Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2022/03/16 8:30 p.m.32 views

RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature arra...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2022/03/06 8:30 p.m.32 views

Osmedeus - A Workflow Engine For Offensive Security

A Workflow Engine For Offensive Security Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh" Build the engine from source Make sure you installed...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2022/03/01 11:30 a.m.32 views

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

6.9AI score
Exploits0References12
Kitploit
Kitploit
added 2022/02/16 11:30 a.m.32 views

FakeLogonScreen - Fake Windows Logon Screen To Steal Passwords

FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk. It can either be executed by simp...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/06 8:30 p.m.32 views

STEWS - A Security Tool For Enumerating WebSockets

STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover : find WebSockets endpoints on the web by testing a list of domains Fingerprint : determine what WebSockets server is running ...

6.9AI score
Exploits0References8
Kitploit
Kitploit
added 2021/12/01 11:30 a.m.32 views

XC - A Small Reverse Shell For Linux And Windows

Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands: !exit !upload uploads a file to the target !download downloads a file from the target !lfwd local portforwarding like ssh -L !rfwd remote portforwarding like ssh -R !lsfwd lists active forwards !rmfwd remove...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2021/11/28 11:30 a.m.32 views

4-ZERO-3 - 403/401 Bypass Methods + Bash Automation

Introduction 4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same. NOTE : If you see multiple 200 Ok/bypasses as output, you must check the Content-Length. If the content-length is same for multiple 200 Ok/bypasses means false positive. Reason can be...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/27 11:30 a.m.32 views

FakeDataGen - Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/25 8:30 p.m.32 views

Nanobrok - Web Service For Control And Protect Your Android Device Remotely

Web Service write in Python for control and protect yourandroid device remotely. The official app can be found on the PlayStore: NanobrokPro Nanobrok Community Overview Nanobrok-Server is powerful opensource webservice for control and protect your android device, written in Python, that allow and...

7.5AI score
Exploits0References8
Kitploit
Kitploit
added 2021/10/27 11:30 a.m.32 views

Lorsrf - SSRF Parameter Bruteforce

Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods NOTE Lorsrf has been added to scant3r with useful additions multi http method , multi content-type json , query , xml , speed , large worlist and more https://github.com/knassar702/scant3r/wiki/lorsrf install...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2021/10/15 8:30 p.m.32 views

Crawlergo - A Powerful Browser Crawler For Web Vulnerability Scanners

crawlergo is a browser crawler that uses chrome headless mode for URL collection. It hooks key positions of the whole web page with DOM rendering stage, automatically fills and submits forms, with intelligent JS event triggering, and collects as many entries exposed by the website as possible. Th...

7.2AI score
Exploits0References6
Kitploit
Kitploit
added 2021/10/12 8:30 p.m.32 views

Shisho - Lightweight Static Analyzer For Several Programming Languages

Shisho is a lightweight static analyzer for developers. Please seethe usage documentation for further information. Try at Playground You can try Shisho at our playground. Try with Docker You can try shisho in your machine as follows: echo "func testv string int return lenv + 1; " | docker run -i...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2021/07/07 9:30 p.m.32 views

FindObjects-BOF - A Cobalt Strike Beacon Object File (BOF) Project Which Uses Direct System Calls To Enumerate Processes For Specific Loaded Modules Or Process Handles

A Cobalt Strike Beacon Object File BOF project which uses direct system calls to enumerate processes for specific modules or process handles. What is this repository for? Use direct systems calls within Beacon Object files to enumerate processes for specific loaded modules e.g. winhttp.dll,...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2020/10/31 11:30 a.m.32 views

Nethive-Project - Restructured And Collaborated SIEM And CVSS Infrastructure

The Nethive Project provides a Security Information and Event Management SIEM insfrastructure empowered by CVSS automatic measurements. Features Machine Learning powered SQL Injection Detection Server-side XSS Detection based on Chrome's XSS Auditor Post-exploitation Detection powered by Auditbea...

