KitPloit - PenTest Tools!-- Asnap aims to render recon phase easier by providing regularly updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning. █████╗ ███████╗███╗ ██╗ █████╗ ██████╗ ██╔══██╗██╔════╝████╗ ██║██╔══██╗██╔══██╗ ███████║███████╗██╔██╗ ██║███████║██████╔╝ ██╔══██║╚════██║██║╚═█╗██║██╔══██║██╔═══╝ ██║ ██║███████║██║ ╚████║██║ ██║██║ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ Author … Continue reading Asnap – Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

KitPloit - PenTest Tools!-- Unicode encoding attacks with machine learning. Tool based on machine learning to create amazing fake domains using confusables. Some domains can deceive IDN policies (Chrome & Firefox). I created the best (big) dictionary of confusables using neural networks. It is used in the tool and it can be download from: https://github.com/mindcrypt/uriDeep/blob/master/data/deepDiccConfusables.txt … Continue reading uriDeep – Unicode Encoding Attacks With Machine Learning

KitPloit - PenTest Tools!-- SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments. Usage Syntax: ./smbAutoRelay.sh -i <interface> -t <file> [-q] [-d] . Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt . Notice that the targets file should contain just the IP addresses of each target, one … Continue reading smbAutoRelay – Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

KitPloit - PenTest Tools!-- Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads … Continue reading Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

KitPloit - PenTest Tools!-- Scrape/Parse Pastebin using GO and grammar expression (PEG). Installation $ go get -u github.com/notdodo/pastego Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && ~earthquake, password && ~(php || sudo || Linux || '<body>')" This command will search for … Continue reading Pastego – Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

KitPloit - PenTest Tools!-- h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint … Continue reading H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

KitPloit - PenTest Tools!-- Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool. Features Simple and modular code base making it easy to contribute. CIDR distribution for … Continue reading mapCIDR – Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

KitPloit - PenTest Tools!-- A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will … Continue reading Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python

KitPloit - PenTest Tools!-- Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions. In addition, the binary-only approach makes it … Continue reading Polypyus – Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

KitPloit - PenTest Tools!-- NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do "some" CVE checks, but this … Continue reading NERVE – Network Exploitation, Reconnaissance & Vulnerability Engine