Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2022/03/12 11:30 a.m.29 views

Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2022/03/03 8:30 p.m.29 views

Chaya - Advance Image Steganography

Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2022/02/26 11:30 a.m.29 views

NTLMRecon - Enumerate Information From NTLM Authentication Enabled Web Endpoints

A fast and flexible NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains. NTLMRecon is built with flexibilty in mind. Need to run recon on a single URL, an IP address, an...

6.9AI score
Exploits0References4
Kitploit
Kitploit
added 2022/01/02 11:30 a.m.29 views

RiotPot - Resilient IoT And Operational Technology Honeypot

RIoTPot is an interoperable medium interaction honeypot, primarily focused on the emulation IoT and OT protocols, although, it is also capable of emulating other services. This services are loaded in the honeypot in the form of plugins, making RIoTPot a modular, and very transportable honeypot. T...

6.6AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/24 11:30 a.m.29 views

SQLbit - Just Another Script For Automatize Boolean-Based Blind SQL Injections

A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient. It's able to: Search cell values by columns in a table Search...

7.8AI score
Exploits0References1
Kitploit
Kitploit
added 2021/12/22 11:30 a.m.29 views

MUI - A GUI Plugin For Binary Ninja To Easily Interact With And View The Progress Of Manticore

With the Manticore User Interface MUI project, we provide a graphical user interface plugin for Binary Ninja to allow users to easily interact with and view progress of the Manticore symbolic execution engine for analysis of smart contracts and native binaries. ATTENTION This project is under...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/21 11:30 a.m.29 views

Mesh-Kridik - An Open-Source Security Checker That Performs Various Security Checks On A Kubernetes Cluster With Istio Service Mesh And Is Leveraged By OPA (Open Policy Agent) To Enforce Security Rules

Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and outputs a security report. The security checks tests are the full implementation of istio security best practic...

8.3AI score
Exploits0References4
Kitploit
Kitploit
added 2021/12/11 8:30 p.m.30 views

CaptfEncoder - An Extensible Cross Platform Network Security Tool Suite

Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools. CaptfEncoder all functions...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/08 9:56 p.m.29 views

SMBeagle - Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written

SMBeagle is an SMB fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host, or both!? SMBeagle tries to make use of the win32 APIs for maximum...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/11/23 8:30 p.m.29 views

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2021/11/13 8:30 p.m.29 views

Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2021/11/02 8:30 p.m.29 views

ADLab - Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing

The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2021/08/16 9:30 p.m.29 views

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2020/10/27 11:30 a.m.29 views

TASER - Python3 Resource Library For Creating Security Related Tooling

TASER T esting A nd SE ecurity R esource is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenario...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2020/07/26 1:0 p.m.29 views

reNgine - An Automated Reconnaissance Framework Meant For Gathering Information During Penetration Testing Of Web Applications

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. The beauty of reNgine is that it gathers everything in...

6.9AI score
Exploits0References11
Kitploit
Kitploit
added 2020/07/14 9:30 p.m.29 views

Maskprocessor - High-Performance Word Generator With A Per-Position Configureable Charset

High-Performance word generator with a per-position configureable charset Mask attack Try all combinations from a given keyspace just like in Brute-Force attack, but more specific. Advantage over Brute-Force The reason for doing this and not to stick to the traditional Brute-Force is that we want...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2020/07/01 12:30 p.m.29 views

UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version ofWindows 10, you should expect it to be patched in the coming months. Description This PoC shows a technique that can be used to...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2020/06/16 12:30 p.m.29 views

Fsociety - A Modular Penetration Testing Framework

Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety -h -i -s A Penetration Testing Framework optional arguments: -h, --help show this help message and exit -i, --info gets fsociety info -s, --suggest suggest a tool Develop git clone...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/23 12:51 p.m.29 views

Mallet - A Framework For Creating Proxies

Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic. It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/08/20 8:42 p.m.29 views

PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS

A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will accomplish the intents of the account's...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/18 1:12 p.m.29 views

wePWNise - Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies SRPs and EMET mitigations and...

7.6AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/08 2:7 p.m.29 views

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/04 1:37 p.m.29 views

ProbeManager - Centralize Management Of Intrusion Detection System Like Suricata, Bro, Ossec...

It is common to see that many IDS intrusion and detection system, including the software and its rules are not updated regularly. This can be explained by the fact the software and rule management is often complicated, which can be a particular problem for small and medium sized enterprises that...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/06/28 12:50 a.m.29 views

Idisagree - Control Remote Computers Using Discord Bot

Control remote computers using discord bot and python 3. ! If your target is a windows system, you may want to compile your payload. Do this with py2exe or pyinstaller. MAINTAINERS Alisson Moretto | Twitter: @A1S0N Github: @A1S0N PREREQUISITES Python 3.x pip3 subprocess from python3 Discord from...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2018/06/04 2:5 p.m.29 views

BlackArch Linux v2018.06.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1981 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 60 new tools added confi...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2018/06/02 2:10 p.m.29 views

BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2018/05/13 10:50 p.m.29 views

Netpwn - Tool Made To Automate Tasks Of Pentesting

A framework made to automate tasks of pentesting. Written in python 2.7 Screenshots Install git clone https://github.com/3XPL017/netpwn.git cd netpwn chmod +x install ./install Twitter https://twitter.com/3XPL017GH057 Download Netpwn...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/04/18 12:51 p.m.29 views

