> "I was familiar with ethical hacking tools, but Kitsec impressed me. It's user-friendly and centralized, making it fast and efficient. It offers a wide range of capabilities, including OWASP Top 10 coverage, fuzzing, port scanning and more. Some of its features are usually only found in closed source products. Overall, Kitsec is an exceptional ethical hacking tool that I highly recommend." [yassinek3ch](https://hackerone.com/yassinek3ch?type=user), **One of Top Moroccan HackerOne Hunters**
26
-
27
-
28
-
---
29
-
30
-
# Ethical hacking, made easy.
31
-
32
-
[Kitsec](https://www.kitsec.app/) is a powerful toolkit CLI designed to help you simplify and centralize your security workflow. Whether you're a seasoned professional or
33
-
just getting started, Kitsec provides a comprehensive set of tools to help you stay on top of your game. With its multi-threaded pooling technique,
34
-
it can execute multiple tasks simultaneously, making it a lightning-fast solution for security tasks.
35
-
36
-
### ✨ Features
37
-
38
-
- [**Convert**](#convert): Applies a specified decoding or hashing function to input data. (ie. URL, HTML, Base64, ASCII, Hex, Octal, Binary & GZIP).
39
-
- [**Enumerator**](#enumerator): Enumerates subdomains for a given domain using subfinder, amass, assetfinder and findomain and active enumeration.
40
-
- [**Capture**](#capture): Send a GET request to a specified URL, capture the request headers, extract the hostname, path, and cookies and missing headers.
41
-
- [**Portscan**](#portscan): Scan a host for common or all possible open ports.
42
-
- [**Certificate**](#certificate): Check the SSL/TLS certificate information for a given URL.
43
-
- [**Storm**](#storm): Sends HTTP requests to a given URL with a specified number of attacks and requests.
44
-
- [**Disturb**](#disturb): Send multiple HTTP requests to the specified URL with the same payload.
45
-
- [**Fuzz**](#fuzz): Test your web applications against path fuzzing and file fuzzing.
46
-
- [**CIDR**](#cidr): Looks up the CIDR range for a company's domain name from its RDAP record.
47
-
- [**CVE**](#cve): Retrieves CVE data for a specific product name (company name) from NIST's National Vulnerability Database (NVD).
48
-
- [**VPS**](#vps-logger): Login to your VPS with a single command.
49
-
50
-
51
-
### 🛣️ Roadmap
52
-
53
-
- **Convert**: Add more encoding/decoding functions.
54
-
- **Graphql**: Add graphql grabber.
55
-
- **Storm**: Add raid types: flood, hybrid and single shot.
tracking.webapp.domain1.com 503 Service Unavailable []
247
-
legal.domain1.com 404 Not Found ['Strikingly', 'Lua', 'jQuery', 'Nginx', 'OpenResty']
248
-
help.domain1.com 403 Forbidden ['Cloudflare']
249
-
staging-api.domain1.com 401 Unauthorized []
250
-
api.domain1.com 401 Unauthorized []
251
-
staging-app.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
252
-
staging-website.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
253
-
sales.domain1.com 200 OK ['Nginx', 'Google Font API', 'React', 'Stripe']
254
-
```
255
-
256
-
</details>
257
-
258
-
### 📡 Port Scan <a name="portscan"></a>
259
-
260
-
Scan for all or most common open ports on example.com:
261
-
262
-
````
263
-
Usage: kitsec portscan [OPTIONS] HOSTNAME
264
-
265
-
Performs a TCP port scan on a specified hostname and a range of ports.
266
-
267
-
Arguments:
268
-
HOSTNAME The hostname or URL of the target host.
269
-
270
-
Options:
271
-
-c, --common-ports Scan only the most common HTTP ports (80, 8080, and 443).
272
-
--help Show this message and exit.
