KITT渗透测试框架-精简版

KITT渗透测试框架是为渗透测试人员和程序员开发的一种开源解决方案，可以将他们使用的工具和他们所知道的东西编译成一个开源项目。

使用KITT，用户可以轻松地访问其专业领域的常用工具列表，这些工具都可以在源代码中进行配置。

更新:现在支持Kali 2020.2!

如果你想查看KITT的完整GUI版本，可以在这里找到[这里]https://github.com/Cisc0-gif/KITT.git

Features

OSINT

• • Domainsticate - Custom domain enumeration tool

• • [Shodan Search]https://github.com/achillean/shodan-python - Quick Shodan search tool

• • [PhoneInfoga]https://github.com/sundowndev/PhoneInfoga - OSINT tool for phone numbers

• • [gitGraber]https://github.com/hisxo/gitGraber - Unprotected Token search tool for GitHub

• • [gitHound]https://github.com/tillson/git-hound - Sensitive Data Fuzzer for GitHub

• • [GitRob]https://github.com/michenriksen/gitrob - Sensitive File Fuzzer for GitHub

• • [Katana]https://github.com/adnane-X-tebbaa/Katana - Google Dork Scanner

• • [TIDoS-Framework]https://github.com/0xInfection/TIDoS-Framework - WebApp Recon and Vulnerability Analysis Framework

• • [Domained]https://github.com/TypeError/domained - Subdomain Enumeration Tool

• • [Vulnx]https://github.com/anouarbensaad/VulnX.git - WebApp Bot Auto Shell Injector

• • [Webkiller]https://github.com/ultrasecurity/webkiller.git - Domain OSINT Tool

• • [BadMod]https://github.com/MrSqar-Ye/BadMod.git - Website Scanner & Auto Exploiter

• • [Deep-Explorer]https://github.com/blueudp/deep-explorer - .Onion link browser

• • [W3af]https://github.com/andresriancho/w3af - Website Security Scanner

• • [UserRecon]https://github.com/thelinuxchoice/userrecon - Social Media Username Search Tool

• • [Th3inspector]https://github.com/Moham3dRiahi/Th3inspector - Full Stack OSINT Tool

• • [BlackDir-Framework]https://github.com/RedVirus0/BlackDir-Framework.git - WebApp Vulnerability Scanner

• • [Skiptracer]https://github.com/xillwillx/skiptracer - OSINT Scraping Framework COMING SOON

• • [Konan]https://github.com/m4ll0k/Konan - Advanced WebApp Dir Scanner

• • [Fast-Google-Dork-Scan]https://github.com/IvanGlinkin/Fast-Google-Dorks-Scan - Website Dork Enumeration Script

• • [Pompem]https://github.com/rfunix/Pompem.git - Exploit/Vulnerability Search Tool

• • [Striker]https://github.com/s0md3v/Striker - Recon and Vulnerability Scanning Suite

• • [RustScan]https://github.com/RustScan/RustScan - Extremely Quick Port Scanner

• • [Trape]https://github.com/jofpin/trape - Advanced OSINT Tool

• • [Email-Extract]https://github.com/Cisc0-gif/Email-Extract - Website Directory Email Extraction Tool

• • [Nuclei]https://github.com/projectdiscovery/nuclei - Template Based Vulnerability Scanner

• • [Bypass-Firewalls-By-DNS-History]https://github.com/vincentcox/bypass-firewalls-by-DNS-history - Uses DNS records to check if server replies to old domains or IP

• • [Infog]https://github.com/OffXec/infog - General OSINT Tool

• • [Byp4xx]https://github.com/lobuhi/byp4xx - 403 Forbidden probe

Cracking

• • [Hate_Crack]https://github.com/trustedsec/hate_crack.git - Automated Hashcat Cracker

• • [FTPBruter]https://github.com/GitHackTools/FTPBruter - FTP Login Brute Forcer

• • [Tangalanga]https://github.com/elcuervo/tangalanga - Zoom Token Brute Forcer

• • [Zip-Crakcer]https://github.com/priyankvadaliya/Zip-Cracker- - Password Protected Zip File Bruteforcer

Phishing

• • [Blackeye]https://github.com/thelinuxchoice/blackeye - Webpage Phishing Tool

• • [SET]https://github.com/trustedsec/social-engineer-toolkit - Social Engineers Toolkit

• • [SocialBox]https://github.com/TunisianEagles/SocialBox.git - Social Media Password Bruteforcer

• • [Seeker]https://github.com/thewhiteh4t/seeker - Social Engineering IP GeoLocator Give/Take 30m

• • [BruteDum]https://github.com/GitHackTools/BruteDum - Common Protocol Bruteforcer

• • [SayCheese]https://github.com/hangetzzu/saycheese - Takes Webcam pic on site visit

• • [SayHello]https://github.com/d093w1z/sayhello - Takes audio clip on site visit

• • [Shellphish]https://github.com/thelinuxchoice/shellphish - Blackeye w/ Automated Ngrok

