Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2019/04/08 9:30 p.m.47 views

Free Cynet Threat Assessment for Mid-sized and Large Organizations

If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...

7.3AI score
Exploits0
kitploit
kitploit
added 2018/12/13 11:37 a.m.47 views

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2018/09/11 12:23 p.m.47 views

Firework - Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2018/05/20 10:45 p.m.47 views

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

7.4AI score
Exploits0References4
kitploit
kitploit
added 2018/05/02 9:18 p.m.47 views

Kali Linux 2018.2 Release - The Best Penetration Testing Distribution

This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows for encrypting virtual...

7.3AI score
Exploits0
kitploit
kitploit
added 2018/04/17 12:35 p.m.47 views

GPG Reaper - Obtain/Steal/Restore GPG Private Keys From Gpg-Agent Cache/Memory

Obtain/Steal/Restore GPG Private Keys from gpg-agent cache/memory This POC demonstrates method for obtaining GPG private keys from gpg-agent memory under Windows. Normally this should be possible only within 10 minutes time frame --default-cache-ttl value. Unfortunately housekeeping function whic...

7.5AI score
Exploits0References9
kitploit
kitploit
added 2018/03/17 8:9 p.m.47 views

CBM - Car Backdoor Maker

A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2018/02/09 8:23 p.m.47 views

roxysploit - Penetration Testing Suite

roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field. Some containing Plugins in roxysploit Scan is a automated Information gathering plugin it gives the user the ability to have a rest while t...

8.1AI score
Exploits0References1
kitploit
kitploit
added 2017/12/10 9:9 p.m.47 views

CryKeX - Linux Memory Cryptographic Keys Extractor

CryKeX - Linux Memory Cryptographic Keys Extractor Properties: Cross-platform Minimalism Simplicity Interactivity Compatibility/Portability Application Independable Process Wrapping Process Injection Dependencies: Unix - should work on any Unix-based OS BASH - the whole script root privileges...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2017/07/27 3:12 p.m.47 views

SimplyEmail - Email Recon Made Fast And Easy

This tool was based on the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. MAJOR CALLOUTS: @laramies - Developer of theHarvester...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2017/05/08 2:30 p.m.47 views

Cowrie - SSH/Telnet Honeypot

Cowrie is a medium interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is developed by Michel Oosterhof. Features Some interesting features: Fake filesystem with the ability to add/remove files. A full fake filesystem...

7AI score
Exploits0References2
kitploit
kitploit
added 2016/11/15 1:54 p.m.47 views

myLG - Network Diagnostic Tool

myLG is an open source software utility which combines the functions of the different network probes in one network diagnostic tool. Features Popular looking glasses ping/trace/bgp: Telia, Level3 More than 200 countries DNS Lookup information Local ping and real-time trace route Packet analyzer -...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2016/08/21 2:30 p.m.47 views

BruteXSS - Cross-Site Scripting Bruteforcer

BruteXSS - Cross-Site Scripting BruteForcer Author: Shawar Khan The BruteXSS project is sponsored and supported by Netsparker Web Application Security Scanner Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for...

6AI score
Exploits0References1
kitploit
kitploit
added 2016/03/12 7:23 p.m.47 views

Striptls - Proxy POC Implementation Of STARTTLS Stripping Attacks

poc implementation of STARTTLS stripping attacks SMTP SMTP.StripFromCapabilities - server response capability patch SMTP.StripWithInvalidResponseCode - client STARTTLS stripping, invalid response code SMTP.UntrustedIntercept - STARTTLS interception client and server talking ssl requires server.pe...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2016/02/09 12:56 a.m.47 views

Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. One-Click Installation Download and Extract the ZIP - Gophish binaries are provided for...

7.6AI score
Exploits0
kitploit
kitploit
added 2016/02/02 9:30 p.m.47 views

RouterhunterBR 2.0 - Automated Tool for Testing in Vulnerable Routers

The RouterhunterBR is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2015/04/29 1:13 a.m.47 views

GoAccess - Real-time Web Log Analyzer and Interactive Viewer

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. Features GoAccess parses the specified web log file and...

