Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
•added 2020/08/24 9:30 p.m.•46 views

Yeti - Your Everyday Threat Intelligence

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don't have to. Yeti provides an interface for humans shiny...

7.1AI score
Exploits0References4
kitploit
kitploit
•added 2020/08/22 12:30 p.m.•46 views

Cloud-Sniper - Virtual Security Operations Center

Cloud Security Operations What is Cloud Sniper? Cloud Sniper is a platform designed to manage Security Operations in cloud environments. It is an open platform which allows responding to security incidents by accurately analyzing and correlating native cloud artifacts. It is to be used as a Virtu...

7.2AI score
Exploits0References2
kitploit
kitploit
•added 2020/08/17 9:30 p.m.•46 views

IoT-PT - A Virtual Environment For Pentesting IoT Devices

A new pentesting virtual environment for IoT Devices Download Link : https://drive.google.com/open?id=1XwGqkLax2irSPpwEpeAqypl9vEywzw3D MD5 : d9c20057b14cfa3fb25f744813b828df ; SHA1: 8828d693dc6c809377bab40d2bc26f525685e287 OS info and Requirements Base OS : Lubuntu 18.04 LTS Processors : 2 By...

7.6AI score
Exploits0References2
kitploit
kitploit
•added 2020/08/09 9:30 p.m.•46 views

IRFuzz - Simple Scanner with Yara Rule

IRFuzz is a simple scanner with yara rules for document archives or any files. Install 1. Prerequisites Linux or OS X Yara: just use the latest release source code, compile and install it or install it via pip install yara-python Yara Rules - You may download yara rules from here or import your...

7.3AI score
Exploits0References4
kitploit
kitploit
•added 2020/06/19 12:30 p.m.•46 views

Vhosts-Sieve - Searching For Virtual Hosts Among Non-Resolvable Domains

Searching for virtual hosts among non-resolvable domains. Installation git clone https://github.com/dariusztytko/vhosts-sieve.git pip3 install -r vhosts-sieve/requirements.txt Usage Get a list of subdomains e.g. using Amass $ amass enum -v -passive -o domains.txt -d example.com -d...

7.5AI score
Exploits0References3
kitploit
kitploit
•added 2020/06/14 10:0 p.m.•46 views

Fast-Google-Dorks-Scan - Fast Google Dorks Scan

A script to enumerate web-sites using Google dorks. Usage example: ./FGDS.sh megacorp.one Version: 0.035, June 07, 2020 Features: 1. Looking for the common admin panel 2. Looking for the widespread file types 3. Path traversal 4. Prevent Google banning Download Fast-Google-Dorks-Scan...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2020/06/03 12:30 p.m.•46 views

Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters

Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety TLS certificate with elliptical curve. It is comparable to Meterpreter with Autoroute + Socks4a , but more stable and faster. Use case You compromised a Windows / Linux / Ma...

7.1AI score
Exploits0References1
kitploit
kitploit
•added 2020/04/18 9:30 p.m.•46 views

goBox - GO Sandbox To Run Untrusted Code

GO sandbox to run untrusted code. goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or deny syscalls before they are executed. Usage Usage of ./gobox: gobox FLAGS command flags: -h Print Usage. -n value A glob pattern for automatically blocking file reads. -y value A...

7.1AI score
Exploits0References1
kitploit
kitploit
•added 2019/08/02 9:8 p.m.•46 views

MSNM-S - Multivariate Statistical Network Monitoring-Sensor

MSNM-S Multivariate Statistical Network Monitoring-Sensor shows the practical suitability of the approaches found in PCA-MSNM and in Hierarchical PCA-MSNM works. The first one present the MSNM approach and new multivariate statistical methodology for network anomaly detection while the second one...

