Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2020/09/07 11:30 a.m.30 views

OpenRedireX - Asynchronous Open redirect Fuzzer for Humans

A Fuzzer For OpenRedirect Issues. Key Features : Takes a url or list of urls and fuzzes them for Open redirect issues You can specify your own payloads in 'payloads.txt' Shows Location header history if any Fast as it is Asynchronous umm thats it , nothing much ! Usage : Note : Use Python 3.7+ ! ...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/05 12:30 p.m.30 views

Netenum - A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts Introduction Netenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2020/07/10 12:30 p.m.30 views

GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual stage VBS infection vector, and a dual stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/04/21 12:30 p.m.30 views

Httpgrep - Scans HTTP Servers To Find Given Strings In URIs

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H --== httpgrep by nullsecurity.net ==-- usage httpgrep -h -s opts | opts -h - single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24,...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/22 12:49 p.m.30 views

Vim.Wasm - Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen. Try it with your browser NOTICES Please access from a desktop browser Chrome/Firefox/Safari/Edge. Safari seems the best on macOS. Please avoid slow networks. Your browser wil...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2018/08/06 10:39 p.m.30 views

Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2018/07/21 10:30 p.m.30 views

Scout2 - Security Auditing Tool For AWS Environments

Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/07/15 10:10 p.m.30 views

Memoro - A Detailed Heap Profiler

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2018/05/30 10:11 p.m.30 views

Prowler - Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0. Capabilities Scan a network a particular subnet or a list of IP addresses for all IP addresses associated with active network devices...

7.6AI score
Exploits0References5
Kitploit
Kitploit
added 2018/05/05 1:12 p.m.30 views

SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has...

7.8AI score
Exploits0References6
Kitploit
Kitploit
added 2018/04/06 8:39 p.m.30 views

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

8.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/03/14 12:55 p.m.31 views

JoomScan 0.0.5 - OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan short for Joomla Vulnerability Scanner is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. WHY OWASP JOOMSCAN ? If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is bei...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2018/01/20 1:23 p.m.30 views

Autorize - Automatic Authorization Enforcement Detection Extension For Burp Suite

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/26 1:30 p.m.30 views

BruteSpray v1.6.0 - Brute-Forcing from Nmap output (Automatically attempts default creds on found services)

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Installation pip install -r requirements.txt On Kali: apt-get install brutespray Usage First do an nmap...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2017/10/21 1:58 p.m.30 views

MIDA-Multitool - Bash Script Purposed For System Enumeration, Vulnerability Identification And Privilege Escalation

Bash script purposed for system enumeration, vulnerability identification and privilege escalation. MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor. Besides functionality from these two previous...

7AI score
Exploits0References13
Kitploit
Kitploit
added 2017/09/17 9:30 p.m.30 views

Reaver - Attack against Wi-Fi Protected Setup (WPS)

Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup WPS registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a wide variety of access points and WPS implementations. The original Reaver implements a online brute force attack...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2017/09/16 2:30 p.m.30 views

OWASP ZSC - Shellcode/Obfuscate Code Generator

OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2017/08/10 10:43 p.m.30 views

Pafish - Tool to Detect Sandboxes and Analysis Environments in the Same Way as Malware Families Do

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. The project is open source, you can read the code of all anti-analysis checks. Scope The objective of this project is to collect usual tricks seen i...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2017/07/11 3:0 p.m.30 views

Winpayloads - Undetectable Windows Payload Generation

Winpaylods is a payload generator tool that uses metasploits meterpreter shellcode, injects the users ip and port into the shellcode and writes a python file that executes the shellcode using ctypes. This is then aes encrypted and compiled to a Windows Executable using pyinstaller. Main features:...