• • [Nexphisher]https://github.com/htr-tech/nexphisher - Webpage Phishing Tool

• • [Lockphish]https://github.com/thelinuxchoice/lockphish - Lock Screen Phishing Tool

• • [SocialFish]https://github.com/UndeadSec/SocialFish - Common Phishing Tool

• • [Locator]https://github.com/yuhisern7/locator - Geolocator and IP Tracker

• • [EvilApp]https://github.com/thelinuxchoice/evilapp - MiTM Phishing Attack Using APK

• • [Droidfiles]https://github.com/thelinuxchoice/droidfiles - Downloads Files from Android Dirs from .apk payload

• • [Cuteit]https://github.com/D4Vinci/Cuteit - IP Obfuscator

• • [ntlm_theft]https://github.com/Greenwolf/ntlm_theft - Hash Theft File Generator

Payloads

• • [Ninja C2]https://github.com/ahmedkhlief/Ninja - C&C Software

• • [Evil-Droid]https://github.com/M4sc3r4n0/Evil-Droid.git - Android APK Payloading & Embedding Framework

• • [Catchyou]https://github.com/thelinuxchoice/catchyou - Undetectable Win32 Payload Generator

• • [Winspy]https://github.com/Cyb0r9/winspy - Windows Reverse Shell Generator w/ IP Poisoning

• • [Evilreg]https://github.com/thelinuxchoice/evilreg - Windows .reg Reverse Shell Generator

• • [Badlnk]https://github.com/thelinuxchoice/badlnk - Shortcut .lnk Reverse Shell Generator

• • [Enigma]https://github.com/UndeadSec/Enigma - Multiplatform Payload Dropper

• • [Avet_Fabric]https://github.com/govolution/avet - Windows AV Evasive Payloads

• • [Eviloffice]https://github.com/thelinuxchoice/eviloffice - Injects Macro & DDE Code into Excel & Word Documents

• • [Evilpdf]https://github.com/thelinuxchoice/evilpdf - Embeds .exe Files into PDF Files

• • [EvilDLL]https://github.com/thelinuxchoice/evildll - DLL Reverse Shell Generator

• • [DroidTracker]https://github.com/thelinuxchoice/DroidTracker - Android .APK Locaton Tracker

• • [hmmcookies]https://github.com/thelinuxchoice/hmmcookies - Grabs Firefox, Chrome, and Opera Cookies

• • [TrevorC2]https://github.com/trustedsec/trevorc2 - C&C Software

• • [HTTP-revshell]https://github.com/3v4Si0N/HTTP-revshell - HTTPS reverse shell server

Keyloggers

• • [HeraKeylogger]https://github.com/UndeadSec/HeraKeylogger - Chrome Keylogger Extension

• • [KatroLogger]https://github.com/Katrovisch/KatroLogger - Keylogger for Unix/Linux Systems

Privilege Escalation/Exploitation

• • BIOS_UBTU_Rooter.sh - Custom Ubuntu usb boot exploit

• • [LinEnum]https://github.com/rebootuser/LinEnum - Linux shell enumeration tool

• • Linux - Linux Exploits and Enumeration Scripts

• • [Mimikatz_trunk]https://github.com/gentilkiwi/mimikatz - Windows post exploitation tool

• • mysql - MSQL exploits and enumeration scripts

• • passwd_backdoor.sh - Custom passwd/ backdoor exploit for post-exploitation

• • [pspy]https://github.com/DominicBreuker/pspy - Process scanner for linux

• • [windows-privesc-check]https://github.com/pentestmonkey/windows-privesc-check - Windows PrivEsc Scripts

• • Windows-Privlege-Escalation - Windows PrivEsc Scripts

• • [Chromepass]https://github.com/darkarp/chromepass - AV-Undetectable Chrome Login Extraction Tool Local exec

• • [htbenum]https://github.com/SolomonSklash/htbenum - Offline Local Enum Server Mainly for HTB

• • [PeekABoo]https://github.com/Viralmaniar/PeekABoo - Enables RDP Service Only on WinRM Machines - Enabled by default on WinServer machines but not client machines

• • [firefox_decrypt]https://github.com/Unode/firefox_decrypt - Mozilla Browser Saved Login Extractor

• • [Powershell-reverse-tcp]https://github.com/ivan-sincek/powershell-reverse-tcp - Reverse TCP Powershell Payload w/ Obfuscation

• • [Invoker]https://github.com/ivan-sincek/invoker - Post Windows Non-GUI Shell Utility

• • [HiveJack]https://github.com/Viralmaniar/HiveJack - Windows SAM Dump Tool

• • [Impacket]https://github.com/SecureAuthCorp/impacket - Python Network Protocol Tools

• • [Win-Brute-Logon]https://github.com/DarkCoderSc/win-brute-logon - Post Tool For Cracking User Passwords XP -> 10

• • [Covermyass]https://github.com/sundowndev/covermyass - Covers Your Tracks on UNIX Systems

• • [Leviathan]https://github.com/leviathan-framework/leviathan.git - System Audit Toolkit

• • [ispy]https://github.com/Cyb0r9/ispy - EternalBlue/Bluekeep Scanner/Exploiter

