Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2020/04/24 12:30 p.m.38 views

Wotop - Web On Top Of Any Protocol

WOTOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there's a proxy filtering all traffic except standard HTTPS traffic. Unlike other tools which either require you to be behind a proxy which let's you pass arbitrary traffic possibly after ...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2019/07/08 9:57 p.m.38 views

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2018/11/23 12:43 p.m.38 views

Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/27 9:12 p.m.38 views

Ducky-Exploit - Arduino Rubber Ducky Framework

Ducky Exploit is python framework which helps as to code Digispark as Rubber Ducky. This script has been tested on KaliLinux 18.2 Ubuntu 18.04 Windows Works with both Python2 and Python3 Installation Ubuntu and Kali Usage git clone https://github.com/itsmehacker5/Ducky-Exploit.git cd Ducky-Exploi...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/26 1:50 p.m.38 views

Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...

6.8AI score
Exploits0References4
Kitploit
Kitploit
added 2018/04/10 8:49 p.m.38 views

Nix Auditor - Nix Audit Made Easier (RHEL, CentOS)

CIS Audit made easier RHEL, CentOS Usage: 1. Make it executable 2. Execute it. 3. https://the-infosec.com/2017/03/20/auditing-linux-unix-os-in-120-seconds-flat/ Nix Auditor 2.0: Change Log: Added color variables BLUE, RED, NC NO COLOR and GREEN on lines 210 - 213 Applied color variables to "passe...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/10/28 9:30 p.m.38 views

ASLRay - Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying. Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ - will work on any x86-64 Debian-based OS BASH - the whole script Limitations: Stack needs to be executable -z execstack Binary has...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2017/10/27 9:0 p.m.38 views

Pentest-Tools-Auto-Installer - A Simple Tool For Installing Pentest Tools And Forensic Tools On Debian / Ubuntu Based OS

A Simple tool for installing pentest tools and forensic tools on Debian / Ubuntu Based OS Tested on Linux Mint And Kali Linux I Want To Get This How To Do ?? Change Your Privileges Terminal to Root Mode your@terminal:$ sudo su And Then Clone This your@terminal: git clone...

8.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/05/16 3:13 p.m.38 views

BruteSpray - Brute-Forcing from Nmap output (Automatically attempts default creds on found services)

BruteSpray takes nmap GNMAP output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Usage First do an nmap scan with '-oA nmap.gnmap'. Command: python brutespray.py -h Example: python...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2016/08/22 2:6 p.m.38 views

PenBox v2.2 - A Penetration Testing Framework (The Hacker's Repo)

A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs. Information Gathering : nmap Setoolkit Port Scanning Host To IP wordpress user enumeration CMS scanner XSStracer - checks remote web servers for Clickjacking,...

9.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/07/27 10:39 p.m.38 views

Parrot OS 3.1 (Defcon) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2016/06/14 9:53 p.m.38 views

RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)

Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2016/03/01 9:48 p.m.38 views

Gitminer - Automatic Search For GitHub

Advanced search tool and automation in Github. This tool aims to facilitate research by code or code snippets on github through the site's search page. MOTIVATION Demonstrates the fragility of trust in public repositories to store codes with sensitive information. REQUERIMENTS argparse requests...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/02/29 10:11 p.m.38 views

SFTPfuzzer - Simple FTP Fuzzer

SFTPfuzzer Simple FTP Fuzzer is a very simple software written in Python 2.7 by 0x8b30cc, that allows you to easily fuzz username and password field in an FTP Server , looking for a buffer overflow vulnerability. SFTPfuzzer is written in a very simple way, and the code is well commented, allowing...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/06/30 4:44 p.m.38 views

AntiCuckoo - A Tool to Detect and Crash Cuckoo Sandbox

A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant's Cuckoo version. Features Detection: Cuckoo hooks detection all kind of cuckoo hooks. Suspicius data in own memory without APIs, page per page scanning. Crash Execute with arguments out of a sandbox these...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2015/06/04 9:19 p.m.38 views

