Month: December 2019

NEW TOOLSKitPloitMost Popular Hacking Tools

Top 20 Most Popular Hacking Tools in 2019

As last year, this year we made a ranking with the most popular tools between January and December 2019.Topics of the tools focus on OSINT, Information Gathering, Android Hacking Tools, Automation Tools, Phishing, among others.Without going into further details, we have prepared a useful list of the most popular tools in Kitploit 2019:Hijacker - All-in-One Wi-Fi Cracking Tools for AndroidFindomain - The Fastest And Cross-Platform Subdomain EnumeratorEagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image…

NEW TOOLSNode.jsPown ReconBusterPown.js

Pown.js – A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM

Pown.js is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in Pown is in fact a standalone NPM module allowing greater degree of reuse and flexibility. Creating new modules is a matter of publishing to NPM and tagging it with the correct tags. The rest is handled automatically.QuickstartInstall Pown.js globally with npm or yarn.$ npm install -g pown@latestUsagepown [options] <command> [command options]Commands: pown…

NEW TOOLSScanKaliNmapGobusterScansnmapAutomator

nmapAutomator – Tool To Automate All Of The Process Of Recon/Enumeration

nmapAutomatorA script that you can run in the background!SummaryThe main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing.This will ensure two things:1) Automate nmap scans. 2) Always have some recon running in the background.Once you find the inital ports in around 10 seconds, you then can start manually looking into those ports, and let the rest run in the background with no interaction from your…


Hack the Box: Heist Walkthrough

Hello! Everyone and Welcome to yet another CTF challenge from Hack the Box, called ‘Heist,’ which is available online for those who want to increase their skills in penetration testing and Black box testing. Heist is a retired vulnerable lab presented by Hack the Box for making online penetration testing practice suitable to your experience level; they have a large collection of vulnerable labs as challenges ranging from beginner to expert level. Level: Easy Task: Find user.txt and root.txt in the victim’s machine Penetration Methodologies Scanning…

NEW TOOLSMalware AnalysisDalvikDalvik Bytecode LoaderMalware ScoringQuark-EngineScoring Engine

Quark-Engine – An Obfuscation-Neglect Android Malware Scoring System

An Obfuscation-Neglect Android Malware Scoring SystemConceptsAndroid malware analysis engine is not a new story. Every antivirus company has their own secrets to build it. With curiosity, we develop a malware scoring system from the perspective of Taiwan Criminal Law in an easy but solid way.We have an order theory of criminal which explains stages of committing a crime. For example, crime of murder consists of five stages, they are determined, conspiracy, preparation, start and practice. The latter the stage the more we’re sure that…

NEW TOOLSDLLWebMalware AnalysisSearch EngineFlaskWin32APIMalwinx

Malwinx – Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References

A normal flask web app to learn win32api with code snippets and references.PrerequisiteYou need to download the following package before starting itpip install flaskpip install pefilepip install requestsUsage$ python flaskapp.pyLive DemoHere is the Walkthrough:Upload the exe or dll.The function of exe and dll will appear.We need to just click any of the function. For example, purpose lets choose LoadLibraryA.The code usage of any function can be extracted by clicking on these options.Download Malwinx


PAKURI – Penetration Test Achieve Knowledge Unite Rapid Interface

What's PAKURIIn Japanese, imitating is called “Pakuru”.ぱくる (godan conjugation, hiragana and katakana パクる, rōmaji pakuru)eat with a wide open mouthsteal when one isn't looking, snatch, swipecopy someone's idea or designnab, be caught by the policeWiktionary:ぱくるDescriptionPentesters love to move their hands. However, I do not like troublesome work. Simple work is performed semi-automatically with simple operations. PAKURI executes commands frequently used in penetration tests by simply operating the numeric keypad. You can test penetration as if you were playing a fighting game.PresentationNovember 2nd,2019: AV TOKYO…


Pylane – An Python VM Injector With Debug Tools, Based On GDB

Pylane is a python vm injector with debug tools, based on gdb and ptrace. Pylane uses gdb to trace python process, inject and run some code in its python vm.Usageuse inject command to inject a python script in an process:pylane inject <PID> <YOUR_PYTHON_FILE>use shell command to inject an interactive shell:pylane shell <PID>Pylane shell features:use IPython as its interactive interface, support magic functions like ? and %support remote automatic completionprovide debug toolkit functions, such as: lookup class or instance by nameget source code of an…