7.2AI score
Exploits0
kitploit
kitploit
added 2014/06/10 9:10 p.m.47 views

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands like...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2013/12/27 12:10 a.m.47 views

[Bugtroid] Pentesting for Android

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...

7.1AI score
Exploits0
kitploit
kitploit
added 2013/03/10 4:2 p.m.47 views

[Pentoo 2013.0 RC1.1] Security-Focused live CD based on Gentoo

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features : Changes saving CUDA/OpenCL Enhanced cracking software John the ripper Hashcat Suite of tools Kernel 3.7.5 and all...

7.2AI score
Exploits0
kitploit
kitploit
added 2024/05/09 12:30 p.m.46 views

BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR

BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...

7AI score
Exploits0References1
kitploit
kitploit
added 2024/04/05 11:30 a.m.46 views

Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2024/03/06 11:30 a.m.46 views

SharpCovertTube - Youtube As Covert-Channel - Control Windows Systems Remotely And Execute Commands By Uploading Videos To Youtube

SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube. The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos can use...

7.9AI score
Exploits0References10
kitploit
kitploit
added 2023/12/25 11:30 a.m.46 views

Metahub - An Automated Contextual Security Findings Enrichment And Impact Evaluation Tool For Vulnerability Management

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management. You can use it with AWS Security Hub or any ASFF-compatible security scanner. Stop relying on useless severities and switch to impact scoring definitions based on YOUR context...

7AI score
Exploits0References34
kitploit
kitploit
added 2023/09/21 11:30 a.m.46 views

Sekiryu - Comprehensive Toolkit For Ghidra Headless

This Ghidra Toolkit is a comprehensive suite of tools designed to streamline and automate various tasks associated with running Ghidra in Headless mode. This toolkit provides a wide range of scripts that can be executed both inside and alongside Ghidra, enabling users to perform tasks such as...

7.8AI score
Exploits0References4
kitploit
kitploit
added 2023/09/07 11:30 a.m.46 views

DorXNG - Next Generation DorX. Built By Dorks, For Dorks

DorXNG is a modern solution for harvesting OSINT data using advanced search engine operators through multiple upstream search providers. On the backend it leverages a purpose built containerized image of SearXNG, a self-hosted, hackable, privacy focused, meta-search engine. Our SearXNG...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2023/08/20 12:30 p.m.46 views

HEDnsExtractor - Raw Html Extractor From Hurricane Electric Portal

HEDnsExtractor Raw html extractor from Hurricane Electric portal Features Automatically identify IPAddr ou Networks through command line parameter or stdin Extract networks based on IPAddr. Extract domains from networks. Installation go install -v...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2023/08/12 12:30 p.m.46 views

Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features

Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2023/07/27 12:30 p.m.46 views

Mapsdumper - Dump Place Details From Google Maps Like Phone, Email, Website, And Reviews

MAPSDUMPER Demo • Installation • Feature • Credits A tool for dumping place details from Google Maps such as phone numbers, emails, websites, and reviews. Demo Run / Installation How to run ? node index.js" dir="auto" git clone https://github.com/tegal1337/mapsdumper cd mapsdumper npm install nod...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2023/06/29 12:30 p.m.46 views

Artemis - A Modular Web Reconnaissance Tool And Vulnerability Scanner

A modular web reconnaissance tool and vulnerability scanner based on Karton https://github.com/CERT-Polska/karton. The Artemis project has been initiated by the KN Cyber science club of Warsaw University of Technology and is currently being maintained by CERT Polska. Artemis is experimental...

7.7AI score
Exploits0References3
kitploit
kitploit
added 2023/06/09 12:30 p.m.46 views

XSS-Exploitation-Tool - An XSS Exploitation Tool

XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the...

6.2AI score
Exploits0References4
kitploit
kitploit
added 2023/02/03 11:30 a.m.46 views

Aws-Security-Assessment-Solution - An AWS Tool To Help You Create A Point In Time Assessment Of Your AWS Account Using Prowler And Scout As Well As Optional AWS Developed Ransomware Checks

Self-Service Security Assessment too l Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important concerns, AWS has developed a primary set of services customers should use to aid in protecting their accounts. Amazon...

