KitPloit - PenTest Tools!-- CRLFMap is a tool to find HTTP Splitting vulnerabilitiesWhy? I wanted to write a tool in Golang for concurrency I wanted to be able to fuzz both parameters and paths Installation go get github.com/ryandamour/crlfmap Help Available Commands: help Help about any command scan A scanner for all your CRLF needsFlags: -h, … Continue reading CRLFMap – A Tool To Find HTTP Splitting Vulnerabilities

KitPloit - PenTest Tools!-- A Payload Injector for bugbounties written in go Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup Install $ go get -u github.com/ethicalhackingplayground/Zin New … Continue reading Zin – A Payload Injector For Bugbounties Written In Go

KitPloit - PenTest Tools!-- Pipe different tools with google dork Scanner Install zoid@MSI ~/dorkX> git clone https://github.com/ethicalhackingplayground/dorkX zoid@MSI ~/dorkX> cd dorkX zoid@MSI ~/dorkX> go build dorkx.go zoid@MSI ~/dorkX> go build corsx.go zoid@MSI ~/dorkX> go build csrfx.go zoid@MSI ~/dorkX> go build zin.go Usage: Blind XSS zoid@MSI ~/dorkX> ./dorkX -dorks dorks.txt -concurrency 100 | dalfox pipe -b … Continue reading dorkX – Pipe Different Tools With Google Dork Scanner

KitPloit - PenTest Tools!-- Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys. Usage Open aes-finder.sln solution in Visual Studio 2013 to compile source. Alternatively use gcc/clang: g++ -O3 -march=native -fomit-frame-pointer aes-finder.cpp -o aes-finder To search for keys in process with id = 123, execute following: aes-finder.exe -123 … Continue reading AES Finder – Utility To Find AES Keys In Running Processes

KitPloit - PenTest Tools!-- croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool does all of the following: allows any two computers to transfer data (using a relay) provides end-to-end encryption (using PAKE) enables easy cross-platform transfers (Windows, Linux, … Continue reading Croc – Easily And Securely Send Things From One Computer To Another

KitPloit - PenTest Tools!-- ADE - ActiveDirectoryEnumusage: activeDirectoryEnum [-h] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [--all] [--no-creds] dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___ / /| |/ ___/ __/ / | / / _ \/ … Continue reading ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled

KitPloit - PenTest Tools!-- Abusing Kerberos Resource-Based Constrained DelegationTL;DRThis repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain.The difference from other common implementations is that we are launching the attack from outside of the Windows Domain, not from a domain joined (usually Windows) computer.The attack is implemented … Continue reading Rbcd-Attack – Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket

KitPloit - PenTest Tools!-- 中文版(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass anti-virus software lateral movement command execution test tool（No need 445 Port）Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted … Continue reading WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool

KitPloit - PenTest Tools!-- Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1's known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures.Chimera was created for this write-up and is further evidence of how trivial it is … Continue reading Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

KitPloit - PenTest Tools!-- DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It comes with a CLI application and clean Web Interface written with StreamLit.DockerENT has been designed keeping in mind that during deployments there weak configurations which may get sticky in production deployments … Continue reading DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks