/>
February 23, 2022LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate....

by KitPloit in LDAP-Password-Hunter, Requirements, Sqlite3
February 23, 2022Php-Malware-Finder - Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are...

by KitPloit in Antivirus, WebShell, Whitelists, Yara
February 23, 2022TerraGoat - Vulnerable Terraform Infrastructure

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production...

by KitPloit in AWS Security, Azure Security, Cloud Security, GCP Security, Terragoat
February 23, 2022Dive - A Tool For Exploring Each Layer In A Docker Image

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. To analyze a Docker image simply run...

by KitPloit in Dive, Docker Image, Explorer
February 23, 2022Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ docker build . -t...

by KitPloit in Aqua, Cloudsploit, CSPM
February 23, 2022truffleHog - Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History

Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. Join The Slack Have questions?...

by KitPloit in Entropy Checks, Regex, Secret, Subdomain, truffleHog
February 23, 2022Get-RBCD-Threaded - Tool To Discover Resource-Based Constrained Delegation Attack Paths In Active Directory Environments

Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts "Wagging the Dog: Abusing Resource-Based Constrained Delegation to...

by KitPloit in Get-RBCD-Threaded, SharpSploit, Traffic, Username
February 23, 2022Exrop - Automatic ROP Chain Generation

Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64...

by KitPloit in Binary Exploitation, Exploit Development, Exploitdev, Exrop, Rop Chain, Rop Exploitation, Rop Gadgets
February 23, 2022Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime (from SleuthKit) (Developed and tested on...

by KitPloit in Autotimeliner, Dfir, Forensic, Memory, Plugin, Volatility
February 23, 2022Droopescan - A Plugin-Based Scanner That Aids Security Researchers In Identifying Issues With Several CMSs, Mainly Drupal And Silverstripe

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal....

by KitPloit in vulnerabilities, joomla, Silverstripe
Archives
Categories
Tags
Bugbounty Cybersecurity Devsecops Dfir Distribution golang Information Gathering Infosec Kali Kali Linux Kerberos Linux Malware Analysis Malware Detection Microsoft mimikatz msfvenom NTLM OSINT Payload Penetration Testing Pentest Tool Pentesting Post Exploitation PowerShell Privilege Escalation Processes Python Python3 Recon Reconnaissance Red Team Red Teaming Redteam Redteam Tools Remote Research Reverse Engineering Scan Scanner Scanning Scripts Security Security Tools Shellcode SMB Spoofing SSH Static Analysis Subdomain Syscalls Testing Threat Hunting Threat Intelligence Toolkit Traffic Username vulnerabilities Vulnerability Vulnerability Scanners Vulnerable Win32 Windows Windows 10 Wireshark Wordlist XSS Yara Blueteam Subdomains Windows Defender Wrapper Redteaming Techniques