Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2013/01/09 6:22 a.m.31 views

[OWASP HTTP Post Tool] DoS Apache Webserver Attack

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection. This is NO Slowloris Attack! Limitations of HTTP GET DDOS attack: - Does not work on IIS web servers or web servers with timeout limits for HTTP headers. - Easily...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2012/11/06 10:11 p.m.31 views

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: ftplogin : Brute-force FTP sshlogin : Brute-force SSH telnetlogin : Brute-force Telnet smtplogin : Brute-force SMTP smtpvrfy : Enumerate valid users using the SMTP VRF...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2012/11/02 3:29 p.m.31 views

[BackBox Linux] Version 3.0

BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. It uses the Xfce desktop environment, and is developed by Raffaele Forte and a small but dedicated team. This release includ...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2025/04/08 12:30 p.m.30 views

Telegram-Story-Scraper - A Python Script That Allows You To Automatically Scrape And Download Stories From Your Telegram Friends

A Python script that allows you to automatically scrape and download stories from your Telegram friends using the Telethon library. The script continuously monitors and saves both photos and videos from stories, along with their metadata. Important Note About Story Access ⚠️ Due to Telegram API...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2024/06/04 12:30 p.m.30 views

ROPDump - A Command-Line Tool Designed To Analyze Binary Executables For Potential Return-Oriented Programming (ROP) Gadgets, Buffer Overflow Vulnerabilities, And Memory Leaks

ROPDump is a tool for analyzing binary executables to identify potential Return-Oriented Programming ROP gadgets, as well as detecting potential buffer overflow and memory leak vulnerabilities. Features Identifies potential ROP gadgets in binary executables. Detects potential buffer overflow...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2024/03/01 11:30 a.m.30 views

RKS - A Script To Automate Keystrokes Through A Graphical Desktop Program

A script to automate keystrokes through an active remote desktop session that assists offensive operators in combination with living off the land techniques. About RKS RemoteKeyStrokes All credits goes to nopernik for making it possible so I took it upon myself to improve it. I wanted something...

8AI score
Exploits0References4
Kitploit
Kitploit
added 2024/02/14 11:30 a.m.30 views

Secbutler - The Perfect Butler For Pentesters, Bug-Bounty Hunters And Security Researchers

Essential utilities for pentester, bug-bounty hunters and security researchers secbutler is a utility tool made for pentesters , bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities like installing...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2023/11/16 11:30 a.m.30 views

Padre - Blazing Fast, Advanced Padding Oracle Exploit

padre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption Features: blazing fast, concurrent implementation decryption of tokens encryption of arbitrary data automatic fingerprinting of padding oracles automatic detection of cipher block length HINTS! if failure occurs...

6.7AI score
Exploits0References5
Kitploit
Kitploit
added 2023/10/20 9:31 p.m.30 views

Commander - A Command And Control (C2) Server

Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2023/10/17 11:30 a.m.30 views

ILSpy - .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) - Cross-Platform!

ILSpy is the open-source .NET assembly browser and decompiler. Decompiler Frontends Aside from the WPF UI ILSpy downloadable via Releases, see also plugins, the following other frontends are available: Visual Studio 2022 ships with decompilation support for F12 enabled by default using our engine...

7.4AI score
Exploits0References16
Kitploit
Kitploit
added 2023/10/06 11:30 a.m.30 views

Caracal - Static Analyzer For Starknet Smart Contracts

Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to run in Scarb projects Installation Precompiled binaries Precompiled...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2023/09/29 11:30 a.m.30 views

Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections

Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers. Key Links Download here See the user documentation to get...

7.2AI score
Exploits0References5
Kitploit
Kitploit
added 2023/09/15 11:30 a.m.30 views

Z9 - PowerShell Script Analyzer

Abstract This tools detects the artifact of the PowerShell based malware from the eventlog of PowerShell logging. Online Demo Install git clone https://github.com/Sh1n0g1/z9 How to use usage: z9.py -h --output OUTPUT -s --no-viewer --utf8 input positional arguments: input Input file path options:...

