Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2014/07/23 1:44 a.m.28 views

Inxi - A newer, better system information script for irc, administration, and system troubleshooters

A newer, better system information script for irc, administration, and system troubleshooters. Inxi Options Inxi has a wide range of options and custom triggers, along with useful defaults like -b or -F. Plain inxi, no options, prints a single line of basic system information. Here is a screensho...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2014/07/20 11:22 p.m.28 views

NoVirusThanks File Governor - Unlock locked files and folders

NoVirusThanks File Governor is an advanced program which allows for files and folders within the system to be unlocked so that normal file I/O operations can be completed when normally they would not be able to be due to operating system restrictions for files currently in use. Once a file or...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/07/15 3:3 a.m.28 views

Dirs3arch - HTTP(S) Directory/File Brute Forcer

dirs3arch is a simple command line tool designed to brute force directories and files in websites. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked .htaccess, web.config, etc. Recursive brute forcing Usage: dirs3arch.py -u|--url target...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2014/06/14 8:43 p.m.28 views

Hooker - Automated Dynamic Analysis of Android Applications

Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls a...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2014/06/02 8:52 p.m.28 views

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension call...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2014/04/30 2:2 a.m.28 views

BluetoothLogView - Creates a log of Bluetooth devices activity around you

BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/03/20 7:52 p.m.28 views

[SSLsplit] Transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original...

9.5AI score
Exploits0References1
Kitploit
Kitploit
added 2014/02/24 10:33 p.m.28 views

[OutlookAttachView] View/Extract/Save Outlook Attachments

OutlookAttachView scans all messages stored in your Outlook, and displays the list of all attached files that it finds. You can easily select one or more attachments and save all of them into the desired folder, as well as you can delete unwanted large attachments that take too much disk space in...

7AI score
Exploits0
Kitploit
Kitploit
added 2014/02/15 11:33 p.m.28 views

[Browser Password Dump v2.0] Command-line Tool to Recover Login Password from Web Browsers

Browser Password Dump is the free command-line tool to instantly recover your lost password from all the popular web browsers. Currently it can recover stored web login passwords from following browsers. Firefox Internet Explorer Google Chrome Chrome Canary/SXS CoolNovo Browser Opera Browser Appl...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2014/01/26 9:17 p.m.28 views

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2013/12/27 12:0 a.m.28 views

[Wifitap] WLAN Traffic Injection Tool

Wifitap is a proof of concept for communication over WLAN networks using traffic injection. Wifitap allows direct communication with an associated station to a given access point directly, whilst not being being associated ourselves or being handled by access point. Wifitap is written in Python,...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2013/08/21 1:12 a.m.28 views

[The Backdoor Factory] Backdoors win32 PE files

Backdoors win32 PE files, to continue normal file execution if the shellcode supports it, by patching the exe/dll directly. Some executables have built in protections, as such this will not work on all PE files. It is advisable that you test target PE files before deploying them to clients or usi...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2013/03/16 4:3 p.m.28 views

[L517] Simple WordList Generator for Windows

L517 is a word-list generator for the Windows Operating System. I wrote L517 to be the only word-list generator and editor I would ever need. L517 is small considering what it does, it is fast considering it's a Windows app, and it is lightweight when not loading astronomically large lists. A...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/03/13 6:38 p.m.29 views

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2023/12/14 11:30 a.m.27 views

APIDetector - Efficiently Scan For Exposed Swagger Endpoints Across Web Domains And Subdomains

APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It's particularly useful for security professionals and developers who are engaged in API testing and vulnerability scanning...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/23 5:45 p.m.27 views

GATOR - GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

GATOR - GCP Attack Toolkit for Offensive Research , a tool designed to aid in research and exploiting Google Cloud Environments. It offers a comprehensive range of modules tailored to support users in various attack stages, spanning from Reconnaissance to Impact. Modules Resource Category |...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/03 11:30 a.m.27 views

Nodesub - Command-Line Tool For Finding Subdomains In Bug Bounty Programs

Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization. Features Perform subdomain enumeration using CIDR notation Support input list. Perform subdomain enumeration using AS...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/09/27 11:30 a.m.27 views

WMIExec - Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol

Set of python scripts which perform different ways of command execution via WMI protocol. Blog Post https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ Usage wmiexecscheduledjob.py Is a python script which authenticates to a remote WMI instance and execute commands vi...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2023/09/22 11:30 a.m.27 views

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

8.1AI score
Exploits0References4
Kitploit
Kitploit
added 2023/07/03 12:30 p.m.27 views

Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...