7.5AI score
Exploits0References6
Kitploit
Kitploit
added 2017/04/09 5:24 p.m.30 views

Nix-Auditor - Nix Audit Made Easier

A script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines. The value it brings to your auditing set of tools is: Speed - one can audit OS in less than 120 seconds and get report Accuracy - tested on CentOS and RedHat with 100% accura...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/04/03 1:23 p.m.30 views

nRF24 Playset - Software tools for Nordic Semiconductor nRF24-based Devices like Wireless Keyboards, Mice, and Presenters

The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+. All software tools support USB dongles with the nrf-research-firmware by the Bastille Threat...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2017/03/26 2:30 p.m.30 views

mosh - Mobile Shell replacement for SSH (more robust and responsive, especially over Wi-Fi, cellular, and long-distance links)

Mosh is a remote terminal application that supports intermittent connectivity, allows roaming, and provides speculative local echo and line editing of user keystrokes. It aims to support the typical interactive uses of SSH, plus: Mosh keeps the session alive if the client goes to sleep and wakes ...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/01/10 2:23 p.m.30 views

AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically This script is created due to Hackademics, there are so much possible exploit for that version of kernel, as a rookie OSCP student, I am not able to find out the correct exploit, al...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2016/12/31 2:2 p.m.30 views

Commix 1.6 - Automated All-In-One OS Command Injection And Exploitation Tool

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...

8.3AI score
Exploits0References15
Kitploit
Kitploit
added 2016/08/30 1:6 p.m.30 views

libenom - Make Fast and Easy Payloads with MSFvenom

Libenom is a tool created for make more easy and fast the creation of payloads with MSFvenom and get all the data generated ordered. Requirements A linux distribution for pentesting or Ubuntu, Debian, Mint Recommended Kali Linux 2.0 sana or 2016.1 rolling, Parrot OS, Blackarch, Dracos ,Lionsec...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2016/07/13 7:32 p.m.30 views

Lynis 2.3.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2014/10/27 10:44 p.m.30 views

Zarp - Local Network Attack Framework

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once,...

6.8AI score
Exploits0References1
Kitploit
Kitploit
added 2014/04/30 2:2 a.m.30 views

BluetoothLogView - Creates a log of Bluetooth devices activity around you

BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/04/24 12:7 a.m.30 views

Hash Kracker v2.5 - All-in-one Hash Password Recovery Software

Hash Kracker is the free all-in-one tool to recover the hash password for multiple hash types. Currently it supports password recovery from following popular Hash types MD5 SHA1 SHA256 SHA384 SHA512 It uses dictionary based cracking method which makes the cracking operation simple and easier...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2014/01/20 5:3 p.m.30 views

[Proxyp] Multithreaded Proxy Enumeration Utility

Proxyp is a small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses. This script started as a way to speed up use of proxychains, which is why I've added an append option for resulting live IP addresses to be placed at the end...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/01/13 2:36 p.m.30 views

[Kali Linux 1.0.6] with LUKS Self-Destruction Feature

Offensive Security, the creator of the famous BackTrack Linux operating system, has announced on January 9 that a new maintenance release for its Kali Linux distribution is now available for download. Kali Linux 1.0.6 is the first release to introduce an amazing feature called "emergency...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/08/27 4:1 a.m.30 views

[oclHashcat-plus v0.15] Advanced Password Recovery

This version is the result of over 6 months of work, having modified 618,473 total lines of source code. Before we go into the details of the changes, here's a quick summary of the major changes: Added support for cracking passwords longer than 15 characters Added support for mask-files, which...

8.1AI score
Exploits0
Kitploit
Kitploit
added 2013/08/14 2:46 a.m.30 views

[Drozer] The Leading Security Testing Framework for Android.

drozer enables you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. drozer provides tools to help you use and share public Android exploits. It helps you to deploy a droze...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2013/08/14 2:35 a.m.30 views

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...

8.3AI score
Exploits0
Kitploit
Kitploit
added 2013/01/30 3:8 p.m.30 views

[Revenssis] Mobile Penetration Testing Suite

Fully featured network, wireless and web app pentesting suitefor Smartphones Nicknamed as the "Smartphone Version of Backtrack", Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners,...