WAIDPS - Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit penetration testing networks, detect wireless intrusion WEP/WPA/WPS attacks and also intrusion prevention stopping station from associating to access point...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2015/02/03 10:12 p.m.38 views

Socat - Multipurpose relay (SOcket CAT)

Socat is a utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices terminal or modem, etc., sockets Unix, IP4, IP6 - raw, UDP, TCP, a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/06/04 7:18 p.m.38 views

RCEer - Simple Remote Command Execution scanner

Simple Remote Command Execution scanner written in Python 2.7 Download RCEer...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2014/05/14 1:15 a.m.38 views

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Cuckoo generates a handful of differen...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/04/05 12:19 a.m.38 views

Mylar - Platform for building secure web applications

Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server e.g., an attacker, a curious administrator, or a government can obtain all of the data stored there. Mylar protects data confidentiality even when an attacker gets full...

7AI score
Exploits0
Kitploit
Kitploit
added 2014/01/08 6:50 a.m.38 views

[Haveged] A simple Entropy Daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/12/20 5:45 p.m.38 views

[APKinspector] Powerful GUI tool to analyze the Android applications

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2013/03/01 5:31 p.m.38 views

[DotDotPwn v3.0.1] The Directory Traversal Fuzzer

The latest version of DotDotPwn v3.0.1 released. DotDotPwn is a flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. It's written in perl programming language and can be run either unde...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2024/01/03 11:30 a.m.37 views

RansomwareSim - A Simulated Ransomware

Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2024/01/01 11:30 a.m.37 views

Pantheon - Insecure Camera Parser

Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as an integrated live-feed for non-protected cameras. Functionalities Pantheon allows users to execute an API crawler. There was original functionality without the use of...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/12 6:55 p.m.37 views

RecycledInjector - Native Syscalls Shellcode Injector

Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2023/10/07 11:30 a.m.37 views

S4UTomato - Escalate Service Account To LocalSystem Via Kerberos

Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...

7.8AI score
Exploits0References6
Kitploit
Kitploit
added 2023/05/07 12:30 p.m.37 views

NTLMRecon - A Tool For Performing Light Brute-Forcing Of HTTP Servers To Identify Commonly Accessible NTLM Authentication Endpoints

NTLMRecon is a Golang version of the original NTLMRecon utility written by Sachin Kamath AKA pwnfoo. NTLMRecon can be leveraged to perform brute forcing against a targeted webserver to identify common application endpoints supporting NTLM authentication. This includes endpoints such as the Exchan...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/05/02 4:5 p.m.37 views

hardCIDR - Linux Bash Script To Discover The Netblocks, Or Ranges, Owned By The Target Organization

A Linux Bash script to discover the netblocks, or ranges, in CIDR notation owned by the target organization during the intelligence gathering phase of a penetration test. This information is maintained by the five Regional Internet Registries RIRs: ARIN North America RIPE Europe/Asia/Middle East...

6.9AI score
Exploits0References5
Kitploit
Kitploit
added 2023/03/25 11:30 a.m.37 views

QRExfiltrate - Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems

This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/02/01 11:30 a.m.37 views

Monomorph - MD5-Monomorphic Shellcode Packer - All Payloads Have The Same MD5 Hash

════════════════════════════════════╦═══ ╔═╦═╗ ╔═╗ ╔═╗ ╔═╗ ╔═╦═╗ ╔═╗ ╔══╔═╗ ╠═╗ ═╩ ╩ ╩═╚═╝═╩ ╩═╚═╝═╩ ╩ ╩═╚═╝═╩ ╠═╝═╩ ╩═ ════════════════════════════════╩═══════ By Retr0id ═══ MD5-Monomorphic Shellcode Packer ═ ══ USAGE: python3 monomorph.py inputfile outputfile payloadfile What does it do? It...

7.4AI score
Exploits0References5
Kitploit
Kitploit
added 2023/01/09 11:30 a.m.37 views

YATAS - A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that i...

