Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2016/07/16 9:35 p.m.32 views

tomcatWarDeployer - Apache Tomcat auto WAR Deployment & Pwning Penetration Testing Tool

tomcatWarDeployer Apache Tomcat auto WAR deployment & pwning penetration testing tool. What is it? This is a penetration testing tool intended to leverage Apache Tomcat credentials in order to automatically generate and deploy JSP Backdoor, as well as invoke it afterwards and provide nice shell...

8.1AI score
Exploits0References1
Kitploit
Kitploit
added 2016/05/23 10:54 p.m.32 views

Shellsploit - New Generation Exploit Development Kit

Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/02/22 10:30 p.m.32 views

SQLMap - Automatic SQL Injection And Database Takeover Tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.6AI score
Exploits0References1
Kitploit
Kitploit
added 2016/02/20 6:30 p.m.32 views

Smod - MODBUS Penetration Testing Framework

smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x. Feel free to make pull requests, if...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2015/12/18 9:28 p.m.32 views

Ares - Python Botnet and Backdoor

Ares is made of two main programs: A Command aNd Control server, which is a Web interface to administer the agents An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2015/09/25 5:39 p.m.32 views

PEInjector - MITM PE file infector

The executable file format on the Windows platform is PE COFF. The peinjector provides different ways to infect these files with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant,...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2015/08/26 10:2 p.m.32 views

FireMasterCracker - Firefox Master Password Cracking Software

FireMasterCracker is the FREE software to Crack the Firefox Master Password. It is the GUI Version of FireMaster, FIRST ever tool to recover the lost Master Password of Firefox. Firefox browser uses Master password to protect the stored login passwords for all visited websites. If the master...

7AI score
Exploits0
Kitploit
Kitploit
added 2015/08/12 11:23 p.m.32 views

Metasploit AV Evasion - Metasploit payload generator that avoids most Anti-Virus products

Metasploit payload generator that avoids most Anti-Virus products. Installing git clone https://github.com/nccgroup/metasploitavevasion.git chmod +x the avoid.sh file before use. How To Use ./avoid.sh Then follow the on screen prompts. Features Easily generate a Metasploit executable payload to...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2015/08/01 4:15 p.m.32 views

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2015/05/08 2:13 p.m.32 views

Kunai - Pwning & Info Gathering via User Browser

Sometimes there is a need to obtain ip address of specific person or perform client-side attacks via user browser. This is what you need in such situations. Kunai is a simple script which collects many informations about a visitor and saves output to file; furthermore, you may try to perform...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2015/01/08 9:25 p.m.32 views

WiFiPhisher - Fast automated phishing attacks against WiFi networks

Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2015/01/06 3:24 p.m.32 views

Faraday v1.0.7 - Integrated Penetration-Test Environment a multiuser Penetration test IDE

Faraday introduces a new concept IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/12/05 6:14 p.m.32 views

zANTI 2.0 - Android Network Toolkit

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2014/06/26 3:45 p.m.32 views

SmartSPLAT - Tool to troubleshoot Checkpoint firewall issues and perform management tasks

Smart SPLAT is a freeware software to troubleshoot Checkpoint firewall issues and perform management tasks. It periodically checks for an update and when a new release is published, updates itself via the SmartSPLAT web site. SmartSPLAT lets you connect to your firewall via secure channel SSH...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2014/03/21 7:26 p.m.32 views

[Nsdtool] Toolset of scripts used to detect netgear switches in local networks

Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has its own protocol called NSDP Netgear Switch Discovery Protocol, which is implemented to support security tests on the...

9.6AI score
Exploits0
Kitploit
Kitploit
added 2014/02/17 11:35 p.m.32 views

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2014/01/14 3:28 a.m.32 views

[Memoryze] Find Evil in Live Memory (Memory Forensic Software)

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Mandiant’s Memoryze features: image the full range of system memory no...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/01/08 7:0 a.m.32 views

[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2014/01/03 12:36 a.m.32 views

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2013/12/31 4:40 p.m.32 views

[flunym0us] Vulnerability Scanner for Wordpress and Moodle

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle. Operation Flunym0us requires...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/12/26 11:54 p.m.32 views

[VirusTotal] Online Malware Analysis Tool

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2013/11/09 12:30 a.m.32 views

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit SET v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/11/09 12:21 a.m.32 views

[Bluelog v1.1.2] Linux Bluetooth scanner

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It's intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area. While there are man...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/08/21 1:27 a.m.32 views

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

5.7AI score
Exploits0
Kitploit
Kitploit
added 2013/08/14 3:19 a.m.32 views

[WATOBO 0.9.13] THE Web Application Toolbox

WATOBO is intended to enable security professionals to perform highly efficient semi-automated web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/08/07 12:20 a.m.33 views

[THC-Hydra v7.5] Fast network logon cracker

CHANGELOG for 7.5 =================== Moved the license from GPLv3 to AGPLv3 see LICENSE file Added module for Asterisk Call Manager Added support for Android where some functions are not available hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2013/07/11 5:18 a.m.32 views