7.3AI score
Exploits0References10
Kitploit
Kitploit
added 2023/09/06 11:30 a.m.30 views

ICMPWatch - ICMP Packet Sniffer

ICMP Packet Sniffer is a Python program that allows you to capture and analyze ICMP Internet Control Message Protocol packets on a network interface. It provides detailed information about the captured packets, including source and destination IP addresses, MAC addresses, ICMP type, payload data,...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/05/16 12:30 p.m.30 views

Cbrutekrag - Penetration Tests On SSH Servers Using Brute Force Or Dictionary Attacks. Written In C

Penetration tests on SSH servers using dictionary attacks. Written in C. brute krag means "brute force" in afrikáans Disclaimer This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/04/02 12:30 p.m.30 views

CMLoot - Find Interesting Files Stored On (System Center) Configuration Manager (SCCM/CM) SMB Shares

CMLoot was created to easily find interesting files stored on System Center Configuration Manager SCCM/CM SMB shares. The shares are used for distributing software to Windows clients in Windows enterprise environments and can contains scripts/configuration files with passwords, certificates pfx,...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2023/02/04 11:30 a.m.30 views

EAST - Extensible Azure Security Tool - Documentation

Extensible Azure Security Tool Later referred as E.A.S.T is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information JSON content can then be used in various reporting tools,...

7.7AI score
Exploits0References26
Kitploit
Kitploit
added 2022/11/18 11:30 a.m.31 views

Slicer - Tool To Automate The Boring Process Of APK Recon

A tool to automate the recon process on an APK file. Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked. Note : The APK has to be extracted via jadx or apktool...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2022/07/05 12:30 p.m.30 views

Cspparse - A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2022/04/15 9:30 p.m.30 views

Shhhloader - SysWhispers Shellcode Loader

Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. T...

8.1AI score
Exploits0References9
Kitploit
Kitploit
added 2022/03/28 11:30 a.m.30 views

Gitcolombo - Extract And Analyze Contributors Info From Git Repos

OSINT tool to extract info about persons from git repositories: common names, emails, matches between different as it may seems accounts. Using 1. Install git 2. Run: repos by nickname ./gitcolombo.py --nickname LubyRuffy" from any git url ./gitcolombo.py -u...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2022/03/24 11:30 a.m.30 views

ADExplorerSnapshot.py - An AD Explorer Snapshot Parser. It Is Made As An Ingestor For BloodHound, And Also Supports Full-Object Dumping To NDJSON

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool...

6.8AI score
Exploits0References5
Kitploit
Kitploit
added 2022/03/13 11:30 a.m.30 views

Dome - Fast And Reliable Python Script That Makes Active And/Or Passive Scan To Obtain Subdomains And Search For Open Ports

Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock wi...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2022/02/14 11:30 a.m.30 views

Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime from SleuthKit Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5 How it works AutoTimeline automates this workflow: Identify correct volatility profile for the...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2022/02/09 8:30 p.m.30 views

AWS-Loot - Pull Secrets From An AWS Environment

Searches an AWS environment looking for secrets, by enumerating environment variables and source code. This tool allows quick enumeration over large sets of AWS instances and services. Install pip install -r requirements.txt An AWS credential file .aws/credentials is required for authentication t...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2022/01/23 11:30 a.m.30 views

Second-Order - Subdomain Takeover Scanner

Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs and other data that match certain rules, or respond in a certain way. Installation From binary Download a prebuilt binary from the releases page and unzip it. From source Go version 1.17 is...

7.3AI score
Exploits0References7
Kitploit
Kitploit
added 2022/01/11 8:30 p.m.30 views

SpoofThatMail - Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records

Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with domains: sh SpoofThatMail.sh -f domains.txt One single domain: sh SpoofThatMail.sh -d domain Download SpoofThatMail...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/26 8:30 p.m.30 views

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

7.7AI score
Exploits0References3
Kitploit
Kitploit
added 2021/11/22 11:30 a.m.30 views

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/08 11:30 a.m.30 views

Kunyu - More Efficient Corporate Asset Collection

Kunyu, More Efficient Corporate Asset Collection 0x00 Introduce Tool introduction Kunyu kunyu, whose name is taken from , is actually a professional subject related to geographic information, which counts the geographic information of the sea, land, and sky. The same applies to cyberspace. The sa...

6.4AI score
Exploits0References6
Kitploit
Kitploit
added 2021/11/06 11:30 a.m.30 views

Certipy - Python Implementation For Active Directory Certificate Abuse

Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services AD CS. Based on the C variant Certify from @harmj0y and @tifkin. Installation $ python3 setup.py install Remember to add the Python scripts directory to your path. Usage $ certipy -h usage:...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2021/10/27 8:14 p.m.30 views

Clash - A Rule-Based Tunnel In Go

Clash A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based o...

