Lucene search
+L
KitploitMost viewed

6011 matches found

kitploit
kitploit
added 2023/05/31 12:30 p.m.43 views

Nidhogg - All-In-One Simple To Use Rootkit For Red Teams

Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an...

7.7AI score
Exploits0References8
kitploit
kitploit
added 2023/03/16 1:45 a.m.44 views

Kali Linux 2023.1 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.1. This release has various impressive updates. he changelog summary since the 2022.4 release from December: Kali Purple - The dawn of a new era. Kali is not only Offense, but starting to be defense Python Changes - Python 3.11 & PIP changes...

7.1AI score
Exploits0
kitploit
kitploit
added 2023/01/01 11:30 a.m.43 views

Cypherhound - Terminal Application That Contains 260+ Neo4j Cyphers For BloodHound Data Sets

A Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets. Why? BloodHound is a staple tool for every red teamer. However, there are some negative side effects based on its design. I will cover the biggest pain points I've experienced and what this tool aims to...

7.1AI score
Exploits0References1
kitploit
kitploit
added 2022/09/18 11:30 a.m.43 views

FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering

Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2022/08/21 12:30 p.m.43 views

Concealed_Code_Execution - Tools And Technical Write-Ups Describing Attacking Techniques That Rely On Concealing Code Execution On Windows

Hunt& Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverag...

7.9AI score
Exploits0References5
kitploit
kitploit
added 2022/08/17 12:30 p.m.43 views

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on https traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption ssl. So far, it has been tested on...

7.7AI score
Exploits0References3
kitploit
kitploit
added 2022/08/05 12:30 p.m.43 views

Peetch - An eBPF Playground

peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections. Currently, peetch includes two subcommands. The first called dump aims to sniff network traffic by associating information about the source process with each packet. The secon...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2022/07/17 12:30 p.m.43 views

Zenbuster - Multi-threaded URL Enumeration/Brute-Forcing Tool

ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin @0xTas. I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2022/06/18 12:30 p.m.43 views

Nightingale - Docker Environment For Pentesting Which Having All The Required Tool For VAPT

In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber security, DevOps, Automation, or Infrastructure. Considering the demand of the industry, I would like to introduce my idea to create a NIGHTINGALE: docker image for...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2022/01/26 1:52 a.m.43 views

Dontgo403 - Tool To Bypass 40X Response Codes

dontgo403 is a tool to bypass 40X errors. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it. Options custom...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2022/01/15 11:30 a.m.43 views

Narthex - Modular Personalized Dictionary Generator

Narthex Greek: Νάρθηξ, νάρθηκας is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalised dictionaries that can be used for password recovery & security assessment. The...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2021/12/11 11:30 a.m.43 views

ADenum - A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking john -jp path John binary path -w wordList The path of the wordlist to be used john Default:...

7.3AI score
Exploits0References6
kitploit
kitploit
added 2021/11/19 11:30 a.m.43 views

Msticpy - Microsoft Threat Intelligence Security Tools

Microsoft Threat Intelligence Python Security Tools. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources enrich the data with Threat Intelligence, geolocations and Azure resource data extract Indicator...

6.5AI score
Exploits0References27
kitploit
kitploit
added 2021/10/05 11:30 a.m.43 views

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

7.3AI score
Exploits0References5
kitploit
kitploit
added 2021/10/03 11:30 a.m.43 views

efiXplorer - IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions o...

7.6AI score
Exploits0References12
kitploit
kitploit
added 2021/09/21 11:30 a.m.43 views

Weakpass - Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words

The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the Wi-Fi network of EvilCorp. Sometimes, a password is...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2021/03/30 8:30 p.m.43 views

ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy

ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be...

7.3AI score
Exploits0References22
kitploit
kitploit
added 2021/02/24 11:30 a.m.43 views

BugBountyScanner - A Bash Script And Docker Image For Bug Bounty Reconnaissance

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output. Helpful? BugBountyScanner helped you net a bounty? Description Note: Using the script over a VPN is highly recommended. It's recommended to run BugBountyScanner...

6.8AI score
Exploits0References1
kitploit
kitploit
added 2021/01/11 8:30 p.m.43 views

pongoOS - A Pre-Boot Execution Environment For Apple Boards

A pre-boot execution environment for Apple boards built on top of checkra1n. Building on macOS Install Xcode + command-line utilities make clean all Building on Linux Download Sam Bingner's iOS Toolchain Copy scripts/arm64-apple-ios12.0.0-clang to a directory in $PATH Adjust the TOOLCHAIN variabl...

