Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2023/01/30 11:30 a.m.44 views

DFShell - The Best Forwarded Shell

██████╗ ███████╗███████╗██╗ ██╗███████╗██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██║ ██║███╔═══╝██║ ██║ ██║ ██║█████╗ ███████╗███████║█████╗ ██║ ██║ ██║ ██║██╔══╝ ╚════██║██╔══██║██╔══╝ ██║ ██║ ██████╔╝██║ ███████║██║ ██║███████╗████████╗███████╗ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝ D3Ext's...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2022/10/26 11:30 a.m.44 views

ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry

Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more...

7.4AI score
Exploits0References29
kitploit
kitploit
added 2022/09/18 11:30 a.m.44 views

FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering

Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2022/09/08 12:30 p.m.44 views

ForceAdmin - Create Infinite UAC Prompts Forcing A User To Run As Admin

ForceAdmin is a c payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to always show, so UAC bypass techniques are not...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2022/06/05 12:30 p.m.44 views

AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...

7.9AI score
Exploits0References3
kitploit
kitploit
added 2022/02/27 11:30 a.m.44 views

StayKit - Cobalt Strike Kit For Persistence

StayKit is an extension for Cobalt Strike persistence by leveraging the executeassembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2022/02/10 8:30 p.m.44 views

Php-Malware-Finder - Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...

7.3AI score
Exploits0References13
kitploit
kitploit
added 2022/01/24 8:30 p.m.44 views

Http2Smugl - Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion

This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 - HTTP/1.1 conversion by the frontend server. The scheme is as follows: 1. An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. 2. The request is presumably...

6.9AI score
Exploits0References1
kitploit
kitploit
added 2021/12/10 11:30 a.m.44 views

DInjector - Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL

This repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke API Encrypted payloads which can be invoked from a URL or passed in base64 as an argument Built-in AMS...

8.1AI score
Exploits0References13
kitploit
kitploit
added 2021/11/27 8:30 p.m.44 views

Cracken - A Fast Password Wordlist Generator, Smartlist Creation And Password Hybrid-Mask Analysis Tool

Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust more on talk/. Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace's tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method...

7.1AI score
Exploits0References9
kitploit
kitploit
added 2021/09/09 8:30 p.m.44 views

Owt - The Most Compact WiFi Auditing Tool That Works On Command Line Linux

This tool compiles some necessary tools for wifi auditing in a unix bash script with a user friendly interface. The goal of owt is to have the smallest file size possible while still functioning at maximum proficiency. Installation & Running the script $ git clone https://github.com/clu3bot/OWT.g...

7.2AI score
Exploits0References9
kitploit
kitploit
added 2021/09/08 11:30 a.m.44 views

TREVORspray - A Featureful Round-Robin SOCKS Proxy And Python O365 Sprayer Based On MSOLSpray Which Uses The Microsoft Graph API

TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API By @thetechr0mancer Microsoft is getting better and better about blocking password spraying attacks against O365...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2021/09/02 12:30 p.m.44 views

Assless-Chaps - Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes

Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes Introduction Assless CHAPs is an efficient way to recover the NT hash used in a MSCHAPv2/NTLMv1 exchange if you have the challenge and response e.g. from a WiFi EAP WPE attack. It requires a database of NT hashes,...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2021/08/27 9:30 p.m.44 views

Ctf-Screenshotter - A CTF Web Challenge About Making Screenshots

A CTF web challenge about making screenshots. It is inspired by a bug found in real life. The challenge was created by @LiveOverflow for https://cscg.de/. Watch the video writeup here: https://www.youtube.com/watch?v=FCjMoPpOPYI Run the challenge To run the challenge you have to install...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2021/04/29 12:30 p.m.44 views

M365_Groups_Enum - Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

The allgroups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility: public or private description email address owners members Teams enabled? SharePoint URL e.g. for Teams shared files All of this, even for private Groups! Read more abou...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2021/04/14 12:30 p.m.44 views

Adfsbrute - A Script To Test Credentials Against Active Directory Federation Services (ADFS), Allowing Password Spraying Or Bruteforce Attacks

A script to test credentials against Active Directory Federation Services ADFS, calculating the ADFS url of an organization and allowing password spraying or bruteforce attacks. The main idea is carrying out password spraying attacks with a random and high delay between each test and using a list...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2021/02/09 11:30 a.m.44 views

ATTPwn - Tool Designed To Emulate Adversaries

ATTPwn is a computer security tool designed to emulate adversaries. The tool aims to bring emulation of a real threat into closer contact with implementations based on the techniques and tactics from the MITRE ATT&CK framework. The goal is to simulate how a threat works in an intrusion scenario,...

