Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2020/11/05 11:30 a.m.48 views

SwiftyInsta - Instagram Unofficial Private API Swift

Instagram offers two kinds of APIs to developers. The Instagram API Platform extremely limited in functionality and close to being discontinued, and the Instagram Graph API for Business and Creator accounts only. However, Instagram apps rely on a third type of API , the so-called Private API or...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2020/09/27 8:30 p.m.48 views

PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

PwnedPasswordsChecker is a tool that checks if the hash of a known password in SHA1 or NTLM format is present in the list of I Have Been Pwned leaks and the number of occurrences. You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here Once the list is...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2020/09/17 8:30 p.m.48 views

Zin - A Payload Injector For Bugbounties Written In Go

APayload Injector for bugbounties written in go Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup Install $ go g...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2020/08/20 12:30 p.m.48 views

DropEngine - Malleable Payloads!

By @s0lst1c3 Disclaimer DropEngine the "Software" and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied, and hereby disclaims all implied warranties, including any warranty of merchantability and warranty of fitness for a particular purpose...

7.5AI score
Exploits0References9
kitploit
kitploit
added 2020/08/03 12:30 p.m.48 views

Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols

Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduce...

7.5AI score
Exploits0References7
kitploit
kitploit
added 2020/06/18 9:30 p.m.48 views

Formphish - Auto Phishing Form-Based Websites

Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page. Features: Auto detect device Port Forwarding by Ngrok IP Tracker Legal disclaimer: Usage of Formphish for attacking targets without prior mutual consent is illegal...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/11/20 1:11 p.m.48 views

ACHE - A Web Crawler For Domain-Specific Search

ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant...

7.4AI score
Exploits0References6
kitploit
kitploit
added 2017/10/03 1:30 p.m.48 views

habu - Network Hacking Toolkit

Habu is to teach and learn some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2017/01/11 2:28 p.m.48 views

DAVScan - Fingerprints servers, finds exploits, scans WebDAV

DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2016/10/02 2:12 p.m.48 views

osquery - SQL powered operating system instrumentation, monitoring, and analytics

osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2016/08/02 9:30 p.m.48 views

pi-hole - A Black Hole For Internet Advertisements (Designed For Raspberry Pi)

A black hole for Internet advertisements designed for Raspberry Pi Designed For Raspberry Pi A+, B, B+, 2, Zero, and 3B with an Ethernet/Wi-Fi adapter Works on most Debian distributions! 1. Install Raspbian 2. Run the command below downloads this script in case you want to read over it first! cur...

6.8AI score
Exploits0References10
kitploit
kitploit
added 2016/04/01 10:17 p.m.48 views

JSRat - Reverse HTTP Shell Using JavaScript

JSRat is a reverse HTTP Shell by using JavaScript. JSRat use rundll32.exe to load the JavaScript code in cmd and a HTTP Shell is returned when the code is executed. The special part is that after running the cmd command, rundll32.exe will remain in the background to continuously connect to the...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2015/12/04 8:46 p.m.48 views

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2015/10/30 12:51 a.m.48 views

ZIB - The Open Tor Botnet

General information and instructions. The Open Tor Botnet requires the installation and configuration of bitcoind, however I neglect to detail this here out of a lack of time. This bot-net is fully undetectable and bypasses all antivirus through running on top of Python27's pyinstaller, which is...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2015/10/03 12:2 a.m.48 views

Weeman - HTTP Server for Phishing

HTTP server for phishing in python. Weeman has support for most of the bigest websites. Usually you will want run Weeman with DNS spoof attack. see dsniff, ettercap. Weeman will do the following steps: 1. Create fake html page. 2. Wait for clients 3. Grab the data POST. 4. Try to login the client...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2015/06/10 10:1 p.m.48 views

REMnux v6 - A Linux Toolkit for Reverse-Engineering and Analyzing Malware

REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locat...