7.8AI score
Exploits0References3
Kitploit
Kitploit
added 2020/10/07 1:30 a.m.32 views

Offering Users More For Their Activity - Similar Items Upon Checkout

The shopping isn't finished once you've purchased your item. If you've ever done shopping online, then you know all about being presented with related items to the one you just purchased. This feature is common for online retail websites and quite useful for both the consumer and the producers. I...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2020/07/24 12:30 p.m.32 views

Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/06/24 4:20 a.m.32 views

Business Secure: How AI is Sneaking into our Restaurants

Prior to pandemic days, the restaurant industry talked of computers that might end up taking over their daily responsibilities. They’d joke about how a kiosk can communicate orders to the kitchen, much like they can. Well, now that we live in a global world that will be reluctant to dine with...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2019/11/11 1:0 p.m.32 views

GCPBucketBrute - A Script To Enumerate Google Storage Buckets, Determine What Access You Have To Them, And Determine If They Can Be Privilege Escalated

A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script optionally accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will th...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2019/10/23 11:47 a.m.32 views

AutoMacTC - Automated Mac Forensic Triage Collector

This is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse them, and present them in formats viable for analysis. The output may provide valuable insights for incident response in a macOS environment. Automactc can be run against a live...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/22 12:49 p.m.32 views

Vim.Wasm - Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen. Try it with your browser NOTICES Please access from a desktop browser Chrome/Firefox/Safari/Edge. Safari seems the best on macOS. Please avoid slow networks. Your browser wil...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2018/06/15 1:55 p.m.32 views

RiskySPN - Detect And Abuse Risky SPNs

RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs Service Principal Name. This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory. For...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/13 10:43 p.m.32 views

Takeover - SubDomain TakeOver Vulnerability Scanner

Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2018/06/11 10:20 p.m.32 views

Nipe - A Script To Make TOR Network Your Default Gateway

Tor enables users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both Licit and Illicit purposes. Tor has, for example, been used by criminals enterprises, Hacktivism groups, and law enforcement agencies at cross purposes, sometimes...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/01 10:28 p.m.32 views

Otseca - Security Auditing Tool To Search And Dump System Configuration

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2018/04/07 1:7 p.m.32 views

DCSYNCMonitor - Monitors For DCSYNC And DCSHADOW Attacks And Create Custom Windows Events For These Events

This tool is an application/service that can be deployed on Domain controllers to alert on Domain Controller Syncronization attempts. When an attempt is detected, the tool will write an event to the Windows Event Log. These events can be correlated in a SIEM. In addition, this tool can take a lis...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2018/04/04 1:6 p.m.32 views

Apktool - A Tool For Reverse Engineering Android APK Files

A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2018/02/23 1:0 p.m.32 views

Invoke-Obfuscation - PowerShell Obfuscator

Invoke-Obfuscation is a PowerShell v2.0+ compatible PowerShell command and script obfuscator. Purpose Attackers and commodity malware have started using extremely basic obfuscation techniques to hide the majority of the command from the command line arguments of powershell.exe. I developed this...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/22 1:12 p.m.32 views

OWASP DependencyCheck - A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration CPE identifier for a given dependency. If found, it will generate a report linking to the associate...

7.2AI score
Exploits0References6
Kitploit
Kitploit
added 2018/02/18 9:12 p.m.32 views

Tunna - Set Of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. SUMMARY TLDR: Tunnels TCP connections over HTTP In a fully firewalled inbound and outbound connections restricted - except the...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/01/03 9:0 p.m.32 views

iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python

This version of the application is written with Python programming language,which is used to crack the Restriction PassCode of iphone/ipad. Brute Force 1. Get the Base64 key and salt from the backup file in Computer. 2. Decode the Base64 key and salt. 3. Try from 1 to 9999 to with the...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/20 9:3 p.m.32 views

WhatWaf - Detect And Bypass Web Application Firewalls And Protection Systems

WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass or two for said firewall, on the specified target. Features Ability to run on a single URL with the...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/15 8:47 p.m.32 views

CALDERA - Automated Adversary Emulation System

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge ATT&CK...