7.6AI score
Exploits0References6
Kitploit
Kitploit
added 2023/06/30 12:30 p.m.27 views

Golddigger - Search Files For Gold

Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test. Installation Gold Digger requires Python3. virtualenv -p python3 . source bin/activate python dig.py...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2023/06/17 12:30 p.m.27 views

Firefly - Black Box Fuzzer For Web Applications

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly provides the advantage of testing a target with a large number of built-in checks to detect behaviors in the target. Note: Firefly is in a very new stage v1.0 but works well for now, if the target does n...

7.3AI score
Exploits0References3
Kitploit
Kitploit
added 2023/06/01 12:30 p.m.27 views

Azure-AccessPermissions - Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment

Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory Principals & Access Permissions Untangling Azure Active Directory Permissions II: Privileged...

7.1AI score
Exploits0References6
Kitploit
Kitploit
added 2023/05/12 12:30 p.m.27 views

TLDHunt - Domain Availability Checker

TLDHunt is a command-line tool designed to help users find available domain names for their online projects or businesses. By providing a keyword and a list of TLD top-level domain extensions, TLDHunt checks the availability of domain names that match the given criteria. This tool is particularly...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/04/30 12:30 p.m.27 views

Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...

7.3AI score
Exploits0References9
Kitploit
Kitploit
added 2023/04/24 12:30 p.m.27 views

KubeStalk - Discovers Kubernetes And Related Infrastructure Based Attack Surface From A Black-Box Perspective

KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance - Wave 9. Usage The GIF below...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/04/22 12:30 p.m.27 views

PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not ...

8AI score
Exploits0References3
Kitploit
Kitploit
added 2023/04/15 12:30 p.m.27 views

GVision - A Reverse Image Search App That Use Google Cloud Vision API To Detect Landmarks And Web Entities From Images, Helping You Gather Valuable Information Quickly And Easily

GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather valuable information quickly and easily. About Google Cloud Vision API Google Cloud Vision API is a machine learning-powered image analysis service that...

6.9AI score
Exploits0References2
Kitploit
Kitploit
added 2022/10/14 11:30 a.m.27 views

Matano - The Open-Source Security Lake Platform For AWS

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2022/10/10 11:30 a.m.27 views

HSTP - Simple Hyper Service Transfer Protocol On Networks

The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP...

6.9AI score
Exploits0References9
Kitploit
Kitploit
added 2022/07/08 12:30 p.m.27 views

Haxx - Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 - iOS 14.8.1

Untethered + Unsandboxed code execution haxx as root on iOS 14 - iOS 14.8.1. Based on CoreTrustDemo, also please note that certificates are not copyrightable. Usage Note: requires macOS + existing jailbreak Get up and running 1. On your mac import devcertificate.p12 into the keychain, and the...

7.6AI score
Exploits0References2
Kitploit
Kitploit
added 2022/06/22 9:30 p.m.27 views

MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2022/06/20 12:30 p.m.27 views

Xss_Vulnerability_Challenges - This Repository Is A Docker Containing Some "XSS Vulnerability" Challenges And Bypass Examples

This repository is a Dockerized php application containing some XSS vulnerability challenges. The ideas behind challenges are: Javascript validation bypass html entities bypass WAF bypass Black-list validation bypass Basic XSS validation bypass Double encode bypass of WAF to exploit XSS Exploitin...

6.6AI score
Exploits0References2
Kitploit
Kitploit
added 2022/06/01 2:0 p.m.27 views

PowerGram - Multiplatform Telegram Bot In Pure PowerShell

PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use of it, you only need PowerShell 4 or higher and an internet connection. All communication between the Bot and Telegram servers is encrypted with HTTPS, but all requests will be sent in GET method,...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2022/04/08 12:30 p.m.27 views

OffensiveNotion - Notion As A Platform For Offensive Operations

Notion yes, the notetaking app as a C2. Wait, What? Yes. But Why? What started as a meme grew into a full project. Just roll with it. Read more! Here's our blog post about it: We Put A C2 In Your Notetaking App: OffensiveNotion Features A full-featured C2 platform built on the Notion notetaking...

