Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2020/09/20 11:30 a.m.35 views

CRLFuzz - A Fast Tool To Scan CRLF Vulnerability Written In Go

A fast tool to scan CRLF vulnerability written in Go Installation from Binary The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with $ curl -sSfL http://git.io/get-crlfuzz | sh -s -- -b /usr/local/bin from Source If you have go1.13+ compiler...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2020/07/27 9:30 p.m.35 views

TrustJack - Yet Another PoC For Hijacking DLLs in Windows

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows Blogpost: https://redteamer.tips/?p=108 To be used with a cmd that does whatever the F you want, for a dll that pops cmd, https://github.com/jfmaes/CMDLL. check the list in wietze's site to check how you should call...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2020/07/08 12:30 p.m.35 views

Shhgit - Find GitHub Secrets In Real Time

Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API. NEW: LIVE VERSION. Find GitHub secrets straight from your browser! Finding secrets in GitHub is nothing new. There are many great tools available to help with...

7.7AI score
Exploits0References8
Kitploit
Kitploit
added 2020/07/03 1:0 p.m.35 views

Behave - A Monitoring Browser Extension For Pages Acting As Bad Boys

A Still in Development monitoring browser extension for pages acting as bad boys. NB : This is the code repository of the project, if you're looking for the packed extensions: Firefox: https://addons.mozilla.org/en-US/firefox/addon/behave/ Chrome:...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/09/19 8:47 p.m.35 views

Door404 - PHP Backdoor For Web Servers

Door404 is Open Source PHP Backdoor For Web Servers Developed By MrSqar & Rizer This Project Developed For 2 Reasons First " Help Beginners to learn coding . " Second " Help Newbie Servers Managers To Learn New Protection Tricks" Requirements PHP PHP CUrl OS Linux ScreenShots Video : Download...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2018/08/25 1:7 p.m.35 views

Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems Symmetric and Asymmetric, Digital Signatures, Message...

7.5AI score
Exploits0References116
Kitploit
Kitploit
added 2018/05/13 2:36 p.m.35 views

Samurai Email Discovery - Is A Email Discovery Framework That Grabs Emails Via Google Dork, Company Name, Or Domain Name

SED is a email discovery framework created 100% in BASH that grabs emails via google dork, company name, or domain name. Requirements apt-install lynx Screenshots Possibly more features such as an OSINT options, and credential reuse discovery & torsocks implimented - but it does the trick for now...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/04/27 12:49 p.m.35 views

AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner

Massive NSE Nmap Scripting Engine AutoSploit and AutoScanner. The Nmap Scripting Engine NSE is one of Nmap's most powerful and flexible features. It allows users to write and share simple scripts using the Lua programming language to automate a wide variety of networking tasks. Those scripts are...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2018/03/05 8:12 p.m.35 views

Aragog - Facebook Invalid Email Checker

Aragog is a python 2.7 script which looks for Facebook Accounts that have invalid emails on their account. This script was only created for Gmail & Hotmail to be checked, but in the future this could be further upgraded in new features. The attack scenario through this script is if the email of t...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/27 1:12 p.m.35 views

WAScan - Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/23 8:29 p.m.35 views

Revoke-Obfuscation - PowerShell Obfuscation Detection Framework

Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. Authors Daniel Bohannon @danielhbohannon Lee Holmes @LeeHomes Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper:...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2018/02/13 12:38 p.m.35 views

ReelPhish - A Real-Time Two-Factor Phishing Tool

ReelPhish simplifies the real-time phishing technique. The primary component of the phishing tool is designed to be run on the attacker’s system. It consists of a Python script that listens for data from the attacker’s phishing site and drives a locally installed web browser using the Selenium...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2017/11/27 1:15 p.m.35 views

Zeus-Scanner - Advanced Reconnaissance Utility

Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple...

6.2AI score
Exploits0References8
Kitploit
Kitploit
added 2017/09/11 2:0 p.m.35 views

NorkNork - Powershell Empire Persistence Finder

This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled Tasks Auto-run WMI subscriptions Security Support provider Ease of Access Center backdoors Machine account password disable INSTALL...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/08/09 3:11 p.m.35 views

Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator and Obfuscator

Invoke-CradleCrafter is a PowerShell v2.0+ compatible PowerShell remote download cradle generator and obfuscator. Purpose Invoke-CradleCrafter exists to aid Blue Teams and Red Teams in easily exploring, generating and obfuscating PowerShell remote download cradles. In addition, it helps Blue Team...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/05/20 2:45 p.m.35 views

Reconnoitre - A Security Tool For Multithreaded Information Gathering And Service Enumeration

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst also creating a directory structure of results for each host, recommended commands to execute and directory structures for storing loot and flags. Usage This tool can be used and copied f...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/05/13 2:12 p.m.35 views

WiFi-Pumpkin v0.8.5 - Framework for Rogue Wi-Fi Access Point Attack

WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security. The main feature is the ability to create a fake AP and make Man In The Middle attack, but the list of features is quite broad. Installation Python 2.7 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin...