[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

8AI score
Exploits0
Kitploit
Kitploit
added 2024/03/17 11:30 a.m.31 views

mapXplore - Allow Exporting The Information Downloaded With Sqlmap To A Relational Database Like Postgres And Sqlite

mapXplore is a modular application that imports data extracted of the sqlmap to PostgreSQL or SQLite database. Its main features are: Import of information extracted from sqlmap to PostgreSQL or SQLite for subsequent querying. Sanitized information, which means that at the time of import, it...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2024/02/04 11:30 a.m.31 views

Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2024/01/25 11:30 a.m.31 views

Antisquat - Leverages AI Techniques Such As NLP, ChatGPT And More To Empower Detection Of Typosquatting And Phishing Domains

AntiSquat leverages AI techniques such as natural language processing NLP, large language models ChatGPT and more to empower detection of typosquatting and phishing domains. How to use Clone the project via git clone https://github.com/redhuntlabs/antisquat. Install all dependencies by typing pip...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2024/01/16 11:30 a.m.31 views

CloudRecon - Finding assets from certificates

CloudRecon Finding assets from certificates! Scan the web! Tool presented @DEFCON 31 Install You must have CGO enabled, and may have to install gcc to run CloudRecon sudo apt install gcc go install github.com/g0ldencybersec/CloudRecon@latest Description CloudRecon CloudRecon is a suite of tools f...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/11/20 11:30 a.m.31 views

MemTracer - Memory Scaner

MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to detect reflectively loaded native .NET framework Dynamic-Link...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2023/11/07 11:30 a.m.31 views

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/26 11:30 a.m.31 views

PathFinder - Tool That Provides Information About A Website

Web Path Finder is a Python program that provides information about a website. It retrieves various details such as page title, last updated date, DNS information, subdomains, firewall names, technologies used, certificate information, and more. Retrieve important information about a website Gain...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/15 12:31 a.m.31 views

HBSQLI - Automated Tool For Testing Header Based Blind SQL Injection

HBSQLI is an automated command-line tool for performing Header Based Blind SQL injection attacks on web applications. It automates the process of detecting Header Based Blind SQL injection vulnerabilities, making it easier for security researchers , penetration testers & bug bounty hunters to tes...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2023/10/02 11:30 a.m.31 views

Apepe - Enumerate Information From An App Based On The APK File

Apepe is a Python tool developed to help pentesters and red teamers to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language... Installing / Getting started A quick guide of how to install and u...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2023/09/10 11:30 a.m.31 views

HTTP-Shell - MultiPlatform HTTP Reverse Shell

HTTP-Shell is Multiplatform Reverse Shell. This tool helps you to obtain a shell-like interface on a reverse connection over HTTP. Unlike other reverse shells, the main goal of the tool is to use it in conjunction with Microsoft Dev Tunnels, in order to get a connection as close as possible to a...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/08/10 12:30 p.m.31 views

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/09/26 11:30 a.m.31 views

SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a C tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code...

7.7AI score
Exploits0References3
Kitploit
Kitploit
added 2022/09/02 12:30 p.m.31 views

Aced - Tool to parse and resolve a single targeted Active Directory principal's DACL

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2022/06/09 12:30 p.m.31 views

Offensive-Azure - Collection Of Offensive Tools Targeting Microsoft Azure

Collection of offensive tools targeting Microsoft Azure written in Python to be platform agnostic. The current list of tools can be found below with a brief description of their functionality. ./DeviceCode/devicecodeeasymode.py Generates a code to be entered by the target user Can be used for...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2022/05/26 12:30 p.m.31 views

FindFunc - Advanced Filtering/Finding of Functions in IDA Pro

FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. This is not a competitor to tools like Diaphora or BinNavi, but it is ideal to find a known function in a new binary f...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/19 9:30 p.m.31 views

C2concealer - Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh ./install.sh Building Docker image docker build -t C2concealer . Running with Docker docker container run -it -v :/usr/share/cobaltstrike/ C2concealer...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/12 12:30 p.m.31 views

SSOh-No - User Enumeration And Password Spraying Tool For Testing Azure AD

This tool is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2022/04/06 9:30 p.m.31 views

Hcltm - Documenting Your Threat Models With HCL

Threat Modeling with HCL Overview There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able ...

7.2AI score
Exploits0References16
Kitploit
Kitploit
added 2022/04/05 9:30 p.m.31 views

ScheduleRunner - A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation

Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C tools were already developed to simulate the attack using scheduled task. I have been playing around with some...

7.8AI score
Exploits0References4
Kitploit
Kitploit
added 2022/03/11 11:30 a.m.31 views

WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues outdated server software and insecure HTTP headers. What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities a...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2022/03/07 8:30 p.m.31 views

Fastfuz-Chrome-Ext - Site Fast Fuzzing With Chorme Extension

Fast fuzzing websites with chrome extension Screenshot Install Add Your Custom Files Open files.txt Paste your file or directory name in line by line Happy Hunting TODO Add response size foundings Add new specific file and directory names Add Extension to chrome extension marketplace Download...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2022/02/12 11:30 a.m.31 views

Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...

7AI score
Exploits0References42
Kitploit
Kitploit
added 2022/01/28 11:30 a.m.31 views

Combobulator - Framework To Detect And Prevent Dependency Confusion Leakage And Potential Attacks

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources e.g., GitHub Packages...

7.3AI score
Exploits0References1
Total number of security vulnerabilities5000