7.4AI score
Exploits0References1
kitploit
kitploit
added 2020/11/12 11:30 a.m.44 views

Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures TTPs and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an...

7.1AI score
Exploits0References11
kitploit
kitploit
added 2020/10/15 11:30 a.m.44 views

Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power

Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList Mode only but will surely get an Update with BruteForce Mode Dedicated WebSite:https://devim-stuffs.github.io/zracker/ Link to Post on...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2020/10/04 8:30 p.m.44 views

OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

Manual Port Scanning Enumerate Potential Service If you like the tool and for my personal motivation so as to develop other tools please a +1 star INTRO This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally onl...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2020/09/09 11:30 a.m.44 views

Rakkess - Kubectl Plugin To Show An Access Matrix For K8S Server Resources

Review Access - kubectl plugin to show an access matrix for server resources Intro Have you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is...

7.1AI score
Exploits0References7
kitploit
kitploit
added 2020/08/11 9:30 p.m.44 views

SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two mainscanning modules: 1. AzureStealth - Scans Azure environments 2. AWStealth - Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal - Discover The Most Privileged Cloud...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2020/08/07 9:30 p.m.44 views

FestIn - S3 Bucket Weakness Discovery

FestIn is a tool for discovering open S3 Buckets starting from a domains. It perform a lot of test and collects information from: DNS Web Pages Crawler S3 bucket itself like S3 redirections Why Festin There's a lot of S3 tools for enumeration and discover S3 bucket. Some of them are great but...

6.7AI score
Exploits0References2
kitploit
kitploit
added 2020/07/03 9:30 p.m.44 views

How to Report IP Addresses

Spam is a common nuisance for users of the Internet. However, it is not just annoying - these messages may cause substantial harm. While businesses use spam as a cheap way of promotion, criminals send it to snatch sensitive data. Fortunately, there is a quick way to counteract the offenders. Ever...

7AI score
Exploits0
kitploit
kitploit
added 2020/06/19 9:30 p.m.44 views

OSS-Fuzz - Continuous Fuzzing Of Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of...

7.9AI score
Exploits0References5
kitploit
kitploit
added 2020/06/11 9:30 p.m.44 views

Needle - Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip

Chrome extension for Instantaccess to your bug bounty submission dashboard of various platforms + publicly disclosed reports + bugbountytip Needle is the only chrome extension you may need to have one click access to your bug submissions across various platforms. No need to create any bookmark,...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2020/04/28 9:30 p.m.44 views

Terrier - A Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog,...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2019/04/30 12:24 p.m.44 views

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

7.6AI score
Exploits0References3
kitploit
kitploit
added 2018/08/09 1:12 p.m.44 views

TIDoS Framework - The Offensive Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...

7.9AI score
Exploits0References1
kitploit
kitploit
added 2018/06/26 10:12 p.m.44 views

Pspy - Monitor Linux Processes Without Root Permissions

pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as argumen...

7.1AI score
Exploits0References3
kitploit
kitploit
added 2018/06/05 2:11 p.m.44 views

DARKSURGEON - A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

6.8AI score
Exploits0References3
kitploit
kitploit
added 2018/05/03 9:10 p.m.44 views

hBlock - Improve Your Security And Privacy By Blocking Ads, Tracking And Malware Domains

Improve your security and privacy by blocking ads, tracking and malware domains. What is this for? This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates a hosts file that...

