Lucene search
+L
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2021/11/27 8:30 p.m.44 views

Cracken - A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust more on talk/. Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace's tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method...

7.1AI score
Exploits0References9
Kitploit
Kitploit
added 2021/09/09 8:30 p.m.44 views

Owt - The Most Compact WiFi Auditing Tool That Works On Command Line Linux

This tool compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running the script $ git clone https://github.com/clu3bot/OWT.g...

7.2AI score
Exploits0References9
Kitploit
Kitploit
added 2021/09/08 11:30 a.m.44 views

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2021/09/02 12:30 p.m.44 views

Assless-Chaps - Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes

Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes Introduction Assless CHAPs is an efficient way to recover the NT hash used in a MSCHAPv2/NTLMv1 exchange if you have the challenge and response e.g. from a WiFi EAP WPE attack. It requires a database of NT hashes,...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2021/08/27 9:30 p.m.44 views

Ctf-Screenshotter - A CTF Web Challenge About Making Screenshots

A CTF web challenge about making screenshots. It is inspired by a bug found in real life. The challenge was created by @LiveOverflow for https://cscg.de/. Watch the video writeup here: https://www.youtube.com/watch?v=FCjMoPpOPYI Run the challenge To run the challenge you have to install...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/29 12:30 p.m.44 views

M365_Groups_Enum - Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

The allgroups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL e.g. for Teams shared files All of this, even for private Groups! Read more abou...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2021/04/12 12:30 p.m.44 views

SYNwall - A Zero-Configuration (IoT) Firewall

Zero config IoT firewall. SYNwall is a project built for the time being as a Linux Kernel Module, to implement a transparent and no-config/no-maintenance firewall. Basics Usually IoT devices are out of a central control, with low profile hardware, tough environmental conditions and...we have no...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2021/02/09 11:30 a.m.44 views

ATTPwn - Tool Designed To Emulate Adversaries

ATTPwn is a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework. The goal is to simulate how a threat works in an intrusion scenario,...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/11/17 11:30 a.m.44 views

Gping - Ping, But With A Graph

Ping, but with a graph. Install FYI: The old Python version can be found under the python tag. Homebrew MacOS + Linux brew tap orf/brew brew install gping Binaries Windows Download the latest release from the github releases page. Extract it and move it to a directory on your PATH. Cargo cargo...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2020/11/12 11:30 a.m.44 views

Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures TTPs and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an...

7.1AI score
Exploits0References11
Kitploit
Kitploit
added 2020/10/15 11:30 a.m.44 views

Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power

Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList Mode only but will surely get an Update with BruteForce Mode Dedicated WebSite:https://devim-stuffs.github.io/zracker/ Link to Post on...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2020/10/04 8:30 p.m.44 views

OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

Manual Port Scanning Enumerate Potential Service If you like the tool and for my personal motivation so as to develop other tools please a +1 star INTRO This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally onl...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/09/09 11:30 a.m.44 views

Rakkess - Kubectl Plugin To Show An Access Matrix For K8S Server Resources

Review Access - kubectl plugin to show an access matrix for server resources Intro Have you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2020/08/11 9:30 p.m.44 views

SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two mainscanning modules: 1. AzureStealth - Scans Azure environments 2. AWStealth - Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal - Discover The Most Privileged Cloud...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2020/08/07 9:30 p.m.44 views

FestIn - S3 Bucket Weakness Discovery

FestIn is a tool for discovering open S3 Buckets starting from a domains. It perform a lot of test and collects information from: DNS Web Pages Crawler S3 bucket itself like S3 redirections Why Festin There's a lot of S3 tools for enumeration and discover S3 bucket. Some of them are great but...

6.7AI score
Exploits0References2
Kitploit
Kitploit
added 2020/07/03 9:30 p.m.44 views

How to Report IP Addresses

Spam is a common nuisance for users of the Internet. However, it is not just annoying - these messages may cause substantial harm. While businesses use spam as a cheap way of promotion, criminals send it to snatch sensitive data. Fortunately, there is a quick way to counteract the offenders. Ever...

7AI score
Exploits0
Kitploit
Kitploit
added 2020/06/23 12:30 p.m.44 views

TokenBreaker - JSON RSA To HMAC And None Algorithm Vulnerability POC

Token Breaker is focused on 2 particular vulnerability related to JWT tokens. None Algorithm RSAtoHMAC Refer to this link about insights of the vulnerability and how an attacker can forge the tokens Try out this vulnerability here TheNone Usage usage: TheNone.py -h -t TOKEN TokenBreaker:...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/19 9:30 p.m.44 views

OSS-Fuzz - Continuous Fuzzing Of Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of...

7.9AI score
Exploits0References5
Kitploit
Kitploit
added 2020/06/11 9:30 p.m.44 views

Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

Chrome extension for Instantaccess to your bug bounty submission dashboard of various platforms + publicly disclosed reports + bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/04/28 9:30 p.m.44 views

Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog,...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2019/04/30 12:24 p.m.44 views

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2018/08/09 1:12 p.m.44 views

TIDoS Framework - The Offensive Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/26 10:12 p.m.44 views

Pspy - Monitor Linux Processes Without Root Permissions

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as argumen...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2018/06/05 2:11 p.m.44 views

DARKSURGEON - A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

6.8AI score
Exploits0References3
Kitploit
Kitploit
added 2018/05/03 9:10 p.m.44 views

hBlock - Improve Your Security And Privacy By Blocking Ads, Tracking And Malware Domains

Improve your security and privacy by blocking ads, tracking and malware domains. What is this for? This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates a hosts file that...

