KitPloit - PenTest Tools!-- SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication, a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command&Control Server which controls the agent and gathers exfiltrated data.The full … Continue reading SNIcat – Server Name Indication Concatenator

KitPloit - PenTest Tools!-- An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible with:Any Linux Operating System (Debian, Ubuntu, CentOS)TermuxLinux Setupgit clone https://github.com/radioactivetobi/geo-recon.gitcd geo-reconchmod +x geo-recon.pypip install -r requirements.txtTermux Setupgit clone https://github.com/radioactivetobi/geo-recon.gitcd geo-reconchmod +x geo-recon.pypip install -r requirements.txtSample Syntax Linuxroot@kali:~/geo-recon# python geo-recon.py 138.121.128.19░██████╗░███████╗░█████╗░  ██████╗░███████╗░█████╗░░█████╗░███╗░░██╗██╔════╝░██╔════╝██╔══██╗  ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗░██║██║░░██╗░█████╗░░██║░░██║  ██████╔╝█████╗░░██║░░╚═╝██║░░██║██╔██╗██║██║░░╚██╗██╔══╝░░██║░░██║  ██╔══██╗██╔══╝░░██║░░██╗██║░░██║██║╚████║╚██████╔╝███████╗╚█████╔╝  ██║░░██║███████╗╚█████╔╝╚█████╔╝██║░╚███║░╚═════╝░╚══════╝░╚════╝░  ╚═╝░░╚═╝╚══════╝░╚════╝░░╚════╝░╚═╝░░╚══╝ By … Continue reading Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts

KitPloit - PenTest Tools!-- Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets.It comes with an ergonomic CLI and Python library.This repository holds the CLI and Python library. Please see … Continue reading Bbrecon – Python Library And CLI For The Bug Bounty Recon API

KitPloit - PenTest Tools!-- SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey tokens at scale -- up to 10,000 per SpaceSiren instance -- at close to no cost.1How It WorksSpaceSiren provides an API to create no-permission AWS IAM users and access … Continue reading SpaceSiren – A Honey Token Manager And Alert System For AWS

KitPloit - PenTest Tools!-- LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the compromised host and the backend. The C2 backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests received by the app contain a … Continue reading LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion

KitPloit - PenTest Tools!-- What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision, order to attack the target, and finally the destruction of the target.Reconnaissance – Uses social engineering to find weaknesses … Continue reading Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks

KitPloit - PenTest Tools!-- A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS / ...), supports custom modules, and includes some commonly used penetration modules.Only for internal use by enterprises and organizations, this framework has a certain degree of instability. Non-professionals are not allowed to … Continue reading CrossC2 – Generate CobaltStrike’s Cross-Platform Payload

KitPloit - PenTest Tools!-- Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a known, … Continue reading DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife

KitPloit - PenTest Tools!-- Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and phishing hunting.How it worksMihari makes a query against Shodan, Censys, VirusTotal, SecurityTrails, etc. and extracts artifacts (IP addresses, domains, URLs and hashes) from the results.Mihari checks whether a DB (SQLite3 or … Continue reading Mihari – A Helper To Run OSINT Queries & Manage Results Continuously

KitPloit - PenTest Tools!-- Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files (if any). Create a list of javascript variables found in the source Extract all the social media links from … Continue reading SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!