Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2013/03/20 4:13 a.m.34 views

[XSSF v.3.0] Cross-Site Scripting Framework

The Cross-Site Scripting Framework XSSF is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education,...

6.1AI score
Exploits0
Kitploit
Kitploit
added 2013/01/09 1:30 p.m.34 views

[Watcher v1.5.6] Web Security Testing Tool and Passive Vulnerability Scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2025/04/05 11:30 a.m.33 views

Lazywarden - Automatic Bitwarden Backup

Secure, Automated, and Multi-Cloud Bitwarden Backup and Import System Lazywarden is a Python automation tool designed to Backup and Restore data from your vault, including Bitwarden attachments. It allows you to upload backups to multiple cloud storage services and receive notifications across...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2024/06/03 12:30 p.m.33 views

Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions

This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed. The process and objective is simple we can get a clear perspective view on the packages installed by APT currently working on implementing this for RPM and other package managers. This is...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2024/02/03 11:30 a.m.33 views

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2023/10/21 11:30 a.m.33 views

SecuSphere - Efficient DevSecOps

SecuSphere is a comprehensive DevSecOps platform designed to streamline and enhance your organization's security posture throughout the software development life cycle. Our platform serves as a centralized hub for vulnerability management, security assessments, CI/CD pipeline integration, and...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2023/10/04 11:30 a.m.33 views

ModuleShifting - Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs

ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used...

7.4AI score
Exploits0References11
Kitploit
Kitploit
added 2023/07/29 12:30 p.m.33 views

Artemis - APK Infrastructure Investigator

Overview A tools for Find APK Infrastructure . HADESS performs offensive cybersecurity services through infrastructures and software that include vulnerability analysis, scenario attack planning, and implementation of custom integrated preventive projects. We organized our activities around the...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/02/05 11:30 a.m.33 views

Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. T...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2023/01/16 11:30 a.m.33 views

LATMA - Lateral Movement Analyzer Tool

Lateral movement analyzer LATMA collects authentication logs from the domain and searches for potential lateral movement attacks and suspicious activity. The tool visualizes the findings with diagrams depicting the lateral movement patterns. This tool contains two modules, one that collects the...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2022/10/25 11:30 a.m.33 views

Mangle - Tool That Manipulates Aspects Of Compiled Executables (.Exe Or DLL) To Avoid Detection From EDRs

Authored By Tyl0us Featured at Source Zero Con 2022 Mangle is a tool that manipulates aspects of compiled executables .exe or DLL. Mangle can remove known Indicators of Compromise IoC based strings and replace them with random characters, change the file by inflating the size to avoid EDRs, and c...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2022/09/24 11:30 a.m.33 views

Pax - CLI Tool For PKCS7 Padding Oracle Attacks

Exploit padding oracles for fun and profit! Pax PAdding oracle eXploiter is a tool for exploiting padding oracles in order to: 1. Obtain plaintext for a given piece of CBC encrypted data. 2. Obtain encrypted bytes for a given piece of plaintext, using the unknown encryption algorithm used by the...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2022/05/29 9:30 p.m.33 views

Mitmproxy2Swagger - Automagically Reverse-Engineer REST APIs Via Capturing Traffic

A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic. Installation First you will need python3 and pip3. $ pip install mitmproxy2swagger ... or ... ...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2022/05/13 9:30 p.m.33 views

RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2022/05/03 12:30 p.m.33 views

FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares

FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. See theFirmWire documentation to get started! Experiments & Missing Parts? Upon a vendor's request, the current...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2022/05/01 12:30 p.m.33 views

BackupOperatorToDA - From An Account Member Of The Group Backup Operators To Domain Admin Without RDP Or WinRM On The Domain Controller

If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or WinRM on the Domain Controller. All credit from filipdragovic with his inital POC ! I build this project because I wanted to have a more generic binary with parameters and also being...

7.6AI score
Exploits0References4
Kitploit
Kitploit
added 2022/04/24 7:22 a.m.33 views

Git-Dumper - A Tool To Dump A Git Repository From A Website

A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper options URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, --help show this help...