7.7AI score
Exploits0References11
Kitploit
Kitploit
added 2021/10/25 11:30 a.m.30 views

VECTR - A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios

VECTR documentation can be found here: https://docs.vectr.io VECTR Community Discord Channel: https://discord.gg/2FRd8zf728 VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios...

7.4AI score
Exploits0References6
Kitploit
Kitploit
added 2021/10/18 11:30 a.m.30 views

ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries

C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2021/10/03 8:30 p.m.30 views

AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...

8.3AI score
Exploits0References15
Kitploit
Kitploit
added 2021/09/27 11:30 a.m.30 views

Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabli...

7.9AI score
Exploits0References7
Kitploit
Kitploit
added 2021/08/30 9:30 p.m.30 views

Reg1c1de - Registry Permission Scanner For Finding Potential Privesc Avenues Within Registry

Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has write permissions In addition, if any registry values are found that contain file paths with certain file extensions and they are writeable, these will be reported as well. More information on this...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/06/29 9:30 p.m.30 views

S3-Account-Search - S3 Account Search

This tool lets you find the account id an S3 bucket belongs too. For this to work you need to have at least one of these permissions: Permission to download a known file from the bucket s3:getObject. Permission to list the contents of the bucket s3:ListBucket. Additionally, you will need a role...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/06/21 12:30 p.m.30 views

RdpCacheStitcher - RdpCacheStitcher Is A Tool That Supports Forensic Analysts In Reconstructing Useful Images Out Of RDP Cache Bitmaps

RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps. Using raw RDP cache tile bitmaps extracted by tools like e.g. ANSSI's BMC-Tools https://github.com/ANSSI-FR/bmc-tools as input, it provides a graphical user interface and several...

7AI score
Exploits0References4
Kitploit
Kitploit
added 2021/06/16 9:30 p.m.30 views

Aggrokatz - An Aggressor Plugin Extension For Cobalt Strike Which Enables Pypykatz To Interface With The Beacons Remotely

aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The current version of aggrokatz allows pypykatz to parse LSASS dump files and Registry hive files to extract credentials and other secrets stored without downloading the fil...

7.2AI score
Exploits0References5
Kitploit
Kitploit
added 2020/10/17 11:30 a.m.30 views

TheCl0n3r - Tool To Download And Manage Your Git Repositories

TheCl0n3r will allow you to download and manage your git repositories. Preface About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/05 11:30 a.m.30 views

SCREEN_KILLER - Tool To Track Progress For Reporting (Capture Screenshot, Commands And Outputs) During Pentest Engagement And OSCP

This script was to developed to capture screenshot during pentest engagment and OSCP. IMPORTANT: The screenshot feature is no longer allowed for exam but the terminal logging is allowed for exam. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/03 11:30 a.m.30 views

Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

Asnap aims to render recon phase easier by providing regularly updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning. █████╗ ███████╗███╗ ██╗ █████╗ ██████╗ ██╔══██╗██╔════╝████╗ ██║██╔══██╗██╔══██╗...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2020/09/29 8:30 p.m.30 views

Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python

A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The username...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2020/09/07 11:30 a.m.30 views

OpenRedireX - Asynchronous Open redirect Fuzzer for Humans

A Fuzzer For OpenRedirect Issues. Key Features : Takes a url or list of urls and fuzzes them for Open redirect issues You can specify your own payloads in 'payloads.txt' Shows Location header history if any Fast as it is Asynchronous umm thats it , nothing much ! Usage : Note : Use Python 3.7+ ! ...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/05 12:30 p.m.30 views

Netenum - A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts Introduction Netenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/10 12:30 p.m.30 views

GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual stage VBS infection vector, and a dual stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/04/21 12:30 p.m.30 views

Httpgrep - Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H --== httpgrep by nullsecurity.net ==-- usage httpgrep -h -s opts | opts -h - single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/22 12:49 p.m.30 views

Vim.Wasm - Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen. Try it with your browser NOTICES Please access from a desktop browser Chrome/Firefox/Safari/Edge. Safari seems the best on macOS. Please avoid slow networks. Your browser wil...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2018/08/06 10:39 p.m.30 views

Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...

6.9AI score
Exploits0References2
Total number of security vulnerabilities5000