6.9AI score
Exploits0References2
kitploit
kitploit
added 2020/12/18 8:30 p.m.43 views

Scilla - Information Gathering Tool (DNS/Subdomain/Port Enumeration)

Information Gathering Tool - Dns/Subdomain/Port Enumeration Installation First of all, clone the repo locally git clone https://github.com/edoardottt/scilla.git Scilla has external dependencies, so they need to be pulled in: go get Working on installation... See the open issue. For now you can ru...

7.4AI score
Exploits0References2
kitploit
kitploit
added 2020/10/08 11:30 a.m.43 views

vPrioritizer - Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization

As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry and it’s safe to assume that count is going to increase furthermore. It’s a huge number of vulnerabilities to assess and remediate effectively and quickly. So today...

7.4AI score
Exploits0References3
kitploit
kitploit
added 2020/09/12 11:30 a.m.43 views

MZAP - Multiple Target ZAP Scanning

Multiple target ZAP Scanning / mzap is a tool for scanning NN in ZAP. Concept Installation go-get $ go get -u github.com/hahwul/mzap snapcraft $ sudo snap install mzap --devmode homebrew $ brew tap hahwul/mzap $ brew install mzap Usage Usage: mzap command Available Commands: ajaxspider Add...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/09/07 8:30 p.m.43 views

PurpleCloud - An Infrastructure As Code (IaC) Deployment Of A Small Active Directory Pentest Lab In The Cloud

Pentest Cyber Range for a small Active Directory Domain. Automated templates for building your own Pentest/Red Team/Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple...

7.4AI score
Exploits0References5
kitploit
kitploit
added 2020/06/25 1:0 p.m.43 views

CorsMe - Cross Origin Resource Sharing MisConfiguration Scanner

A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind ! Misconfiguration type thisscanner can check for Reflect Origin checks Prefix Match Suffix Match Not Esacped Dots Null ThirdParties Like = github.io, repl.it etc. Taken from Chenjj's...

7.2AI score
Exploits0References5
kitploit
kitploit
added 2020/06/12 9:30 p.m.43 views

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2020/06/10 9:30 p.m.43 views

Atlas - Quick SQLMap Tamper Suggester

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code. Screen Installation $ git clone https://github.com/m4ll0k/Atlas.git atlas $ cd atlas $ python atlas.py python3+ Usage $ python atlas.py --url...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2018/12/02 11:49 a.m.43 views

Domain Hunter - Checks Expired Domains For Categorization/Reputation And Archive.org History To Determine Good Candidates For Phishing And C2 Domain Names

Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2018/11/10 8:47 p.m.43 views

Novahot - A Webshell Framework For Penetration Testers

novahot is a webshell framework for penetration testers. It implements a JSON-based API that can communicate with trojans written in any language. By default, it ships with trojans written in PHP, ruby, and python. Beyond executing system commands, novahot is able to emulate interactive terminals...

7.2AI score
Exploits0References6
kitploit
kitploit
added 2018/03/26 12:31 p.m.43 views

XSStrike v2.0 - An Advanced XSS Detection And Exploitation Suit

XSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Made by Somdev Sangwan...

6.6AI score
Exploits0References1
kitploit
kitploit
added 2018/02/21 8:33 p.m.43 views

BlackWidow - A Python Based Web Application Scanner To Gather OSINT And Fuzz For OWASP Vulnerabilities On A Target Website

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. DEMO VIDEO: FEATURES: Automatically...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2017/11/17 9:11 p.m.43 views

SpookFlare - Meterpreter Loader Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom...

7.8AI score
Exploits0References1
kitploit
kitploit
added 2017/11/06 1:37 p.m.43 views

Linux Soft Exploit Suggester - Search Exploitable Software On Linux

linux-soft-exploit-suggester finds exploits for all vulnerable software in a system helping with the privilege escalation. It focuses on software packages instead of Kernel vulnerabilities. python linux-soft-exploit-suggester.py -h | | | | | |·| || |/ | || |- //| || |·|- | || | / |- /| ||| |||/...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2017/10/02 1:30 p.m.43 views

SMBMap - Samba Share Enumeration Tool

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...