7.8AI score
Exploits0References3
Kitploit
Kitploit
added 2022/03/26 8:30 p.m.27 views

Request_Smuggler - Http Request Smuggling Vulnerability Scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE: requestsmuggler OPTIONS --url FLAGS: -h, --help Prints help information -V, --version Prints version information OPTIONS: --amount-of-payloads...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2022/03/23 11:30 a.m.27 views

ShellcodeTemplate - An Easily Modifiable Shellcode Template For Windows X64/X86

An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson's aka SecIdiot TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, thi...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2022/02/22 11:30 a.m.27 views

Chain-Reactor - An Open Source Framework For Composing Executables That Simulate Adversary Behaviors And Techniques On Linux Endpoints

Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so...

7AI score
Exploits0References4
Kitploit
Kitploit
added 2022/01/25 11:30 a.m.27 views

FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...

7.2AI score
Exploits0References8
Kitploit
Kitploit
added 2022/01/17 11:30 a.m.27 views

Inject-Assembly - Inject .NET Assemblies Into An Existing Process

This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are t...

8AI score
Exploits0References8
Kitploit
Kitploit
added 2022/01/12 8:30 p.m.27 views

Wifi-Framework - Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More...

We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks, create proof-of-concepts to test for vulnerabilities, automate experiments, implement test suites, and so on. The main advantage of the framework is that it allows you to reus...

7.4AI score
Exploits0References9
Kitploit
Kitploit
added 2022/01/04 8:30 p.m.27 views

Rustpad - Multi-Threaded Padding Oracle Attacks Against Any Service

A multi-threaded what now? rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key! Features Decryption of cypher texts Encryption of...

7AI score
Exploits0References3
Kitploit
Kitploit
added 2021/12/13 8:30 p.m.27 views

Haptyc - Test Generation Framework

Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library wa...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2021/11/17 8:30 p.m.27 views

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/17 11:30 a.m.27 views

Hyenae-Ng - An Advanced Cross-Platform Network Packet Generator And The Successor Of Hyenae

Hyenae NG Next Generation is a re-write of the original Hyenae tool which was originally published back in the year 2010. Besides switching from C to C++, using modern design concepts, Hyenae NG was just like the original Hyenae written with maximum portability in mind. Since the original Hyenae...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2021/11/14 8:30 p.m.27 views

Clash - A Rule-Based Tunnel In Go

A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based off...

7.7AI score
Exploits0References10
Kitploit
Kitploit
added 2021/10/26 12:6 a.m.27 views

Webdiscover - The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits

The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools dependencies are installed during script execution: seclist ffuf namelist dnsrecon subfinder whatweb gospider nuclei searchsploit go-exploitdb It creates a directory with the scan...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2021/10/23 11:30 a.m.27 views

SubCrawl - A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP

SubCrawl is a framework developed by Patrick Schläpfer, Josh Stroschein and Alex Holland of HP Inc’s Threat Research team. SubCrawl is designed to find, scan and analyze open directories. The framework is modular, consisting of four components: input modules, processing modules, output modules an...

7.1AI score
Exploits0References10
Kitploit
Kitploit
added 2021/10/12 11:30 a.m.27 views

LinuxCatScale - Incident Response Collection And Processing Scripts With Automated Reporting Scripts

Linux CatScale is a bash script that uses live of the land tools to collect extensive data from Linux based hosts. The data aims to help DFIR professionals triage and scope incidents. An Elk Stack instance also is configured to consume the output and assist the analysis process. Usage This script...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2021/10/06 8:30 p.m.27 views

Smersh - A Pentest Oriented Collaborative Tool Used To Track The Progress Of Your Company'S Missions

Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions and generate rapport. Preview front Angular: Documentation All information is available at the following address: https://docs.smersh.app How to contribute ? Just fork repository then create...

7AI score
Exploits0References7
Total number of security vulnerabilities5000