273
-
274
-
Example:
275
-
kitsec portscan -c example.com
276
-
````
277
-
278
-
<details>
279
-
<summary>Output</summary>
280
-
281
-
```
282
-
Open Ports:
283
-
example.com:80
284
-
example.com:443
285
-
```
286
-
287
-
</details>
288
-
289
-
### 📶 CIDR <a name="cidr"></a>
290
-
291
-
Search for CIDR ranges for a given domain name:
292
-
293
-
`````
294
-
Usage: kitsec cidr [OPTIONS] COMPANY_NAME
295
-
296
-
Look up the CIDR range for a company's domain name.
297
-
298
-
Arguments:
299
-
COMPANY_NAME The name of the company's domain name to look up.
300
-
301
-
Options:
302
-
--help Show this message and exit.
303
-
304
-
Returns:
305
-
- The CIDR range for the company's domain name as a string.
306
-
- If an exception is raised during the lookup process,
307
-
an error message will be displayed.
308
-
309
-
Example:
310
-
kitsec cidr github.com
311
-
`````
312
-
<details>
313
-
<summary>Output</summary>
314
-
315
-
`The CIDR range for domain.com is 141.82.112.0/20`
316
-
</details>
317
-
318
-
### 📜 Certificate <a name="certificate"></a>
319
-
320
-
Search for ssl / tlsfor the specified host and port:
321
-
322
-
`````
323
-
Usage: kitsec certifcate [OPTIONS] HOSTNAME
324
-
325
-
Check the SSL/TLS certificate for the specified host and port.
326
-
327
-
Arguments:
328
-
HOSTNAME The hostname to check the certificate for.
329
-
330
-
Options:
331
-
-p, --port INTEGER The port to connect to. Default is 443.
332
-
--help Show this message and exit.
333
-
334
-
Returns:
335
-
None. Displays the certificate information to the console.
336
-
337
-
Example:
338
-
kitsec certificate github.com
339
-
340
-
`````
341
-
<details>
342
-
<summary>Output</summary>
343
-
344
-
````
345
-
Hostname: github.com
346
-
Not Before: 2023-02-14 00:00:00
347
-
Not After: 2024-03-14 23:59:59
348
-
````
349
-
</details>
350
-
351
-
### 🌐 CVE <a name="cve"></a>
352
-
353
-
Search for CVEs for the specified product.
354
-
355
-
`````
356
-
Usage: kitsec cve [OPTIONS] PRODUCT_NAME
357
-
358
-
Retrieves CVE data for a specific product and displays it.
359
-
360
-
Arguments:
361
-
PRODUCT_NAME The product name (company name) to search for.
362
-
363
-
Options:
364
-
--limit INTEGER Number of results to display (default=10).
365
-
--help Show this message and exit.
366
-
367
-
Example:
368
-
kitsec cve python -l 2
369
-
`````
370
-
371
-
<details>
372
-
<summary>Output</summary>
373
-
374
-
```
375
-
CVE ID CVE-2023-26477
376
-
CWE CWE-94: Improper Control of Generation of Code ('Code Injection') (4.10)
377
-
Severity Severity information not available
378
-
Summary XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.
379
-
380
-
CVE ID CVE-2018-1000802
381
-
CWE CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') (4.10)
382
-
Severity Severity information not available
383
-
Summary Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
384
-
```
385
-
386
-
</details>
387
-
388
-
389
-
### 🌪️ storm <a name="storm"></a>
390
-
391
-
Send HTTP requests to a given URL with a specified number of Attacks and requests.
392
-
393
-
`````
394
-
Usage: kitsec storm [OPTIONS] URL
395
-
396
-
Sends HTTP requests to a given URL with a specified number of threats and requests.
397
-
398
-
Arguments:
399
-
URL The URL to send HTTP requests to.
400
-
401
-
Options:
402
-
-a, --num-attacks INT Number of parallel attacks to send requests from. Default: 6.
403
-
-r, --num-requests INT Number of requests to send from each threat. Default: 200.