7.5AI score
Exploits0References40
kitploit
kitploit
added 2015/05/09 7:14 p.m.48 views

Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2015/03/16 1:43 a.m.48 views

AVCaesar - Malware Analysis Engine and Repository

AVCaesar is a malware analysis engine and repository, developed by malware.lu within the FP7 project CockpitCI. Functionalities AVCaesar can be used to: Perform an efficient malware analysis of suspicious files based on the results of a set of antivirus solutions, bundled together to reach the...

7.3AI score
Exploits0
kitploit
kitploit
added 2015/02/08 6:12 p.m.48 views

Dshell - Network Forensic Analysis Framework

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04 Python...

6.9AI score
Exploits0References3
kitploit
kitploit
added 2014/07/21 9:9 p.m.48 views

PwnPi - A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbo...

8.9AI score
Exploits0
kitploit
kitploit
added 2014/06/27 8:47 p.m.48 views

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

8.8AI score
Exploits0
kitploit
kitploit
added 2014/01/14 4:12 a.m.48 views

[ChromeAnalysis] Tool for analysing Google Chrome web browser

ChromeAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Google Chrome web browser. The main features are described below: Extract History Extract history regarding bookmarks, cookies, downloads, favicons, logins, most visited sites, search terms,...

6.8AI score
Exploits0
kitploit
kitploit
added 2012/11/18 11:13 p.m.48 views

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...

7.3AI score
Exploits0
kitploit
kitploit
added 2012/11/02 3:35 p.m.48 views

[Scylla] v1 Penetration Testing Tool - Because there's no patch for human stupidity

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works. Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs...

7.9AI score
Exploits0
kitploit
kitploit
added 2023/12/14 7:41 p.m.47 views

Telegram-Nearby-Map - Discover The Location Of Nearby Telegram Users

Telegram Nearby Map uses OpenStreetMap and the official Telegram library to find the position of nearby users. Please note: Telegram's API was updated a while ago to make nearby user distances less precise, preventing exact location calculations. Therefore, Telegram Nearby Map displays users...

7.2AI score
Exploits0References4
kitploit
kitploit
added 2023/11/11 11:30 a.m.47 views

CryptoChat - Beyond Secure Messaging

Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2023/04/12 12:30 p.m.47 views

QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications

The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a ne...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2023/02/23 11:30 a.m.47 views

Gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions Note: This RAT communicates Via Gmail SMTP or u can use any other smtps as well but Gmail SMTP is valid because most of the companies block unknown traffic so gmail...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2023/01/26 11:30 a.m.47 views

GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database

Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...

7.5AI score
Exploits0References13
kitploit
kitploit
added 2022/09/22 11:30 a.m.47 views

OSRipper - AV Evading OSX Backdoor And Crypter Framework

OSripper is a fully undetectable Backdoor generator and Crypter which specialises in OSX M1 malware. It will also work on windows but for now there is no support for it and it IS NOT FUD for windows yet at least and for now i will not focus on windows. You can also PM me on discord for support or...

7AI score
Exploits0References5
kitploit
kitploit
added 2022/07/23 12:30 p.m.47 views

modDetective - Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity

modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in CTF's in order to pinpoint where escalation and attack vectors may exist. To see the tool in its most useful form, try running the command as...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2022/06/26 12:30 p.m.47 views

Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire! Usage Discover URLs on a given web server. version Display scout version...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/05/28 12:30 p.m.47 views

Stunner - Tool To Test And Exploit STUN, TURN And TURN Over TCP Servers

Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. TURN is a protocol mostly used in videoconferencing and audio chats WebRTC. If you find a misconfigured server you can use this tool to open a local socks proxy that relays all traffic via the TURN protocol into the...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2022/05/22 12:30 p.m.47 views

Fb_Friend_List_Scraper - OSINT Tool To Scrape Names And Usernames From Large Friend Lists On Facebook, Without Being Rate Limited

OSINT tool to scrape names and usernames from large friend lists on Facebook, without being rate limited. Getting started: Install using pip: python -m pip install fb-friend-list-scraper Script is now installed as fbfriendlistscraper Run with -h or --help to show usage information. Usage: usage:...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2022/02/06 11:30 a.m.47 views

IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts

IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace. IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues...