7.3AI score
Exploits0References4
kitploit
kitploit
•added 2019/06/11 1:7 p.m.•46 views

RecScanSec - Reconnaisance Scanner Security

RecScanSec made for reconnaisance Scanner and information gathering with an emphasis on simplicity. It will do everything from. Features Information Security Headers WAF Analyzer Information Disclosure Banner Grabbing Url Crawl HTML Form Detector Port Scanner Get SSL Information Subdomain...

6.8AI score
Exploits0References1
kitploit
kitploit
•added 2018/12/03 12:4 p.m.•46 views

Triton - Dynamic Binary Analysis (DBA) Framework

Triton is a dynamic binary analysis DBA framework. It provides internal components like a Dynamic Symbolic Execution DSE engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least...

7.4AI score
Exploits0References4
kitploit
kitploit
•added 2018/10/30 12:43 p.m.•46 views

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

6.8AI score
Exploits0
kitploit
kitploit
•added 2018/02/15 8:49 p.m.•46 views

APTSimulator - A toolset to make a system look as if it was the victim of an APT attack

APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Use Cases 1. POCs: Endpoint detection agents / compromise assessment tools 2. Test your security monitoring's detection capabilities 3. Test your SOCs response on a...

7.6AI score
Exploits0References8
kitploit
kitploit
•added 2017/10/19 1:30 p.m.•46 views

Blazy - Modern Login Bruteforcer Which Also Tests For CSRF, Clickjacking, Cloudflare and WAF

Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and...

8.2AI score
Exploits0References1
kitploit
kitploit
•added 2017/08/27 9:30 p.m.•46 views

DELTA - SDN Security Evaluation Framework

DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique. Agent-Manager is the control tower. It takes full control over all...

7.6AI score
Exploits0References1
kitploit
kitploit
•added 2017/08/24 9:59 p.m.•46 views

Knockpy - Enumerate Subdomain Scanner

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...

7.2AI score
Exploits0References2
kitploit
kitploit
•added 2017/08/18 9:13 p.m.•46 views

SJET - JMX Exploitation Toolkit

Java Management Extensions JMX is a Java technology that supplies tools for managing and monitoring applications, system objects, devices such as printers and service-oriented networks. Those resources are represented by objects called MBeans for Managed Bean. In the API, classes can be dynamical...

7.6AI score
Exploits0References3
kitploit
kitploit
•added 2017/03/15 2:12 p.m.•46 views

HatCloud - Tool for identify real IP of CloudFlare (Bypass CloudFlare)

HatCloud build in Ruby. It makes bypass in CloudFlare for discover real IP. This can be useful if you need test your server and website. Testing your protection against Ddos Denial of Service or Dos. CloudFlare is services and distributed domain name server services, sitting between the visitor a...

7.3AI score
Exploits0References1
kitploit
kitploit
•added 2017/03/08 2:30 p.m.•46 views

Umbrella - A Phishing Dropper designed to Pentest

Umbrella is a file dropper dedicated to pentest, its download files on target system are execute them without a double execution of exe, only of embed. To compromise the same target again, you need delete this folder on target system : - C:\Users\Public\Libraries\Intel - because dropper checks th...

7.5AI score
Exploits0References1
kitploit
kitploit
•added 2015/10/22 9:37 p.m.•46 views

Gping - Ping, But With A Graph

Ping, but with a graph Install and run Created/tested with Python 3.4, should run on 2.7 will require the statistics module though. pip3 install pinggraph Tested on Windows and Ubuntu, should run on OS X as well. After installation just run: gping yourhost If you don't give a host then it pings...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2015/10/20 9:45 p.m.•46 views

Burpkit - Next-Gen Burpsuite Penetration Testing Tool

Welcome to the next generation of web application penetration testing - using WebKit to own the web. BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. It also provides a bi-directional JavaScript bridge API which allows...