7.2AI score
Exploits0References11
kitploit
kitploit
added 2023/01/07 11:30 a.m.47 views

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

7.5AI score
Exploits0References8
kitploit
kitploit
added 2023/01/06 11:30 a.m.46 views

DotDumper - An Automatic Unpacker And Logger For DotNet Framework Targeting Files

An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get...

7.1AI score
Exploits0References10
kitploit
kitploit
added 2022/11/29 11:30 a.m.46 views

Pycrypt - Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products

Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: 1. Make Sure your payload file have all the libraries import and it will be a valid payload file How To Use: 1. Find Any Python Based Backdoor/RAT on github. 2. Crypt its payload with pycrypt 3. Now Convert crypted...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2022/11/27 11:30 a.m.46 views

Kubeeye - Tool To Find Various Problems On Kubernetes, Such As Application Misconfiguration, Unhealthy Cluster Components And Node Problems

KubeEye is an inspection tool for Kubernetes to discover Kubernetes resources by OPA , cluster components, cluster nodes by Node-Problem-Detector and other configurations are meeting with best practices, and giving suggestions for modification. KubeEye supports custom inspection rules and plugins...

7.5AI score
Exploits0References7
kitploit
kitploit
added 2022/10/24 12:57 a.m.46 views

Shomon - Shodan Monitoring Integration For TheHive

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to...

7.5AI score
Exploits0References8
kitploit
kitploit
added 2022/10/07 3:56 a.m.46 views

Parrot 5.1 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot OS 5.1 is officially released. We're proud to say that the new version of Parrot OS 5.1 is available for download; this new version includes a lot of improvements and updates that makes the distribution more performing and more secure. How do I get Parrot OS? You can download Parrot OS by...

7AI score
Exploits0
kitploit
kitploit
added 2022/09/25 11:30 a.m.46 views

PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2022/08/28 12:30 p.m.46 views

Toxssin - An XSS Exploitation Command-Line Interface And Payload Generator

toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting XSS vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool toxin.js. This...

5.7AI score
Exploits0References4
kitploit
kitploit
added 2022/08/11 6:8 a.m.46 views

Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates. The highlights for Kali’s 2022.3’s release: Discord Server - Kali’s new community real-time chat option has launched! Test Lab Environment - Quickly create a test bed to learn, practice, and...

7.3AI score
Exploits0
kitploit
kitploit
added 2022/06/12 9:30 p.m.46 views

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

7AI score
Exploits0References1
kitploit
kitploit
added 2022/04/27 9:30 p.m.46 views

BITB - Browser In The Browser (BITB) Templates

Browser templates for Browser In The Browser BITB attack. More information: https://mrd0x.com/browser-in-the-browser-phishing-attack/ Usage Each folder has a index.html file which has 4 variables that must be modified: XX-TITLE-XX - The title that shows up for the page e.g. Sign in to your accoun...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2022/04/19 12:30 p.m.46 views

ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go

ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...

7.7AI score
Exploits0References2
kitploit
kitploit
added 2022/01/26 11:30 a.m.46 views

Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4 Flask==0.12.2 Json Pypyodbc beautifulsoup4==4.6.0 lxml==4.1.0 Example: pip...

7.9AI score
Exploits0References2
kitploit
kitploit
added 2021/11/12 8:30 p.m.46 views

Ad-Honeypot-Autodeploy - Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically

Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirt with QEMU/KVM but it can be customized easily for cloud-based solutions. Used for painlessly set up a small Windows Domain from scratch...

7AI score
Exploits0References5
kitploit
kitploit
added 2021/11/06 8:30 p.m.46 views

Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT...

7.3AI score
Exploits0References4
kitploit
kitploit
added 2020/12/24 11:30 a.m.46 views

Swego - Swiss Army Knife Webserver In Golang

Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features. Usage Help $ ./webserver -help web subcommand -bind string Bind Port default "8080" -certificate string HTTPS certificate : openssl req -new -x509 -sha256 -key server.key -out server.crt -da...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/12/22 11:30 a.m.46 views

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

8.2AI score
Exploits0References3
kitploit
kitploit
added 2020/12/16 8:30 p.m.46 views

Freki - Malware Analysis Platform

Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...

7.4AI score
Exploits0References5
Total number of security vulnerabilities5000