7.3AI score
Exploits0References41
Kitploit
Kitploit
added 2018/04/28 9:34 p.m.44 views

RTA - Framework Designed To Test The Detection Capabilities Against Malicious Tradecraft

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application th...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/17 2:12 p.m.44 views

Koadic - COM Command & Control Framework (JScript RAT)

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/10/26 9:12 p.m.44 views

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/03/19 6:30 p.m.44 views

DbDat - Db Database Assessment Tool

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

8.4AI score
Exploits0References2
Kitploit
Kitploit
added 2016/02/04 8:53 p.m.44 views

Arpy - Mac OSX Arp Spoof (MITM) Tool

Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions: Packet Sniffing Visited Domains Visited Domains with Gource Each function will be explained below. Tested OS to date Darwin 14.3.0 Darwin Kernel Version 14.3.0 Mac OS X Requirements Python 2.7 Gource Scapy...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2015/12/19 9:14 p.m.44 views

Domi-Owned - Tool Used for Compromising IBM/Lotus Domino Servers

Domi-Owned is a tool used for compromising IBM/Lotus Domino servers. Tested on IBM/Lotus Domino 8.5.2, 8.5.3, 9.0.0, and 9.0.1 running on Windows and Linux. Usage A valid username and password is not required unless 'names.nsf' and/or 'webadmin.nsf' requires authentication. Fingerprinting Running...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/09/26 2:21 p.m.44 views

Tiger - The Unix security audit and intrusion detection tool

Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language. Tiger has some...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/11/30 10:52 p.m.44 views

CuckooAutoInstall - Auto Installer Script for Cuckoo Sandbox

What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2014/11/14 1:52 a.m.44 views

Pompem - Exploit Finder Script & Web Version

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2014/07/19 8:5 p.m.44 views

FolderTimeUpdate - Tool that scans all files and folders and updates the Modified Time of every folder according the latest modified time

FolderTimeUpdate is a simple tool for Windows that scans all files and folders under the base folder you choose, and updates the 'Modified Time' of every folder according the latest modified time of the files stored in it. This tool might be useful if, for example, you backup a cluster of folders...

7AI score
Exploits0
Kitploit
Kitploit
added 2014/04/03 7:35 p.m.44 views

Agnitio - Manual Security Code Review Tool

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. The major changes in v2.1 are listed below:...

7.8AI score
Exploits0
Kitploit
Kitploit
added 2014/03/26 3:37 p.m.44 views

Cpuminer - CPU miner for Litecoin and Bitcoin

cpuminer is a multi-threaded, highly optimized CPU miner for Litecoin, Bitcoin and other cryptocurrencies. Currently supported algorithms are SHA-256d and scrypt1024, 1, 1. It supports the getwork mining protocol as well as the Stratum mining protocol, and can be used for both solo and pooled...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/03/01 1:41 a.m.44 views

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2013/10/22 12:1 a.m.44 views

[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems Cisco Juniper DLink BSNL ...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2013/03/23 2:48 a.m.44 views

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

Features Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU up to 128 gpus Multi-Hash up to 15 million hashes Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2012/11/02 3:16 p.m.44 views

[ZAP] OWASP Zed Attack Proxy Weekly

The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2024/09/18 11:30 a.m.43 views

Imperius - Make An Linux Kernel Rootkit Visible Again

A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "showmodule" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We c...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2024/05/06 12:30 p.m.43 views

Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries

A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2024/03/23 11:30 a.m.43 views

Sr2T - Converts Scanning Reports To A Tabular Format

Scanning reports to tabular sr2t This tool takes a scanning tool's output file, and converts it to a tabular format CSV, XLSX, or text table. This tool can process output from the following tools: 1. Nmap XML; 2. Nessus XML; 3. Nikto XML; 4. Dirble XML; 5. Testssl JSON; 6. Fortify FPR. Rationale...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2024/01/07 11:30 a.m.43 views

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/12/13 11:30 a.m.43 views

Osx-Password-Dumper - A Tool To Dump Users'S .Plist On A Mac OS System And To Convert Them Into A Crackable Hash

  OSX Password Dumper Script Overview A bash script to retrieve user's .plist files on a macOS system and to convert the data inside it to a crackable hash format. to use with John The Ripper or Hashcat Useful for CTFs/Pentesting/Red Teaming on macOS systems. Prerequisites The script must be ru...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2023/12/08 11:30 a.m.43 views

CloakQuest3r - Uncover The True IP Address Of Websites Safeguarded By Cloudflare

CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/10/10 11:30 a.m.43 views

Sirius - First Truly Open-Source General Purpose Vulnerability Scanner

Sirius is the first truly open-source general purpose vulnerability scanner. Today, the information security community remains the best and most expedient source for cybersecurity intelligence. The community itself regularly outperforms commercial vendors. This is the primary advantage Sirius Sca...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2023/09/24 11:30 a.m.43 views

EDRaser - Tool For Remotely Deleting Access Logs, Windows Event Logs, Databases, And Other Files

EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual. Automated Mode In automated mode, EDRaser scans the C class of a given address space of IPs for vulnerable syste...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/05/31 12:30 p.m.43 views

Nidhogg - All-In-One Simple To Use Rootkit For Red Teams

Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an...

7.7AI score
Exploits0References8
Total number of security vulnerabilities5000