7.8AI score
Exploits0References2
kitploit
kitploit
added 2017/09/24 9:54 p.m.43 views

LFiFreak - An automated LFi Exploiter with Bind/Reverse Shells

LFiFreak is a tool for exploiting local file inclusions using PHP Input, PHP Filter and Data URI methods. Features Works with Windows, Linux and OS X Includes bind and reverse shell for both Windows and Linux Written in Python 2.7 Dependencies BeautifulSoup Download LFiFreak...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2017/09/21 4:46 p.m.43 views

Hijacker v1.3 - All-in-One Wi-Fi Cracking Tools for Android

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng , Airodump-ng , MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2017/02/06 2:30 p.m.43 views

WMD (Weapon of Mass Destruction) - Python framework for IT security tools

This is a python tool with a collection of IT security software. The software is incapsulated in "modules". The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command "use modulecall", e.g. "use apsniff", to activate the module. ...

8.2AI score
Exploits0References1
kitploit
kitploit
added 2016/04/12 10:30 p.m.43 views

FruityWifi v2.4 - Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi, Pwnpi Raspberry Pi, Bugtraq. v2.4 Utils have been added replaces "ifconfig -a"...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2015/07/01 10:12 p.m.43 views

Cowrie - SSH Honeypot

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen desaster. Features Some interesting features: Fake filesystem with the ability to...

7.1AI score
Exploits0References2
kitploit
kitploit
added 2014/01/15 1:12 a.m.43 views

[Weevely v1.1] Stealth tiny PHP web shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation , and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

8.4AI score
Exploits0References4
kitploit
kitploit
added 2013/10/02 10:52 p.m.43 views

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

8.2AI score
Exploits0
kitploit
kitploit
added 2024/05/30 12:30 p.m.42 views

Headerpwn - A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP Headers

Install To install headerpwn, run the following command: go install github.com/devanshbatham/[email protected] Usage headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool: 1. Provide the target URL using the -url flag. 2. Create a...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2024/04/24 12:30 p.m.42 views

HackerInfo - Infromations Web Application Security

Infromations Web Application Security install : sudo apt install python3 python3-pip pip3 install termcolor pip3 install google pip3 install optioncomplete pip3 install bs4 pip3 install prettytable...

7.3AI score
Exploits0References1
kitploit
kitploit
added 2024/04/06 11:30 a.m.42 views

ADOKit - Azure DevOps Services Attack Toolkit

Azure DevOps Services Attack Toolkit - ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to specify an attack module, along with specifying valid credentials API key or stolen authentication cookie for the...

7.8AI score
Exploits0References7
kitploit
kitploit
added 2023/12/09 11:30 a.m.42 views

AcuAutomate - Unofficial Acunetix CLI Tool For Automated Pentesting And Bug Hunting Across Large Scopes

AcuAutomate is an unofficial Acunetix CLI tool that simplifies automated pentesting and bug hunting across extensive targets. It's a valuable aid during large-scale pentests, enabling the easy launch or stoppage of multiple Acunetix scans simultaneously. Additionally, its versatile functionality...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2023/11/06 11:30 a.m.42 views

WebSecProbe - Web Security Assessment Tool, Bypass 403

A cutting-edge utility designed exclusively for web security aficionados, penetration testers, and system administrators. WebSecProbe is your advanced toolkit for conducting intricate web security assessments with precision and depth. This robust tool streamlines the intricate process of...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2023/11/04 11:30 a.m.42 views

TEx - Telegram Monitor

TEx is a Telegram Explorer tool created to help Researchers, Investigators and Law Enforcement Agents to Collect and Process the Huge Amount of Data Generated from Criminal, Fraud, Security and Others Telegram Groups. BETA VERSION Please note that this project has been in beta for a few weeks, so...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2023/06/05 12:30 p.m.42 views

DCVC2 - A Golang Discord C2 Unlike Any Other

This multi operating system compatible tool was created to leverage Discord's voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol RTP primarily leveraging DiscordGo and leaves no pesky traces behind in text channels. It is a command line base...

7.5AI score
Exploits0References4
kitploit
kitploit
added 2023/02/22 11:30 a.m.42 views

Probable_Subdomains - Subdomains Analysis And Generation Tool. Reveal The Hidden!

Online tool: https://weakpass.com/generate/domains TL;DR During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through - like...

7AI score
Exploits0References24
kitploit
kitploit
added 2022/10/26 11:30 a.m.42 views

ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry

Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more...

7.4AI score
Exploits0References29
kitploit
kitploit
added 2022/10/13 11:30 a.m.42 views

FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...

8.1AI score
Exploits0References4
Total number of security vulnerabilities5000