Linux Exploit Suggester - Linux Privilege Escalation Auditing Tool

Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machines. One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2018/02/25 9:24 p.m.29 views

icebreaker - Gets Plaintext Active Directory Credentials If You'Re On The Internal Network

Break the ice with that cute Active Directory environment over there. Automates network attacks against Active Directory to deliver you piping hot plaintext credentials when you're inside the network but outside of the Active Directory environment. Performs 5 different network attacks for plainte...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2018/02/21 1:30 p.m.29 views

Findsploit - Find Exploits In Local And Online Databases Instantly

Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit ie. ./copysploit 1337.c &&...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/11 9:13 p.m.29 views

TopHat - Fully undetected backdoor with RSA Encrypted shell

TopHat is a inspired by metasploits capabilties of meterpreter however i have coded a script to generate a undetected encrypted backdoor using python. Usage: python tophat.py Download TopHat...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/01/13 8:38 p.m.29 views

sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)

A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...

7.5AI score
Exploits0References5
Kitploit
Kitploit
added 2017/12/21 1:10 p.m.29 views

NoSQL Exploitation Framework 2.0 - A Framework For NoSQL Scanning and Exploitation

A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/13 8:19 p.m.29 views

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/12/01 1:22 p.m.29 views

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs

Find interestingAmazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs via certstream and attempts to find public S3 buckets from permutations of the certificates domain name. Some quick tips if you use S3 buckets: 1. Randomi...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2017/11/10 9:33 p.m.29 views

docker-onion-nmap - Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container

Use nmap to scan hidden "onion" services on the Tor network. Minimal image based on alpine, using proxychains to wrap nmap. Tor and dnsmasq are run as daemons via s6, and proxychains wraps nmap to use the Tor SOCKS proxy on port 9050. Tor is also configured via DNSPort to anonymously resolve DNS...

7.1AI score
Exploits0References4
Kitploit
Kitploit
added 2017/10/27 1:36 p.m.29 views

Rekall v1.7 - Forensic and Incident Response Framework

The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems. The Rekall distribution is available from: http://www.rekall-forensic.com/ Rekall should run...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/09/12 2:30 p.m.29 views

theZoo - A repository of LIVE malwares for your own joy and pleasure

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2017/04/25 2:14 p.m.29 views

WPSeku - Simple Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Usage | | \ \ /\ / / ' / |/ \ |/ / | | | \ V V /| | \ \ / | || | // | ./|/||\,| || -- WPSeku - Wordpress Security Scanner -- WPSeku - v0.1.0 -- Momo Outaadi...

8.4AI score
Exploits0References1
Kitploit
Kitploit
added 2017/02/07 2:0 p.m.29 views

autovpn - Easily connect to a VPN in a country of your choice

autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate. Compiling First clone the repo and cd into the directory: $ git clone https://github.com/adtac/autovpn $ cd autovpn Then run this to...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2017/01/08 3:14 a.m.29 views

Chromebackdoor - Backdoor C&C for Populars Browsers

Chromebackdoor is a pentest tool, this tool use a MITB technique for generate a windows executable ".exe" after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control. VIDEO Install Text V 3.0 Install Video OLD Binder guide Module guide...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2017/01/06 2:3 p.m.29 views

xsscrapy - XSS/SQLi Spider

Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection. From within the main folder run: ./xsscrapy.py -u http://example.com If you wish to login then crawl:...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/10/13 2:0 p.m.29 views

Dracnmap - Exploit Network and Gathering Information with Nmap

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/08/28 3:2 p.m.29 views

HatDBG - Minimal WIN32 Debugger in Powershell

The HatDBG is A pure Powershell win32 debugging abstraction class. The goal of this project is to make a powershell debugger. It is intended to be used during internal penetration tests and red team engagements. This is exclusively for educational purposes. The debugger objects implementing a...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/08/19 8:51 p.m.29 views

ps-inject - Inject Shellcode on Linux PID

Inject shellcode on linux PID How use: $ make gcc -Wall -Wextra -O3 -c -o lib/file.o src/file.c gcc -Wall -Wextra -O3 -c -o lib/str.o src/str.c gcc -Wall -Wextra -O3 -c -o lib/mem.o src/mem.c gcc -Wall -Wextra -O3 -c -o lib/inject.o src/inject.c gcc -Wall -Wextra -O3 -c -o lib/main.o src/main.c g...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/04/27 10:30 p.m.29 views

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/04/19 10:3 p.m.29 views

Tsusen - Network Traffic Sensor

Tsusen 津波センサー is a standalone network sensor made for gathering information from the regular traffic coming from the outside i.e. Internet on a daily basis e.g. mass-scans, service-scanners, etc.. Any disturbances should be closely watched for as those can become a good prediction base of...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2016/04/16 6:58 p.m.29 views

ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)

A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2016/02/23 10:0 p.m.29 views

Audit CouchDB - The Simple, Clear, CouchDB Security Assessment

Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2015/12/24 8:14 p.m.29 views

PentestPackage - A Package of Multiple Pentest Scripts

Contents: Wordlists - Comprises of password lists, username lists and subdomains Web Service finder - Finds web services of a list of IPs and also returns any URL rewrites Gpprefdecrypt. - Decrypt the password of local users added via Windows 2008 Group Policy Preferences. rdns.sh - Runs...

7AI score
Exploits0References1
Total number of security vulnerabilities5000