Lucene search
K
KitploitMost viewed

6011 matches found

Kitploit
Kitploit
added 2013/08/29 12:42 a.m.27 views

[Hidden File Finder v2.5] Tool to Find and Unhide/Remove all the Hidden Files

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system. It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files EXE, DLL, COM etc an...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/08/23 2:58 a.m.27 views

[Yersinia v0.7.3] The network protocols assessment tool

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, there are some network protocols implemented, but others are coming tell us which one...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2013/05/27 4:48 p.m.27 views

[Aircrack-ng 1.2 Beta 1] 802.11 WEP and WPA-PSK keys cracking tool

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared ...

7.8AI score
Exploits0
Kitploit
Kitploit
added 2013/03/23 2:52 a.m.27 views

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker

Features Worlds fastest NTLM, MD5, SHA1, SHA256 and descrypt cracker Free Multi-GPU up to 128 gpus Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource utilization, you can still watch movies or play games while cracking Focuses one-shot,...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2013/03/11 12:27 a.m.27 views

[SHA256 Salted Hash Kracker]Tool to Crack your Salted SHA256 Hash

SHA256 Salted Hash Kracker is the free tool to crack and recover your lost password from the salted SHA256 hash. These days most websites and applications use salt based SHA256 hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2012/11/29 2:56 p.m.27 views

[Xenotix] XSS Exploit Framework 2013 v2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration...

6.6AI score
Exploits0
Kitploit
Kitploit
added 2012/11/06 10:7 p.m.27 views

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR Firewall Analysis Audit and Repair is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Read Policy and Logs...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2012/11/02 3:21 p.m.27 views

[Snuck] Automatic XSS filter bypass

Snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's. snuck is an automated tool th...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2012/11/02 3:14 p.m.27 views

[SET] Social-Engineer Toolkit 4.1.3

TrustedSec Release the latest version of Social-Engineer Toolkit SET as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2024/06/22 12:30 p.m.26 views

XMGoat - Composed of XM Cyber terraform templates that help you learn about common Azure security issues

XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: 1. Run...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2024/03/28 11:30 a.m.26 views

Rrgen - A Header Only C++ Library For Storing Safe, Randomly Generated Data Into Modern Containers

This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container. Installation 1...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2024/02/21 11:30 a.m.26 views

SpeedyTest - Command-Line Tool For Measuring Internet Speed

SpeedyTest is a powerful command-line tool for measuring internet speed. With its advanced features and intuitive interface, it provides accurate and comprehensive speed test results. Whether you're a network administrator, developer, or simply want to monitor your internet connection, SpeedyTest...

7.4AI score
Exploits0References2
Kitploit
Kitploit
added 2024/02/05 11:30 a.m.26 views

Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities Techniques Currently, navgix supports 2 techniques for finding vulnerable directories or location aliases. Those being the following: Heuristics navgix will make an initial GET request to the page, an...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2024/02/01 11:30 a.m.26 views

Sncscan - Tool For Analyzing SAP Secure Network Communications (SNC)

Tool for analyzing SAP Secure Network Communications SNC. How to use? In its current state, sncscan can be used to read the SNC configurations for SAP Router and DIAG SAP GUI connections. The implementation for the SAP RFC protocol is currently in development. SAP Router SAP Routers can either...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2023/10/16 11:30 a.m.26 views

Gcp_Scanner - A Comprehensive Scanner For Google Cloud

This is a GCP resource scanner that can help determine what level of access certain credentials possess on GCP. The scanner is designed to help security engineers evaluate the impact of a certain VM/container compromise, GCP service account or OAuth2 token key leak. Currently, the scanner support...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2023/09/20 11:30 a.m.26 views

Callisto - An Intelligent Binary Vulnerability Analysis Tool

Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the bina...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2023/04/10 12:30 p.m.26 views

Reportly - An AzureAD User Activity Report Tool

Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious user and a time frame and will receive a report detailing the following: 1. Information about t...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2023/02/06 11:30 a.m.26 views

Heap_Detective - The Simple Way To Detect Heap Memory Pitfalls In C++ And C

This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information. The second phase has a differe...

8.1AI score
Exploits0References4
Kitploit
Kitploit
added 2023/01/21 11:30 a.m.26 views

Tai-e - An Easy-To-Learn/Use Static Analysis Framework For Java

Tai-e What is Tai-e? Tai-e Chinese: 太阿; pronunciation: ˈtaɪə: is a new static analysis framework for Java please see our technical report for details, which features arguably the "best" designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2023/01/19 11:30 a.m.26 views

DragonCastle - A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDL...

8.8AI score
Exploits0References1
Kitploit
Kitploit
added 2022/12/05 11:30 a.m.26 views

Scscanner - Tool To Read Website Status Code Response From The Lists

scscanner is tool to read website status code response from the lists. This tool have ability to filter only spesific status code, and save the result to a file. Feature Slight dependency. This tool only need curl to be installed Multi-processing. Scanning will be more faster with multi-processin...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2022/10/11 11:30 a.m.26 views

Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews

Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2022/09/07 12:30 p.m.26 views

Coercer - A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods. Features Automatically detects open SMB pipes on the remote machine. Calls one by one all the vulnerable RPC functions to coerce the server to authenticate on an arbitrary machine...

