privileges To Elevate Your Rights Within The OS

The idea is to "translate" Windows OS privileges to a path leading to: 1. administrator, 2. integrity and/or confidentiality threat, 3. availability threat, 4. just a mess. Privileges are listed and explained at: https://docs.microsoft.com/en-us/windows/win32/secauthz/privilege-constants If the...

5.5CVSS5.7AI score0.00475EPSS
Exploits1References10
kitploit
kitploit
added 2021/05/04 12:30 p.m.48 views

LibAFL - Advanced Fuzzing Library - Slot Your Fuzzer Together In Rust! Scales Across Cores And Machines. For Windows, Android, MacOS, Linux, No_Std, ...

Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust. LibAFL is written and maintained by Andrea Fioraldi [email protected] and Dominik Maier [email protected]. Why LibAFL? LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while...

7.4AI score
Exploits0References12
Total number of security vulnerabilities5000