404
-
-y, --num-retries INT Number of times to retry failed requests. Default: 4.
405
-
-p, --pause-before-retry INT Number of milliseconds to wait before retrying a failed
406
-
request. Default: 3000.
407
-
--help Show this message and exit.
408
-
409
-
Example:
410
-
kitsec storm https://example.com/
411
-
`````
412
-
413
-
### 🌫️ fuzz <a name="fuzz"></a>
414
-
415
-
416
-
`````
417
-
Usage: kitsec fuzz [OPTIONS] BASE_URL
418
-
419
-
Sends HTTP GET requests to a specified base URL with a given list of paths.
420
-
421
-
Args:
422
-
- base_url (str): The base URL to send requests to. The URL must include the protocol (http or https).
423
-
424
-
Options:
425
-
- file-fuzz (bool): Whether to use file format fuzzing or not
426
-
- path-fuzz (bool): Whether to use path fuzzing or not
427
-
--help Show this message and exit.
428
-
429
-
Example:
430
-
kitsec fuzz example.com
431
-
`````
432
-
433
-
### 🧢 VPS <a name="vps-logger"></a>
434
-
435
-
Connects to a remote VPS server and tails the auth.log file.
436
-
437
-
``````
438
-
Usage: kitsec vps-logger [OPTIONS]
17
+
------
439
18
440
-
Connects to a remote VPS server and tails the auth.log file.
19
+
## Documentation
441
20
442
-
Prompts:
443
-
-h, --host TEXT The IP address of the VPS server to connect to.
444
-
-u, --username TEXT The limited user account to use for connecting to the VPS server.
445
-
-p, --password TEXT The password for the user account.
446
-
--help Show this message and exit.
21
+
For full documentation, visit [Kitsec](https://www.kitsec.app/docs).
447
22
448
-
Returns:
449
-
- Prints a continuous stream of output from the auth.log file to the console.
23
+
## Community
450
24
451
-
The program attempts to connect to the specified VPS server using SSH, with the provided
452
-
username and password. Once connected, it invokes a shell and sends the command to tail
453
-
the auth.log file using sudo. It then continuously checks for new output from the file and
454
-
prints it to the console as it is received.
455
-
``````
25
+
For help, discussion about best practices, or any other conversation that would benefit from being searchable:
456
26
457
-
# Guidelines
27
+
[Discuss Kitsec Core on GitHub](https://github.com/kitsec-labs/kitsec-core/discussions)
458
28
459
-
Here are some guidelines for using open source tools for ethical hacking:
29
+
## Contributing
460
30
461
-
<ol>
462
-
<li>Bug bounties are not a license to hack indiscriminately. Stay within your scope and safe harbour.</li>
31
+
If you're interested in contributing to Kitsec Core, please read our [contributing docs](https://github.com/tailwindcss/tailwindcss/blob/master/.github/CONTRIBUTING.md) **before submitting a pull request**.
463
32
464
-
<li>Ensure you have a strong understanding of the open source tools being used and their impact.</li>
465
-
466
-
<li>Always obtain written permission from the owner of the target system before testing.</li>
467
-
468
-
<li>Never go beyond the scope of the agreement.</li>
469
33
470
-
<li>Be professional in your approach.</li>
471
-
</ol>
472
-
473
-
Here are some examples of websites that offer bug bounty programs for ethical hackers to test their skills:
If you encounter any bugs or would like to suggest new features [here](https://github.com/kitsec-labs/kitsec/issues/new).
492
34
# Disclaimer
493
35
494
36
This project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.
495
37
496
-
# Acknowledgements
497
-
498
-
Thank you to @projectdiscovery, @milo2012, @duyet, @ayoubfathi, @Bo0oM and @Practical-Formal-Methods for opening their tools to the world.
499
-
500
-
# License
501
-
502
-
Kitsec is licensed under the [MIT License](https://github.com/kitsec-labs/kitsec-core/blob/main/LICENSE).