7AI score
Exploits0References3
kitploit
kitploit
•added 2015/01/12 11:43 p.m.•46 views

Crowbar - Brute Forcing Tool for Pentests

Crowbar crowbar is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2014/11/04 12:10 a.m.•46 views

MLDonkey - multi-protocol P2P file sharing application

MLDonkey is a multi-platform and freely distributed eDonkey client, a P2P Peer-to-Peer file-sharing application. It provides users with both a server daemon and graphical user interface GUI. It seems to be the first ever open source application that could access the eDonkey peer-to-peer file...

7.3AI score
Exploits0
kitploit
kitploit
•added 2014/04/01 12:54 a.m.•46 views

nbtscan - NETBIOS nameserver scanner

This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote...

7.4AI score
Exploits0
kitploit
kitploit
•added 2014/03/19 10:40 p.m.•46 views

[DNmap] Distributed Nmap Framwork

DNmap is a distributed nmap framwork using a client/server architecture. The server reads the commands from a file and send them to each client. The client execute the nmap command and send the results back. Download DNmap...

10AI score
Exploits0
kitploit
kitploit
•added 2014/01/14 3:52 a.m.•46 views

[SpiderFoot v2.1.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

7.1AI score
Exploits0
kitploit
kitploit
•added 2013/12/27 12:10 a.m.•46 views

[Bugtroid] Pentesting for Android

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...

7.1AI score
Exploits0
kitploit
kitploit
•added 2013/03/06 4:39 p.m.•46 views

[Ghost Phisher Tool] Fake DNS Server, Fake DHCP Server and Fake HTTP server

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honeypot, could be used t...

7.5AI score
Exploits0
kitploit
kitploit
•added 2012/12/29 7:20 p.m.•46 views

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

7.2AI score
Exploits0
kitploit
kitploit
•added 2024/05/08 3:30 a.m.•45 views

NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays

NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...

8.3AI score
Exploits0References1
kitploit
kitploit
•added 2024/04/16 12:30 p.m.•45 views

NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected

NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...

7.6AI score
Exploits0References3
kitploit
kitploit
•added 2024/04/10 12:30 p.m.•45 views

RemoteTLSCallbackInjection - Utilizing TLS Callbacks To Execute A Payload Without Spawning Any Threads In A Remote Process

This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls to trigger the injected payload. Quick Links Maldev Academy Home Maldev Academy...

8.2AI score
Exploits0References3
kitploit
kitploit
•added 2024/03/20 11:30 a.m.•45 views

MultiDump - Post-Exploitation Tool For Dumping And Extracting LSASS Memory Discreetly

MultiDump is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python. Blog post: https://xre0us.io/posts/multidump MultiDump supports LSASS dump via ProcDump.exe or comsvc.dll, it offers two...

7.2AI score
Exploits0References8
kitploit
kitploit
•added 2024/02/07 11:30 a.m.•45 views

BounceBack - Stealth Redirector For Your Red Team Operation Security

BounceBack is a powerful, highly customizable and configurable reverse proxy with WAF functionality for hiding your C2/phishing/etc infrastructure from blue teams, sandboxes, scanners, etc. It uses real-time traffic analysis through various filters and their combinations to hide your tools from...

6.9AI score
Exploits0References11
kitploit
kitploit
•added 2024/02/02 11:30 a.m.•45 views

Melee - Tool To Detect Infections In MySQL Instances

MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale to exfiltrate data, destruct data, and extort mon...

7.3AI score
Exploits0References2
kitploit
kitploit
•added 2023/12/11 11:30 a.m.•45 views

Douglas-042 - Powershell Script To Help Speed ​​Up Threat Hunting Incident Response Processes

DOUGLAS-042 stands as an ingenious embodiment of a PowerShell script meticulously designed to expedite the triage process and facilitate the meticulous collection of crucial evidence derived from both forensic artifacts and the ephemeral landscape of volatile data. Its fundamental mission revolve...

7.1AI score
Exploits0References2
kitploit
kitploit
•added 2023/11/28 11:30 a.m.•45 views

DynastyPersist - A Linux Persistence Tool!