7.8AI score
Exploits0
Kitploit
Kitploit
added 2024/01/04 11:30 a.m.29 views

PhantomCrawler - Boost Website Hits By Generating Requests From Multiple Proxy IPs

PhantomCrawler allows users to simulate website interactions through different proxy IP addresses. It leverages Python, requests, and BeautifulSoup to offer a simple and effective way to test website behaviour under varied proxy configurations. Features: Utilizes a list of proxy IP addresses from...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2023/12/02 11:30 a.m.29 views

T3SF - Technical Tabletop Exercises Simulation Framework

T3SF is a framework that offers a modular structure for the orchestration of events based on a master scenario events list MSEL together with a set of rules defined for each exercise optional and a configuration that allows defining the parameters of the corresponding platform. The main module...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2023/10/15 11:30 a.m.29 views

JSpector - A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues

JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation 1. Download the late...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2023/09/27 11:30 a.m.29 views

WMIExec - Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol

Set of python scripts which perform different ways of command execution via WMI protocol. Blog Post https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ Usage wmiexecscheduledjob.py Is a python script which authenticates to a remote WMI instance and execute commands vi...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2023/08/08 12:30 p.m.29 views

Nac_Bypass_Agent - This Function Combines All The Above Functions And Takes Necessary Information From The User To Change The IP And MAC Address, Start The Responder And Tcpdump Tools, And Run The Nbtscan Tool

Nac Bypass Agent This piece of code is a script written in Python and designed to run on Kali Linux. Here is a summary explaining what each function does: runcommandcommand: This function runs the command it takes as input and returns its output. killnetworkservices: This function stops the...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/07/04 12:30 p.m.29 views

ScrapPY - A Python Utility For Scraping Manuals, Documents, And Other Sensitive PDFs To Generate Wordlists That Can Be Utilized By Offensive Security Tools

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks. ScrapPY performs word frequency, entropy, and metadata analysis, a...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2022/08/06 12:30 p.m.29 views

Pict - Post-Infection Collection Toolkit

This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a lot of useful forensic information. If you want true...

6.9AI score
Exploits0References3
Kitploit
Kitploit
added 2022/06/11 9:30 p.m.29 views

Pulsar - Data Exfiltration And Covert Communication Tool

Pulsar is a tool for data exfiltration and covert communication that enable you to create a secure data transfer, a bizarre chat or a network tunnel through different protocols, for example you can receive data from tcp connection and resend it to real destination through DNS packets. Setting up...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2022/06/05 9:30 p.m.29 views

Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks

Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, ...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/29 12:30 p.m.29 views

Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2022/05/25 12:30 p.m.29 views

DroidDetective - A Machine Learning Malware Analysis Framework For Android Apps

A machine learning malware analysis framework for Android apps. DroidDetective is a Python tool for analysing Android applications APKs for potential malware related behaviour and configurations. When provided with a path to an application APK file Droid Detective will make a prediction using it'...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2022/05/18 9:30 p.m.29 views

Cyph - Cryptographically Secure Messaging And Social Networking Service

Cyph is a cryptographically secure messaging and social networking service, providing an extreme level of privacy combined with best-in-class ease of use. Cyph’s patented technology — built by former SpaceX engineers, audited by Cure53, and the basis of research presentations at Black Hat and DEF...

7.1AI score
Exploits0References3
Kitploit
Kitploit
added 2022/04/25 12:30 p.m.29 views

DDexec - A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy this is just how execve works. This file may reside on disk or in ram tmpfs, memfd but you need a filepath. This has made very easy to control what is run on a Linux...

6.8AI score
Exploits0References4
Kitploit
Kitploit
added 2022/03/12 11:30 a.m.29 views

Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2022/03/07 8:30 p.m.29 views

Fastfuz-Chrome-Ext - Site Fast Fuzzing With Chorme Extension

Fast fuzzing websites with chrome extension Screenshot Install Add Your Custom Files Open files.txt Paste your file or directory name in line by line Happy Hunting TODO Add response size foundings Add new specific file and directory names Add Extension to chrome extension marketplace Download...

7.3AI score
Exploits0References2
Total number of security vulnerabilities5000