8.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/03/11 8:30 p.m.33 views

Nivistealer - Steal Victim Images Exact Location Device Info And Much More

Steal Victim Images Exact Location Device Info And Much More Features of Nivi-Stealer: Steal Ip Steal Device Info Uses Device Gps to steal exact location Steal pic from front camera Send logs to discord also save them locally in a txt file Works on android,windows,linux,mac os Uses iframe to load...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2022/02/18 8:30 p.m.33 views

SharpCookieMonster - Extracts Cookies From Chrome

This is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C project will dump cookies for all sites, even those with httpOnly/secure/session flags. Usage Simply run the binary. SharpCookieMonster.exe https://sitename.com chrome-debugging-port user...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2022/02/02 11:30 a.m.33 views

Phant0m - Windows Event Log Killer

Svchost is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption. Grouping multiple services into a single process conserves computing resources, and this consideration was of particular concer...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2022/01/22 8:30 p.m.33 views

Mandiant-Azure-AD-Investigator - PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity

This repository contains a PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity. Some indicators are "high-fidelity" indicators of compromise, while other artifacts are so called "dual-use" artifacts. Dual-use artifacts may be related to thre...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2022/01/21 8:30 p.m.33 views

T-Reqs-HTTP-Fuzzer - A Grammar-Based HTTP Fuzzer

T-Reqs T wo Req uests is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling with Differential Fuzzing" which was presented at ACM CCS 2021. BibTeX of the paper: @inproceedingsccs2021treqs, title=T-Reqs: HTTP Request Smuggling with Differential Fuzzin...

6.7AI score
Exploits0References5
Kitploit
Kitploit
added 2021/12/21 8:30 p.m.33 views

Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning

Web Cache Vulnerability Scanner WCVS is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficien...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2021/12/07 11:30 a.m.33 views

Swurg - Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments

Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification OAS defines a standard, programming language-agnostic interface description for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service without requiring acce...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2021/12/02 8:30 p.m.33 views

Crawpy - Yet Another Content Discovery Tool

Yet another content discovery tool written in python. What makes this tool different than others: It is written to work asynchronously which allows reaching to maximum limits. So it is very fast. Calibration mode, applies filters on its own Has bunch of flags that helps you fuzz in detail Recursi...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/24 8:30 p.m.33 views

Redherd Framework -A Collaborative And Serverless Framework For Orchestrating A Geographically Distributed Group Of Assets

RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. --- Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/10/24 11:30 a.m.33 views

Terra - OSINT Tool On Twitter And Instagram

OSINT Tool On Twitter And Instagram. Installation Clone the github repo $ git clone https://github.com/xadhrit/terra.git Change Directory $ cd terra Requirements : For requirements run following commands: $ python3 -m pip install -r requirements.txt Note For Twitter Credentials : You need...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2021/10/05 8:30 p.m.33 views

pFuzz - Helps Us To Bypass Web Application Firewall By Using Different Methods At The Same Time

pFuzz is an advanced red teaming fuzzing tool which we developed for our research. It helps us to bypass web application firewall by using different methods at the same time. pFuzz web uygulama araştırmaları için geliştirdiğimiz, gelişmiş bir fuzzing aracıdır. Farklı güvenlik uygulamaları üzerind...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/09/03 9:30 p.m.33 views

CobaltStrikeParser - Python parser for CobaltStrike Beacon's configuration

Python parser for CobaltStrike Beacon's configuration Description Use parsebeaconconfig.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode default true. Many stageless beacons are PEs where the beacon code itself is stored in the .data section and xored with 4-by...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/09/02 9:30 p.m.33 views

KnockOutlook - A Little Tool To Play With Outlook

"The best feeling is to win by knockout." - Nonito Donaire Overview KnockOutlook is a C project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements. Command Line Usage metadata of every account search : search for the provided keyword...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/04/13 12:30 p.m.33 views

Ronin - A Ruby Platform For Vulnerability Research And Exploit Development

Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits, Payloads, Scanners, etc, via Repositories. Console Ronin provides users with a powerful Ruby Console, pre-loaded with powerful convenience method...

7.3AI score
Exploits0References27
Kitploit
Kitploit
added 2021/02/03 11:30 a.m.33 views

OpenCSPM - Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2020/12/11 11:30 a.m.33 views

Carnivore - Tool For Assessing On-Premises Microsoft Servers Authentication Such As ADFS, Skype, Exchange, And RDWeb

Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality. Released as open source by NCC Group Plc - https://www.nccgroup.com/ Developed by Chris...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/11/02 11:30 a.m.33 views

PowerZure - PowerShell Framework To Assess Azure Security

For a list of functions, their usage, and more, check outhttps://powerzure.readthedocs.io What is PowerZure? PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/10 12:30 p.m.33 views

Arcane - A Simple Script Designed To Backdoor iOS Packages (Iphone-Arm) And Create The Necessary Resources For APT Repositories

