Skip to content
View p0dalirius's full-sized avatar
🦋
🦋

Sponsors

@mxrch
Private Sponsor

Highlights

  • Pro

Block or report p0dalirius

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
p0dalirius/README.md


I'm a French Security Researcher and Microsoft MVP in Security. I specialize in finding vulnerabilities in various environments, including Windows, Active Directory, and web applications. With a passion for tinkering with undefined behaviors in computers, I have published 101 open-source security tools so far, and there are many more to come! 🥳

If any of my tools have been helpful to you, please consider sponsoring my work. Sponsorship will support the costs of my projects, including server expenses, mainframe restoration, and research materials. You can support me through GitHub Sponsors https://www.github.com/sponsors/p0dalirius or through Patreon: https://www.patreon.com/podalirius

As part of my dedication to security, I actively report vulnerabilities I discover. To date, I have reported and responsibly disclosed 10 security vulnerabilities found in the wild. I have also received 6 CVEs (CVE-2020-16147, CVE-2020-16148, CVE-2021-43008, CVE-2022-26159, CVE-2022-29710, CVE-2022-30780), with 2 more awaiting release.

One of my commit sha starts with "a". One of my commit sha starts with "ab". One of my commit sha starts with "abc". I collected 100 stars. I collected 500 stars. I collected 1000 stars. I collected 2000 stars. I collected 5000 stars. I collected 10000 stars. I am a sleepy coder. I commit in the morning. I commit in the evening. I commit at midnight. I pushed a commit with "dead" 2 times. When I delete code, I delete a lot. When I delete code, I delete a lot. I did 2 sequential fixes. I did 6 sequential fixes. I did 3 sequential fixes. I did 4 sequential fixes. I did 7 sequential fixes. I have participated in pull requests with 5 or more people I have participated in pull requests with 10 or more people I have participated in pull requests with 15 or more people I have four public keys I closed an issue that was open for a year I merged a PR with failing checks I found the answer to the ultimate question of life, the universe, and everything! My favorite word is "added". I am a polite coder. I have three public keys I pushed a commit with "cafe" 5 times. I made an epic commit with a message over 500 chars. I closed an issue that was open for 2 years


Summary of my tools

Active Directory tools

  • AccountShadowTakeover: A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
  • Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
  • DomainUsersToXLSX: Extract all users from an Active Directory domain to an Excel worksheet.
  • DumpSMBShare: A script to dump files and folders remotely from a Windows SMB share.
  • ExtractBitlockerKeys: A post-exploitation python script to automatically extract the bitlocker recovery keys from a domain.
  • FindUncommonShares: A Python tool allowing to quickly find uncommon shares in vast Windows Domains.
  • GeoWordlists: GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
  • ldap2json: The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
  • ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
  • LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
  • LDAPWordlistHarvester: A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
  • MSRPRN-Coerce: A python script to force authentification using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 69).
  • pydsinternals: A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
  • pyLAPS: Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
  • TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain.

Web exploitation tools

  • ApacheTomcatScanner: A python script to scan for Apache Tomcat server vulnerabilities.
  • Awesome-RCE-techniques: Awesome list of techniques to achieve Remote Code Execution on various apps!
  • crawlersuseragents: Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
  • CodeIgniter-session-unsign: Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.
  • FindAzureDomainTenant: A Python script to find tenant id an region from a list of domain names.
  • http-fuzzing-scripts: A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.
  • ipsourcebypass: This Python script can be used to bypass IP source restrictions using HTTP headers.
  • Joomla-1.6-1.7-2.5-Privilege-Escalation-Vulnerability: A Python script to create an administrator account on Joomla! 1.6/1.7/2.5 using a privilege escalation vulnerability.
  • LFIDump: A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
  • LootApacheServerStatus: A script to automatically dump all URLs present in /server-status to a file locally.
  • mercurial-scm-extract: A tool to extract and dump files of mercurial SCM exposed on a web server.
  • owabrute: Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
  • RDWArecon: A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
  • robotstester: This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
  • robotsvalidator: The robotsvalidator script allows you to check if URLs are allowed or disallowed by a robots.txt file.
  • TimeBasedLoginUserEnum: A script to enumerate valid usernames based on the requests response times.
  • webapp-wordlists: This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Web shells

Vulnerability exploits

Windows

  • pdbdownload: A Python script to download PDB files associated with a Portable Executable (PE).
  • hivetools: A collection of python scripts to work with Windows Hives.
  • msFlagsDecoder: Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
  • MSSQL-Analysis-Coerce: A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.
  • OffensiveBatchScripts: Offensive batch scripts.
  • SortPEbyVersions: A Python script to sort Portable Executable (PE) files by their version and download debug symbols if existing.
  • SortWindowsISOs: Extract the windows major and minor build numbers from an ISO file, and automatically sort the iso files.
  • win32errorcodes: A small C/C++ library to lookup Windows error codes.

Data & Researches

Other

  • Argon2Cracker: A multithreaded bruteforcer of argon2 hashes.
  • ctfd-parser: A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
  • CpuCoresTemperatureGraph: A python tool to print CPU core temperatures for each cores.
  • factorizator: A script to factorize integers with sagemath and factordb.
  • GetFortinetSerialNumber: A Python script to extract the serial number of a remote Fortinet device.
  • GithubBackupAllRepos: A Python script to backup all repos (public or private) of a user.
  • Hashes-Harvester: Automatically extracts NTLM hashes from Windows memory dumps.
  • hexcat: A tool to show only printable characters of a file.
  • objectwalker: A python module to explore the object tree to extract paths to interesting objects in memory.
  • ParseFortinetSerialNumber: A Python script to parse Fortinet products serial numbers, and detect the associated model and version.
  • python_packages_paths: This repository contains paths to python modules from inside python modules.
  • pwndocapi: A python library to interact with Pwndoc instances for pentest reports generation.
  • pdsimage-downloader: A python script to filter by filename and download PDS images.
  • streamableDownloader: A simple python script to download videos hosted on streamable from their link.
  • wav2mmv: WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.
  • WifiListProbeRequests: Monitor 802.11 probe requests from a capture file or network sniffing!

Pinned Loading

  1. Awesome-RCE-techniques Awesome-RCE-techniques Public

    Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

    Dockerfile 1.9k 217

  2. Coercer Coercer Public

    A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

    Python 1.8k 182

  3. ApacheTomcatScanner ApacheTomcatScanner Public

    A python script to scan for Apache Tomcat server vulnerabilities.

    Python 793 94

  4. LDAPmonitor LDAPmonitor Public

    Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

    C# 840 71

  5. webapp-wordlists webapp-wordlists Public

    This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

    496 112

  6. windows-coerced-authentication-methods windows-coerced-authentication-methods Public

    A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

    Python 493 61