Infosec Tools

A non-exhaustive list of latest pentesting/hacking tools for  cybersecurity and information security professionals.

RSS KitPloit – PenTest & Hacking Tools
  • Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
    Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback […]
  • CloudBrute - Awesome Cloud Enumerator
    A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation we are always thinking of something we can automate to make […]
  • Hfinger - Fingerprinting HTTP Requests
    Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage 🙂 Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have […]
  • VulnNodeApp - A Vulnerable Node.Js Application
    A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open terminal/command prompt and navigate to the location of downloaded/cloned repository. Run command: npm install DB setup Install and […]
  • XMGoat - Composed of XM Cyber terraform templates that help you learn about common Azure security issues
    XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: Run installation and then get started. With the initial user and […]
  • Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More...
    Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE (Windows) binaries will be supported soon. Usage Usage: extrude [flags] [file]Flags: -a, --all Show details of all tests, not just those which failed. -w, --fail-on-warning Exit with a […]
  • BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!
    A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter Notable Contributions Bobby Cooke @0xBoku Project original author and maintainer Santiago Pecin @s4ntiago_p Reflective Loader major enhancements Chris Spehn @ConsciousHacker Aggressor scripting Joshua Magri @passthehashbrwn IAT hooking Dylan Tran @d_tranman Reflective Call Stack Spoofing James […]