• • [NekoBotV1]https://github.com/tegal1337/NekoBotV1 - Auto Exploiter Tool

• • [Gtfo]https://github.com/t0thkr1s/gtfo - Unix Binary Search Tool

• • [Grok-backdoor]https://github.com/deepzec/Grok-backdoor - Python-Based Backdoor with Ngrok Tunneling

• • [Mimikatz]https://github.com/gentilkiwi/mimikatz - Windows password, hash, PIN, and kerberos ticket extraction tool

Ransomeware

• • [Hidden-cry]https://github.com/sivazozo/hidden-cry - Windows AES 256 Bit Encrypter/Decrypter

• • [CryDroid]https://github.com/thelinuxchoice/crydroid - Android Encrypter/Decrypter

Bots

• • [Idisagree]https://github.com/UndeadSec/Idisagree - Trojan Discord Bot

• • [UFOnet]https://github.com/epsylon/ufonet - DDoS Third Party Vector Tool

Network Cracking

• • Airsuite-ng - Software suite w/ detector, packet sniffer, WEP and WPA/WPA2-PSK Cracker and analysis tool

• • Wash & Reaver - WPS Cracking tools

• • [Wifite2]https://github.com/derv82/wifite2 - Network Auditing Tool

• • Ettercap - MiTM Attack Suite

• • [Airgeddon]https://github.com/v1s1t0r1sh3r3/airgeddon - Network Auditing Tool

• • [WiFipumpkin3]https://github.com/P0cL4bs/wifipumpkin3 - Network Cracking Framework

• • [Wifijammer]https://github.com/DanMcInerney/wifijammer - Stationary or Mobile WiFi Jammer

• • [PwnSTAR]https://github.com/SilverFoxx/PwnSTAR - Fake AP Tool Framework

• • [HT-WPS]https://github.com/SilentGhostX/HT-WPS-Breaker - WPS Pin Extractor

• • [Linset]https://github.com/vk496/linset - WPA/WPA2 MiTM Attack Tool

• • [PentBox]https://github.com/H4CK3RT3CH/pentbox-1.8 - HoneyPot Setup Tool

• • [Espionage]https://github.com/josh0xA/Espionage - Packet Sniffer/ARP Spoofer

• • [EvilNet]https://github.com/Matrix07ksa/EvilNet - ARP Attacks, VLAN Attacks, MAC Flooding, etc.

• • [wacker]https://github.com/blunderbuss-wctf/wacker - WPA3 Password Dictionary Attack

• • [C41N]https://github.com/MS-WEB-BN/c41n - Automated Rogue AP Tool

IoT Exploitation

• • [HomePwn]https://github.com/ElevenPaths/HomePWN - IoT Exploitation Framework

• • Spooftooph - BT Spoofing

• • BtVerifier - Rfcomm Channel Verifier

• • BlueScan - BT Port/MAC Scanner

• • [Dronesploit]https://github.com/dhondta/dronesploit - Drone Exploitation Framework

• • [ADB-Toolkit]https://github.com/ASHWIN990/ADB-Toolkit - Android Device Pentesting Framework

Hardware Hacking

• • [MouseJack]https://github.com/BastilleResearch/mousejack - BT Keyboard and Mouse Hijacker

• • GPIO_CTL - Custom GPIO Controller for RPi

• • [Brutal]https://github.com/screetsec/brutal - RubberDucky Payload Generator

System Security

• • [InspIRCd]https://github.com/inspircd/inspircd - Local IRC Server

• • [SysIntegrity]https://github.com/Cisc0-gif/SysIntegrity - File Integrity and Logging System Check

• • [snort]https://www.snort.org - Network Intrusion Detection System

• • ssh_port_randomizer - SSHD Port Randomizer

• • ssh rsa_key generator - RSA Key generator

• • proxy router - Traffic Proxy Router

• • ssh_encryption - Buffing SSHD Security Protocols

• • Fail2ban Configurations - Fail2ban Protocol Auditer

• • [PTF]https://github.com/trustedsec/ptf/ - PenTesting Tool Installation Framework

• • [ClamAV]https://www.clamav.net/ - CLI Virus/Malware Scanner

• • [Wotop]https://github.com/nishitm/wotop - Tunnels Internet Traffic Over HTTP

• • [TorghostNG]https://github.com/githacktools/TorghostNG - Directs All Internet Traffic Through Tor Proxy

Getting Started

WARNING: Installation Takes About 20 Minutes To Finish!

To begin, run sudo ./setup.sh to install all necessary libraries and configure PATH usage. Simply follow all instructions in the installer.

If you want to only install the tools, run sudo ./catchup.sh

Usage

To begin the framework, type kittlite and execute in terminal.

Legal Disclaimer

未经双方事先同意，使用KITT-Lite和/或安装了KITT-Lite的工具攻击目标是非法的。遵守所有适用的地方、州和联邦法律是最终用户的责任。开发人员不承担任何责任，也不对本程序造成的任何误用或损害负责。

原文始发于微信公众号（威胁猎人）：KITT渗透测试框架-精简版