7.8AI score
Exploits0References7
Kitploit
Kitploit
added 2022/12/17 11:30 a.m.37 views

Octosuite - Advanced Github OSINT Framework

A framework fro gathering osint on GitHub users, repositories and organizations Wiki Refer to the Wiki for installation instructions, in addition to all other documentation. Features Fetches an organization's profile information Fetches an oganization's events Returns an organization's repositori...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2022/11/12 11:30 a.m.37 views

autoSSRF - Smart Context-Based SSRF Vulnerabiltiy Scanner

autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSR...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2022/11/11 11:30 a.m.37 views

TeamFiltration - Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2022/09/11 11:30 a.m.37 views

Nim-RunPE - A Nim Implementation Of Reflective PE-Loading From Memory

A Nim implementation of reflective PE-Loading from memory. The base for this code was taken from RunPE-In-Memory - which I ported to Nim. You'll need to install the following dependencies: nimble install ptrmath winim I did test this with Nim Version 1.6.2 only, so use that version for testing or...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2022/08/30 12:30 p.m.37 views

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

7.6AI score
Exploits0References13
Kitploit
Kitploit
added 2022/06/29 12:30 p.m.37 views

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2022/05/05 12:30 p.m.37 views

Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...

7.5AI score
Exploits0References40
Kitploit
Kitploit
added 2022/04/21 12:30 p.m.37 views

Jfscan - A Super Fast And Customisable Port Scanner, Based On Masscan And NMap

Killing features Scan with nmap fast! Allows you to scan targets with Masscan and run Nmap on discovered ports with possibility of custom options. Nmap on steroids. Allows to scan targets in multiple formats. Can output results in domain:port format. Works in stdin/stdout mode, so you can pipe...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2022/03/24 10:4 p.m.37 views

Tiktok-Scraper - TikTok Scraper. Download Video Posts, Collect User/Trend/Hashtag/Music Feed Metadata, Sign URL And Etc

Scrape and download useful information from TikTok. No login or password are required This is not an official API support and etc. This is just a scraper that is using TikTok Web API to scrape media and related meta information. Important notes As of right now it is NOT possible to download video...

7.2AI score
Exploits0References5
Kitploit
Kitploit
added 2022/03/12 8:30 p.m.37 views

DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords

Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2022/02/23 8:30 p.m.37 views

Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scyll...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2022/01/01 8:30 p.m.37 views

Skrull - A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It's a...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/14 11:30 a.m.37 views

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...

7.6AI score
Exploits0References9
Kitploit
Kitploit
added 2021/09/28 8:30 p.m.37 views

LittleCorporal - A C# Automated Maldoc Generator

LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2021/06/30 9:30 p.m.37 views

Red-Shadow - Lightspin AWS IAM Vulnerability Scanner

Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin's Security Research Team. The tool detects the misconfigurations in the following IAM Objects: Managed Policies Users Inline Policies Groups Inli...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2021/03/31 11:30 a.m.37 views

InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool

InveighZero is a C LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features elevated admin...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2021/02/11 8:30 p.m.37 views

XSSTRON - Electron JS Browser To Find XSS Vulnerabilities Automatically

Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too Installation Become root sudo su Install Node.js and npm https://www.npmjs.com/get-npm or sudo apt install npm Download this repo files or gi...

6.6AI score
Exploits0References3
Kitploit
Kitploit
added 2021/01/13 11:30 a.m.37 views

RadareEye - A Tool Made For Specially Scanning Nearby devices [BLE, Bluetooth And Wifi] And Execute Our Given Command On Our System When The Target Device Comes In-Between Range

A tool made for speciallyscanning nearby devicesBLE,Bluetooth & Wifi and execute our given command on our system when the target device comes in between range. NOTE:- RadareEye Owner will be not responsible if any user performs malicious activities using this tool. Use it for Learning purpose onl...

7.5AI score
Exploits0References1
Total number of security vulnerabilities5000