A Linux persistence tool! A powerful and versatile Linux persistence script designed for various security assessment and testing scenarios. This script provides a collection of features that demonstrate different methods of achieving persistence on a Linux system. Features 1. SSH Key Generation:...

7.9AI score
Exploits0References1
kitploit
kitploit
•added 2023/04/05 12:30 a.m.•45 views

Shoggoth - Asmjit Based Polymorphic Encryptor

Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader in an obfuscated form. Since the content of the output is...

7.7AI score
Exploits0References10
kitploit
kitploit
•added 2023/01/31 11:30 a.m.•45 views

Sandfly-Entropyscan - Tool To Detect Packed Or Encrypt ed Binaries Related To Malware, Finds Malicious Files And Linux Processes And Gives Output With Cryptographic Hashes

What is sandfly-entropyscan? sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy measure of randomness and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2022/12/20 11:30 a.m.•45 views

HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...

7.1AI score
Exploits0References5
kitploit
kitploit
•added 2022/10/19 11:30 a.m.•45 views

PenguinTrace - Tool To Show How Code Runs At The Hardware Level

penguinTrace is intended to help build an understanding of how programs run at the hardware level. It provides a way to see what instructions compile to, and then step through those instructions and see how they affect machine state as well as how this maps back to variables in the original...

7.8AI score
Exploits0References4
kitploit
kitploit
•added 2022/10/01 11:30 a.m.•45 views

Deadfinder - Find Dead-Links (Broken Links)

Dead link broken link means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. This tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull ghcr.io/hahwul/deadfinder:latest...

7.6AI score
Exploits0References1
kitploit
kitploit
•added 2022/09/03 12:30 p.m.•45 views

ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities

A python script to scan for Apache Tomcat server vulnerabilities. Features Multithreaded workers to search for Apache tomcat servers. Multiple target source possible: Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets. Reading targets line by...

7.4AI score
Exploits0References1
kitploit
kitploit
•added 2022/08/25 12:30 p.m.•45 views

dBmonster - Track WiFi Devices With Their Recieved Signal Strength

With dBmonster you are able to scan for nearby WiFi devices and track them trough the signal strength dBm of their sent packets sniffed with TShark. These dBm values will be plotted to a graph with matplotlib. It can help you to identify the exact location of nearby WiFi devices use a directional...

7.2AI score
Exploits0References1
kitploit
kitploit
•added 2022/06/04 12:30 p.m.•45 views

CRLFsuite - Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git $ cd CRLFsuite $ sudo python3 setup.py install $ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported...

7.3AI score
Exploits0References2
kitploit
kitploit
•added 2022/05/30 9:30 p.m.•45 views

Labtainers - A Docker-based Cyber Lab Framework

Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...

7.5AI score
Exploits0References5
kitploit
kitploit
•added 2022/04/22 4:10 a.m.•45 views

Ecapture - Capture SSL/TLS Text Content Without CA Cert By eBPF

How eCapture works SSL/TLS text context capture, support openssl\gnutls\nsprnss libraries. bash audit, capture bash command for Host Security Audit. mysql query SQL audit, support mysqld 5.6\5.7\8.0, and mariadDB. eCapture Architecure eCapture User Manual Getting started use ELF binary file...

7.9AI score
Exploits0References5
kitploit
kitploit
•added 2022/03/29 11:30 a.m.•45 views

Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...

7.5AI score
Exploits0References9
kitploit
kitploit
•added 2022/02/05 8:30 p.m.•45 views

SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot

A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to bloc...

7.1AI score
Exploits0References13
kitploit
kitploit
•added 2022/01/30 8:30 p.m.•45 views

Kerbrute - An Script To Perform Kerberos Bruteforcing By Using Impacket

An script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user or list of users and a password or list of password. Then is performs a brute-force attack to enumerate: Valid username/passwords pairs Valid usernames Usernames without...

7.4AI score
Exploits0References1
Total number of security vulnerabilities5000