8AI score
Exploits0References1
Kitploit
Kitploit
added 2022/07/02 12:53 a.m.26 views

Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace

Inject a shared library i.e. arbitrary code into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. Usage .. . | /| | || || / | .. / | | | | |/ \ | |/ / \ \ \ | \ | |/|| /| |\ \ | /| // | / /| / / /|| / source:...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2022/06/22 9:30 p.m.26 views

MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2022/06/03 12:30 p.m.26 views

Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

8AI score
Exploits0References17
Kitploit
Kitploit
added 2022/06/01 9:30 p.m.26 views

Zap-Scripts - Zed Attack Proxy Scripts For Finding CVEs And Secrets

Zed Attack Proxy Scripts for finding CVEs and Secrets. Building This project uses Gradle to build the ZAP add-on, simply run: ./gradlew build in the main directory of the project, the add-on will be placed in the directory build/zapAddOn/bin/. Usage The easiest way to use this repo in ZAP is to a...

7.3AI score
Exploits0References4
Kitploit
Kitploit
added 2022/05/31 9:30 p.m.26 views

Wrongsecrets - Examples With How To Not Use Secrets

Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques. Can you sol...

7.6AI score
Exploits0References35
Kitploit
Kitploit
added 2022/05/17 12:30 p.m.26 views

Vaas - Verdict-as-a-Service SDKs: Analyze Files For Malicious Content

Verdict-as-a-Service VaaS is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. ATTENTION: All SDKs are currently prototypes and under heavy...

7.4AI score
Exploits0References12
Kitploit
Kitploit
added 2022/05/06 12:30 p.m.27 views

PEzor-Docker - With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!

With the help of this kali linux image, you can easily access PEzor on your system! Basically, this image is built from the kalilinux/kali-rolling image and then the PEzor shellcode and PE packer is installed on top of it. Sometimes, it's vital to have access to PEzor, specially in a post exploit...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2022/03/30 12:30 p.m.26 views

Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Yes, not even the root has permission to see the files or make actions like edit and...

7.2AI score
Exploits0References2
Kitploit
Kitploit
added 2022/03/16 11:30 a.m.26 views

WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2022/02/25 8:30 p.m.26 views

openSquat - Detection Of Phishing Domains And Domain Squatting. Supports Permutations Such As Homograph Attack, Typosquatting And Bitsquatting

What is openSquat openSquat is an opensource Intelligence OSINT security tool to identify cyber squatting threats to specific companies or domains, such as: Phishing campaigns Domain squatting Typo squatting Bitsquatting IDN homograph attacks Doppenganger domains Other brand/domain related scams ...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2022/01/26 8:30 p.m.26 views

Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...

8.8AI score
Exploits0References3
Kitploit
Kitploit
added 2022/01/11 11:30 a.m.26 views

WannaRace - WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

WebApp intentionally made vulnerable to Race Condition Description Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2021/12/14 11:30 a.m.26 views

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

8.2AI score
Exploits0References1
Kitploit
Kitploit
added 2021/12/04 11:30 a.m.26 views

DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dllhijackingcandidates.csv that can be found here:...

7AI score
Exploits0References5
Kitploit
Kitploit
added 2021/10/29 11:30 a.m.26 views

Http-Protocol-Exfil - Exfiltrate Files Using The HTTP Protocol Version ("HTTP/1.0" Is A 0 And "HTTP/1.1" Is A 1)

Use the HTTP protocol version to send a file bit by bit "HTTP/1.0" is a 0 and "HTTP/1.1" is a 1. It uses GET requests so the Blue Team would only see the requests to your IP address. However, it takes a long time to send bigger files, for example it needs 1 hour to send 200 KB, and the amount of...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2021/10/26 11:30 a.m.26 views

Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...

7.5AI score
Exploits0References4
Kitploit
Kitploit
added 2021/10/20 8:30 p.m.26 views

Metabadger - Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 IMDSv2. Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata Service along with understanding how the service works Prepare you to upgrade t...

6.9AI score
Exploits0References1
Kitploit
Kitploit
added 2021/09/28 11:30 a.m.26 views

SharpSpray - Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts

SharpSpray is a Windows domain password spraying tool written in .NET C. Introduction SharpSpray is a C port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and...

7.8AI score
Exploits0References2
Kitploit
Kitploit
added 2021/09/21 8:30 p.m.26 views

PyHook - An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it's dependencies into the target process Supported Processes Process | API Call | Description | Progress ---|---|---|--- mstsc |...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2021/09/19 8:30 p.m.26 views

InlineExecute-Assembly - A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

InlineExecute-Assembly is a proof of concept Beacon Object File BOF that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entr...

7.8AI score
Exploits0References7
Kitploit
Kitploit
added 2021/03/08 11:30 a.m.26 views

Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability

Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...

7.3AI score
Exploits0References6
Kitploit
Kitploit
added 2020/12/17 11:30 a.m.26 views

PoshBot - Powershell-based Bot Framework

PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness. What...

7.7AI score
Exploits0References3
Kitploit
Kitploit
added 2020/09/08 8:30 p.m.26 views

Browsertunnel - Surreptitiously Exfiltrate Data From The Browser Over DNS

Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch, a feature intended to reduce the perceived latency of websites by doing DNS lookups in the background for specified domains. DNS traffic does not appear in the browser'...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2020/08/07 12:30 p.m.26 views

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2020/07/16 12:30 p.m.26 views

WiFi Passview v4.0 - An Open Source Batch Script Based WiFi Passview For Windows!

WiFi Passview is an open-source batch script-based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview software such as webpassview and mailpassview. Visit Wiki Disclaimer : WiFi...

7.2AI score
Exploits0References4
Kitploit
Kitploit
added 2018/09/20 12:37 p.m.26 views

hideNsneak - A CLI For Ephemeral Penetration Testing

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. Black Hat Arsenal Video Demo Video ...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2018/08/14 12:54 p.m.26 views

DependencyCheck v3.3.1 - A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

Dependency-Check is a Software Composition Analysis SCA tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration CPE identifier for a given dependency. If found, it will generat...

7.2AI score
Exploits0References6
Total number of security vulnerabilities5000