Arcane is a simple script designed to backdoor iOS packages iphone-arm and create the necessar y resources for APT repositories. It was created for this publication to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/21 12:30 p.m.33 views

hackerEnv - An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/21 9:30 p.m.33 views

O.G. AUTO-RECON - Enumerate A Target Based Off Of Nmap Results

Enumerate a target Based off of Nmap Results Features The purpose of O.G. Auto-Recon is to automate the initial information gathering phase and then enumerate based off those results as much as possible. This tool is intended for CTF's and can be fairly noisy. Not the most stealth conscious tool...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2020/05/04 9:30 p.m.33 views

Parsec - Secure Cloud Framework

Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2018/12/18 9:12 p.m.33 views

pyHAWK - Searches The Directory Of Choice For Interesting Files. Such As Database Files And Files With Passwords Stored On Them

Searches the directory of choice for interesting files. Such as database files and files with passwords stored on them Features Scans directory for intresting file types Outputs them to the screen Supports many file types Installation Instructions The installation is easy. Git clone the repo and...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2018/09/21 12:9 p.m.33 views

Photon v1.1.4 - Incredibly Fast Crawler Designed For Recon

Incredibly Fast Crawler Designed For Recon. Key Features Data Extraction Photon can extract the following data while crawling: URLs in-scope & out-of-scope URLs with parameters example.com/gallery.php?id=2 Intel emails, social media accounts, amazon buckets etc. Files pdf, png, xml etc. Secret ke...

7AI score
Exploits0References7
Kitploit
Kitploit
added 2018/08/09 9:54 p.m.33 views

Aron - A GO Script For Finding Hidden GET & POST Parameters

Aron is a simple GO script for finding hidden GET & POST parameters with bruteforce. Installation $ git clone https://github.com/m4ll0k/Aron.git aron $ cd aron $ go get github.com/m4ll0k/printer now check if $GOPATH is set $ go env | grep -i gopath if $GOPATH not set, try with: $ export...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/02 1:27 p.m.33 views

Pip3Line - The Swiss Army Knife Of Byte Manipulation

Pip3line is a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere almost. Its main usefulness lies in pentesting and reverse-engineering / binary analysis purposes. Current transformations list include classic decoders such as...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/20 2:20 p.m.33 views

Camelishing - Social Engineering Tool

Camelishing Social Engineering Tool Features 1. Bulk email sending 2. Basic Python Agent Creator 3. Office Excel Macro Creator 4. DDE Excel Creatoror Custom Payload 5. Return İnformation Mail Open Track Agent Open Track 6. AutoSave 7. Statistics Report 8. User Control Installation Modules $ pip...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/18 10:21 p.m.33 views

AWS Key Disabler - A Small Lambda Script That Will Disable Access Keys Older Than A Given Amount Of Days

The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys. AWS Lambda Architecture SysOps Output for EndUser Developer Toolchain Current Limitations A report containing the output json of...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/13 10:19 p.m.33 views

ROPGenerator - Tool That Helps You Building ROP Exploits By Finding And Chaining Gadgets Together

ROPGenerator is a tool that makes ROP exploits easy. It enables you to automatically find gadgets or build ROP chains. The current version supports x86 and x64 binaries. Overview ROPGenerator uses the tool ROPgadget https://github.com/JonathanSalwan/ROPgadget to extract gadgets from binaries and...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2018/07/11 2:7 p.m.34 views

Orbit - Cryptocurrency Wallets Relationship Visualizer

Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information. Usage Run orbit.py with python3 as follows python3 orbit.py Enter the wallet address | | | ' | || | | | | Enter a wallet address: xxxxxxxxxxxxxxx Now orbit...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2018/07/06 1:47 p.m.33 views

DNS Rebind Toolkit - A Front-End JavaScript Toolkit For Creating DNS Rebinding Attacks

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. Wi...

7AI score
Exploits0References8
Kitploit
Kitploit
added 2018/06/23 2:12 p.m.33 views

BeRoot For Windows - Privilege Escalation Project

BeRoots is a post exploitation tool to check common Windows misconfigurations to find a way to escalate our privilege. A compiled version is available here. It will be added to the pupy project as a post exploitation module so it will be executed in memory without touching the disk. Except one...

7.7AI score
Exploits0References7
Kitploit
Kitploit
added 2018/04/26 9:23 p.m.33 views

Nemesis - A Command-Line Network Packet Crafting And Injection Utility

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. Key Features ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP,...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2018/02/14 1:23 p.m.33 views

Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

6.9AI score
Exploits0
Total number of security vulnerabilities5000