7.9AI score
Exploits0References10
kitploit
kitploit
added 2022/01/13 11:30 a.m.47 views

Scemu - X86 32bits Emulator, For Securely Emulating Shellcodes

x86 32bits emulator, for securely emulating shellcodes. Features  rust safety, good for malware. All dependencies are in rust. zero unsafe blocks. very fast emulation much faster than unicorn 3,000,000 instructions/second 100,000 instructions/second printing every instruction -vv. powered by...

7.1AI score
Exploits0References12
kitploit
kitploit
added 2022/01/04 11:30 a.m.47 views

SyntheticSun - A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats. You sleep in fragmented glass With reflections o...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2021/10/14 11:30 a.m.47 views

Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scannin...

7.6AI score
Exploits0References9
kitploit
kitploit
added 2021/09/20 8:30 p.m.47 views

CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster Go vs Python, uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineere...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2021/04/06 9:30 p.m.47 views

Burpsuite-Copy-As-XMLHttpRequest - Copy As XMLHttpRequest BurpSuite Extension

The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's XmlHttpRequest, which simplifies PoC development when exploiting XSS. Installation download the latest JAR from releases or build manually add JAR to burpsuite using tabs: "Extender" -...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2021/03/05 8:30 p.m.47 views

Kubestriker - A Blazing Fast Security Auditing Tool For Kubernetes

Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale. kubestriker is Platform agnostic and works equally wel...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2021/02/26 11:30 a.m.47 views

OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python

An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol. Disclaimer OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is...

6.8AI score
Exploits0References2
kitploit
kitploit
added 2020/11/26 8:30 p.m.47 views

N1QLMap - The Tool Exfiltrates Data From Couchbase Database By Exploiting N1QL Injection Vulnerabilities

N1QLMap is an N1QL exploitation tool. Currently works with Couchbase database. The tool supports data extraction and performing SSRF attacks via CURL. More information can be found here: https://labs.f-secure.com/blog/n1ql-injection-kind-of-sql-injection-in-a-nosql-database. Usage Help usage:...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2020/10/22 8:30 p.m.47 views

Oregami - IDA Plugins And Scripts For Analyzing Register Usage Frame

""" What is this register used for? Hmm.. I'll just rename it to veryuniquename, do a textual search, and find all references! Ok.. Waiting for the search to end.. any minute now.. Done! Now I just need to understand which of the search result is relevant to the current usage frame of the registe...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2020/10/12 11:30 a.m.47 views

Wave-Share - Serverless, Peer-To-Peer, Local File Sharing Through Sound

A proof-of-concept for WebRTC signaling using sound. Works with all devices that have microphone + speakers. Runs in the browser. Nearby devices negotiate the WebRTC connection by exchanging the necessary Session Description Protocol SDP data via a sequence of audio tones. Upon successful...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2020/08/30 9:30 p.m.47 views

SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...

7AI score
Exploits0References4
kitploit
kitploit
added 2020/08/17 9:30 p.m.47 views

IoT-PT - A Virtual Environment For Pentesting IoT Devices

A new pentesting virtual environment for IoT Devices Download Link : https://drive.google.com/open?id=1XwGqkLax2irSPpwEpeAqypl9vEywzw3D MD5 : d9c20057b14cfa3fb25f744813b828df ; SHA1: 8828d693dc6c809377bab40d2bc26f525685e287 OS info and Requirements Base OS : Lubuntu 18.04 LTS Processors : 2 By...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2020/07/29 12:30 p.m.47 views

Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API

commit-stream drinks commit logs from the Github event firehose exposing the author details name and email address associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2019/04/08 9:30 p.m.47 views

Free Cynet Threat Assessment for Mid-sized and Large Organizations

If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...

7.3AI score
Exploits0
kitploit
kitploit
added 2018/12/13 11:37 a.m.47 views

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

7.2AI score
Exploits0References6
Total number of security vulnerabilities5000