KitPloit - PenTest Tools!-- HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV.Help server.py (unisession server)Server usage:usage: server.py [-h] … Continue reading HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

KitPloit - PenTest Tools!-- Some-ToolsWhyI was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo (which you can see at the bottom of the … Continue reading Some-Tools – Install And Keep Up To Date Some Pentesting Tools

KitPloit - PenTest Tools!-- Multiple target ZAP Scanning / mzap is a tool for scanning N*N in ZAP.ConceptInstallationgo-get$ go get -u github.com/hahwul/mzapsnapcraft$ sudo snap install mzap --devmodehomebrew$ brew tap hahwul/mzap$ brew install mzapUsageUsage: mzap [command]Available Commands: ajaxspider Add AjaxSpider ZAP ascan Add ActiveScan ZAP help Help about any command spider Add ZAP spider stop Stop … Continue reading MZAP – Multiple Target ZAP Scanning

KitPloit - PenTest Tools!-- A fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.ExampleRun an HTTP GET request for each entry in filenames.txt, hide all responses with the status code 403 or 404:InstallationBuilding from sourceThese instructions will get you a compiled version … Continue reading Monsoon – Fast HTTP Enumerator

KitPloit - PenTest Tools!-- C/C++ source obfuscator for antivirus bypass.Builddocker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the path where you cloned avcleanersudo pacman -Syumkdir CMakeBuild && cd CMakeBuildcmake ..make -j 2./avcleaner.bin --helpUsageFor simple programs, this is as easy as:avcleaner.bin test/strings_simplest.c --strings=true --However, you should know that you're using … Continue reading Avcleaner – C/C++ Source Obfuscator For Antivirus Bypass

KitPloit - PenTest Tools!-- ...a simple, self-contained modular host-based IOC scannerSpyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise.Users need to bring their own rule sets. The awesome-yara repository … Continue reading Spyre – Simple YARA-based IOC Scanner

KitPloit - PenTest Tools!-- Safety checks your installed dependencies for known security vulnerabilities.By default it uses the open Python vulnerability database Safety DB, but can be upgraded to use pyup.io's Safety API using the --key option.InstallationInstall safety with pip. Keep in mind that we support only Python 3.5 and up. Look at Python 2.7 section … Continue reading Safety – Check Your Installed Dependencies For Known Security Vulnerabilities

KitPloit - PenTest Tools!-- For the most up-to-date information on Anchore Engine, Anchore CLI, and other Anchore software, please refer to the Anchore DocumentationThe Anchore Engine is an open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore Engine is provided as a Docker container image that can … Continue reading Anchore Engine – A Service That Analyzes Docker Images And Applies User-Defined Acceptance Policies To Allow Automated Container Image Validation And Certification

KitPloit - PenTest Tools!-- Review Access - kubectl plugin to show an access matrix for server resourcesIntroHave you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is … Continue reading Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources

KitPloit - PenTest Tools!-- Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch, a feature intended to reduce the perceived latency of websites by doing DNS lookups in the background for specified domains. DNS traffic does not appear in the browser's debugging tools, is … Continue reading Browsertunnel – Surreptitiously Exfiltrate Data From The Browser Over DNS