7.1AI score
Exploits0References9
Kitploit
Kitploit
added 2016/12/14 5:35 p.m.35 views

BackdoorMan - Toolkit That Helps You Find Malicious, Hidden And Suspicious PHP Scripts And Shells

A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2016/11/22 1:45 p.m.35 views

httpstat - Curl Statistics Made Simple

httpstat visualizes curl1 statistics in a way of beauty and clarity. It is a single file Python script that has no dependency and is compatible with Python 3. Installation There are three ways to get httpstat : Download the script directly: wget...

7.3AI score
Exploits0References8
Kitploit
Kitploit
added 2016/11/21 2:16 p.m.35 views

deep-pwning - Metasploit for Machine Learning

Deep-pwning is a lightweight framework for experimenting with machine learning models with the goal of evaluating their robustness against a motivated adversary. Note that deep-pwning in its current state is no where close to maturity or completion. It is meant to be experimented with, expanded...

6.8AI score
Exploits0References5
Kitploit
Kitploit
added 2016/03/30 10:30 p.m.35 views

LynxFramework - Extension Exploitation Framework

LynxFramework is an operating tool for web browser offering a specialized service in the effect browser extension development , namely Google Chrome and Firefox soon. The operation is based on the script for the injection in the order to retrieve data targeted. LynxFramework est un outil...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2015/11/14 8:23 p.m.35 views

Beurk - Experimental Unix Rootkit

BEURK is an userland preload rootkit for GNU/Linux, heavily focused around anti-debugging and anti-detection. NOTE: BEURK is a recursive acronym for B EURK E xperimental U nix R oot K it Features Hide attacker files and directories Realtime log cleanup on utmp/wtmp Anti process and login detectio...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2015/09/20 7:58 p.m.35 views

Weevely3 - Weaponized Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...

8.3AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/21 9:33 p.m.35 views

MySQL Query Browser Password Dump - Command-line Tool to Recover Lost or Forgotten Passwords from MySQL Query Browser

MySQL Query Browser Password Dump is the free command-line tool to instantly recover your lost or forgotten passwords from MySQL Query Browser software. MySQL Query Browser is a simple software to manage your MySQL database connections and queries. By default, it stores all the database login...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2015/05/20 8:2 p.m.35 views

King Phisher - Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2014/06/26 3:42 p.m.35 views

Smart Pentester - An SSH based Penetration Testing Framework

Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc. Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence,...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/03/25 7:42 p.m.35 views

[EMS] E-mail Spoofer

E-mail Spoofer is a tool designed for penetration testers who need to send phishing e-mails. It allows to send mails to a single recipient or a list, it supports plain text/html email formats, attachments, templates and more… Features Support for Plain text and HTML E-mail Templates Spoofing Send...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/03/18 12:23 a.m.35 views

[ProcessThreadsView] View process threads information

ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...

9.6AI score
Exploits0
Kitploit
Kitploit
added 2014/02/14 11:18 p.m.35 views

OWASP Xenotix XSS Exploit Framework v5

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

5.6AI score
Exploits0
Kitploit
Kitploit
added 2014/01/27 10:9 p.m.35 views

[PACK] Password Analysis & Cracking Kit

PACK Password Analysis and Cracking Toolkit is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2014/01/27 3:56 a.m.35 views

[Lazy-Kali] Bash Script for Kali Linux

A bash script for when you feel lazy. Adds quite a few tools to Kali Linux. Bleeding Edge Repos AngryIP Scanner Terminator Xchat Unicornscan Nautilus Open Terminal Simple-Ducky Subterfuge Ghost-Phisher Yamas PwnStar Ettercap0.7.6 Xssf Smbexec Flash Java Easy-Creds Java ... and more! Lazy-Kali wil...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/01/23 6:58 a.m.35 views

[Firefox Password Remover v1.5] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox. You can either remove selected ones or all of the stored passwords from the Firefox sign-on database. One of the unique feature of this tool is that it allows you to remove the website...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/11/20 12:52 p.m.35 views

[OMENS v1.17] The framework for distributing Actionable Intelligence

OMENS Object Monitor for Enhanced Network Security was born out of the intrusion and intrusion attempts analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect and...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/11/09 12:53 a.m.35 views

[SX Password Dump Suite] Complete Set of Command-line Password Recovery Tools from SecurityXploded

SX Password Dump Suite is the complete collection of all the FREE command-line based password recovery tools from SecurityXploded. It contains the latest version of all the password dump tools which makes it easier for the user to get all these tools at one place instead of downloading each of th...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/10/22 12:11 a.m.35 views

[AxCrypt] Open Source Windows File Encryption Software

AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2013/10/02 10:47 p.m.35 views

[Matriux Leandros v3.0 rc1] The pentesting distrib (Now added Blackhat Arsenal 2013 Tools)

Matriux is a Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/04/17 11:35 p.m.35 views

[Cuckoo Sandbox v0.6] Software for Automating Analysis of Suspicious Files

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment. Cuckoo generates a handful of different raw data which include: Native...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2013/04/02 10:47 p.m.35 views

[360-FAAR v0.4.1] Firewall Analysis Audit And Repair

360-FAAR Firewall Analysis Audit and Repair is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Changes: This release...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2025/05/03 12:30 p.m.34 views

Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database

Automatically generates beautiful and easy-to-read ER diagrams from your database. Website • Documentation • Roadmap What's Liam ERD? Liam ERD generates beautiful, interactive ER diagrams from your database. Whether you're working on public or private repositories, Liam ERD helps you visualize...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2024/03/26 11:30 a.m.34 views

AutoWLAN - Run A Portable Access Point On A Raspberry Pi Making Use Of Docker Containers

This project will allow you run a portable access point on a Raspberry Pi making use of Docker containers. Further reference and explanations: https://fwhibbit.es/en/automatic-access-point-with-docker-and-raspberry-pi-zero-w Tested on Raspberry Pi Zero W. Access point configurations You can...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2024/03/22 11:30 a.m.34 views

Skytrack - Planespotting And Aircraft OSINT Tool Made Using Python

About skytrack is a command-line based plane spotting and aircraft OSINT reconnaissance tool made using Python. It can gather aircraft information using various data sources, generate a PDF report for a specified aircraft, and convert between ICAO and Tail Number designations. Whether you are a...

6.9AI score
Exploits0References5
Kitploit
Kitploit
added 2024/01/30 11:30 a.m.34 views

PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests

With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...

7.2AI score
Exploits0References7
Kitploit
Kitploit
added 2023/09/02 12:30 p.m.34 views

Tiny_Tracer - A Pin Tool For Tracing API Calls Etc

A Pin Tool for tracing: API calls, including parameters of selected functions selected instructions: RDTSC, CPUID, INT inline system calls, including parameters of selected syscalls transition between sections of the traced module helpful in finding OEP of the packed module Bypasses the...

7AI score
Exploits0References11
Kitploit
Kitploit
added 2023/03/24 11:30 a.m.34 views

Mimicry - Security Tool For Active Deception In Exploitation And Post-Exploitation

Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. Active deception can live migrate the attacker to the honeypot without awareness. We can achieve a higher security level at a lower cost with Active deception. English | 中文文档 Dem...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2023/01/24 11:30 a.m.34 views

Get-AppLockerEventlog - Script For Fetching Applocker Event Log By Parsing The Win-Event Log

This script will parse all the channels of events from the win-event log to extract all the log relatives to AppLocker. The script will gather all the important pieces of information relative to the events for forensic or threat-hunting purposes, or even in order to troubleshoot. Here are the log...

7AI score
Exploits0References6
Kitploit
Kitploit
added 2022/10/30 11:30 a.m.34 views

Ermir - An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it list/lookup/bind/rebind/unbind. Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git...

7.8AI score
Exploits0References9
Kitploit
Kitploit
added 2022/09/17 11:30 a.m.34 views

DeathSleep - A PoC Implementation For An Evasion Technique To Terminate The Current Thread And Restore It Before Resuming Execution, While Implementing Page Protection Changes During No Execution

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution. Intro Sleep and obfuscation methods are well known in the maldev community, with different implementations, they...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2022/08/13 12:30 p.m.34 views

NimGetSyscallStub - Get Fresh Syscalls From A Fresh Ntdll.Dll Copy

Get fresh Syscalls from a fresh ntdll.dll copy. This code can be used as an alternative to the already published awesome tools NimlineWhispers and NimlineWhispers2 by @ajpc500 or ParallelNimcalls. The advantage of grabbing Syscalls dynamically is, that the signature of the Stubs is not included i...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2022/08/01 2:9 a.m.34 views

PR-DNSd - Passive-Recursive DNS Daemon

Passive-Recursive DNS daemon. Quickstart nameserver 127.0.0.1 | sudo tee /etc/resolv.conf dig google.com dig -x $dig +short google.com" go get github.com/korc/PR-DNSd sudo setcap capnetbindservice,capsyschroot=ep go/bin/PR-DNSd go/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53 echo...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2022/07/11 12:30 p.m.34 views

Tofu - Windows Offline Filesystem Hacking Tool For Linux

A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How it works : When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it's storage device contains everythin...

7.4AI score
Exploits0References3
Total number of security vulnerabilities5000