7.6AI score
Exploits0References10
Kitploit
Kitploit
added 2017/09/17 2:30 p.m.32 views

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2017/08/31 9:30 p.m.32 views

EvilAbigail - Automated Linux Evil Maid Attack

Automated Linux evil maid attack Scenario Laptop left turned off with FDE turned on Attacker boots from USB/CD/Network Script executes and backdoors initrd User returns to laptop, boots as normal Backdoored initrd loads: Debian/Ubuntu/Kali .so file into /sbin/init on boot, dropping a shell...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/07/21 9:30 p.m.32 views

Samplicator - Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing

This small program receives UDP datagrams on a given port, and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets. INSTALLATION This distribution...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/06/23 7:41 p.m.32 views

ShellStack - A PHP Based Tool That Helps You To Manage All Your Backdoored Websites Efficiently

ShellStack is a PHP based backdoor management tool. This Tool comes handy for "HACKERS" who wish to keep a track of every website they hack. The tool generates a backdoor file which you just have to upload to the site and put the backdoor URL in the shells.txt present in the tool's directory. Wit...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/06/19 2:39 p.m.32 views

OpenSnitch - GNU/Linux port of the Little Snitch application firewall

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall. Requirements You'll need a GNU/Linux distribution with iptables, NFQUEUE and ftrace kernel support. Install sudo apt-get install build-essential python3-dev python3-setuptools libnetfilter-queue-dev python3-pyqt5 python3-gi...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2017/05/26 3:5 p.m.32 views

NSEarch - Nmap Scripting Engine Search

Nsearch, is a tool that helps you to find scripts that are used by nmap nse , you can search the scripts using differents keyword as the name, category and author, even using all the keyword in a single query,it is also possible to see the documentation of the scripts founded. Requeriments $ pip...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/04/21 9:57 p.m.32 views

Truehunter - Tool to detect TrueCrypt containers

The goal of Truehunter is to detect TrueCrypt containers using a fast and memory efficient approach. It was designed as a PoC some time ago as I couldn't find any open source tool with the same functionality. Installation Just use with Python 2.7, it does not need any additional libraries. usage:...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/04/06 2:12 p.m.32 views

Sherlock - Tool to find missing Windows patches for Local Privilege Escalation Vulnerabilities

PowerShell script to quickly find missing Microsoft patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/02/02 8:2 p.m.32 views

Linux Kodachi3 - Secure Open Source Linux Distribution

Linux Kodachi operating system is based on Debian 8.6 it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi is very easy to use all you have to do is...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/01/31 1:30 p.m.32 views

OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard

Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2017/01/23 2:18 p.m.32 views

iptodomain - This tool extract domains from IP address based in the information saved in virustotal

This tool allows you to extract domains from a IP range, using the historic information archived in Virustotalusing API key. It is usefull if you want to know what domains are behind of this IP address, for example in bug bounty programs one of the first steps is to extract subdomains, this tool...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2016/12/27 2:30 p.m.32 views

Lobotomy - Android Reverse Engineering

Lobotomy is a command line based Android reverse engineering tool. What is in the repo, is currently in development. You should assume nothing works as expected until the official 2.0 release is finished. Version | Development ---|--- Author | Benjamin Watson rotlogix Features Feature | Descripti...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2016/10/20 2:30 p.m.32 views

King Phisher 1.5.2 - Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

7.5AI score
Exploits0References8
Kitploit
Kitploit
added 2016/10/07 2:30 p.m.32 views

sudo-snooper - Python script to fool sudo users

sudo-snooper acts like the original sudo binary to fool users into entering their passwords. It will show a fake prompt just like the original to the user to enter their sudo password. This can be useful in penetration tests or security evaluations for testing user knowledge. Installation steps...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2016/09/13 4:37 p.m.32 views

Cloakify - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Evade AV Detection

Cloakify Toolset - Data Exfiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type e.g. executables, Office, Zip, images into a list of everyday strings. Ve...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2016/07/16 9:35 p.m.32 views

tomcatWarDeployer - Apache Tomcat auto WAR Deployment & Pwning Penetration Testing Tool

tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell...

8.1AI score
Exploits0References1
Kitploit
Kitploit
added 2016/05/23 10:54 p.m.32 views

Shellsploit - New Generation Exploit Development Kit

Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/02/22 10:30 p.m.32 views

SQLMap - Automatic SQL Injection And Database Takeover Tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.6AI score
Exploits0References1
Total number of security vulnerabilities5000