7.3AI score
Exploits0References41
kitploit
kitploit
added 2018/04/28 9:34 p.m.44 views

RTA - Framework Designed To Test The Detection Capabilities Against Malicious Tradecraft

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application th...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2017/08/17 2:12 p.m.44 views

Koadic - COM Command & Control Framework (JScript RAT)

Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2016/10/26 9:12 p.m.44 views

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2016/03/19 6:30 p.m.44 views

DbDat - Db Database Assessment Tool

DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...

8.4AI score
Exploits0References2
kitploit
kitploit
added 2016/02/04 8:53 p.m.44 views

Arpy - Mac OSX Arp Spoof (MITM) Tool

Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions: Packet Sniffing Visited Domains Visited Domains with Gource Each function will be explained below. Tested OS to date Darwin 14.3.0 Darwin Kernel Version 14.3.0 Mac OS X Requirements Python 2.7 Gource Scapy...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2015/12/19 9:14 p.m.44 views

Domi-Owned - Tool Used for Compromising IBM/Lotus Domino Servers

Domi-Owned is a tool used for compromising IBM/Lotus Domino servers. Tested on IBM/Lotus Domino 8.5.2, 8.5.3, 9.0.0, and 9.0.1 running on Windows and Linux. Usage A valid username and password is not required unless 'names.nsf' and/or 'webadmin.nsf' requires authentication. Fingerprinting Running...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2015/09/26 2:21 p.m.44 views

Tiger - The Unix security audit and intrusion detection tool

Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language. Tiger has some...

7.3AI score
Exploits0
kitploit
kitploit
added 2014/11/30 10:52 p.m.44 views

CuckooAutoInstall - Auto Installer Script for Cuckoo Sandbox

What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an...

7.6AI score
Exploits0References1
kitploit
kitploit
added 2014/11/14 1:52 a.m.44 views

Pompem - Exploit Finder Script & Web Version

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day,...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2014/07/19 8:5 p.m.44 views

FolderTimeUpdate - Tool that scans all files and folders and updates the Modified Time of every folder according the latest modified time

FolderTimeUpdate is a simple tool for Windows that scans all files and folders under the base folder you choose, and updates the 'Modified Time' of every folder according the latest modified time of the files stored in it. This tool might be useful if, for example, you backup a cluster of folders...

7AI score
Exploits0
kitploit
kitploit
added 2014/04/03 7:35 p.m.44 views

Agnitio - Manual Security Code Review Tool

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. The major changes in v2.1 are listed below:...

7.8AI score
Exploits0
kitploit
kitploit
added 2014/03/26 3:37 p.m.44 views

Cpuminer - CPU miner for Litecoin and Bitcoin

cpuminer is a multi-threaded, highly optimized CPU miner for Litecoin, Bitcoin and other cryptocurrencies. Currently supported algorithms are SHA-256d and scrypt1024, 1, 1. It supports the getwork mining protocol as well as the Stratum mining protocol, and can be used for both solo and pooled...

7.1AI score
Exploits0
kitploit
kitploit
added 2014/03/01 1:41 a.m.44 views

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

6.8AI score
Exploits0
kitploit
kitploit
added 2013/03/23 2:48 a.m.44 views

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

Features Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU up to 128 gpus Multi-Hash up to 15 million hashes Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource...

7.2AI score
Exploits0
kitploit
kitploit
added 2012/11/02 3:16 p.m.44 views

[ZAP] OWASP Zed Attack Proxy Weekly

The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...

7.6AI score
Exploits0
kitploit
kitploit
added 2024/05/06 12:30 p.m.43 views

Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries

A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...

7.1AI score
Exploits0References4
kitploit
kitploit
added 2024/03/23 11:30 a.m.43 views

Sr2T - Converts Scanning Reports To A Tabular Format

Scanning reports to tabular sr2t This tool takes a scanning tool's output file, and converts it to a tabular format CSV, XLSX, or text table. This tool can process output from the following tools: 1. Nmap XML; 2. Nessus XML; 3. Nikto XML; 4. Dirble XML; 5. Testssl JSON; 6. Fortify FPR. Rationale...

6.6AI score
Exploits0References1
kitploit
kitploit
added 2024/01/07 11:30 a.m.43 views

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

7.4AI score
Exploits0References1
Total number of security vulnerabilities5000