France

Rémi GASCOU (Podalirius)

Elite
@p0dalirius

Senior Security Researcher @SpecterOps, Speaker, Microsoft MVP

Coercer. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

2.3k

Awesome-RCE-techniques. Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

1.9k

smbclient-ng. smbclient-ng, a fast and user friendly way to interact with SMB shares.

1k

LDAPmonitor. Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

942

ApacheTomcatScanner. A python script to scan for Apache Tomcat server vulnerabilities.

892

windows-coerced-authentication-methods. A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

598

webapp-wordlists. This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

537

pyFindUncommonShares. FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.

431

ipsourcebypass. This Python script can be used to bypass IP source restrictions using HTTP headers.

401

ExtractBitlockerKeys. A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.

399

pyLDAPWordlistHarvester. A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.

378

DumpSMBShare. A python script to dump files and folders remotely from a Windows SMB share.

230

ctfd-parser. A python script to dump all the challenges locally of a CTFd-based Capture the Flag.

173

GeoWordlists. GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.

164

ldap2json. The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

149

MSSQL-Analysis-Coerce. A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.

133

Tomcat-webshell-application. A webshell application and interactive shell for pentesting Apache Tomcat servers.

133

pyLAPS. Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.

132

pyPDBdownload. A Python script to download PDB files associated with a Portable Executable (PE)

130

FindUnusualSessions. A tool to remotely detect unusual sessions opened on windows machines using RPC

122

RDWAtool. A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

120

CVE-2022-36446-Webmin-Software-Package-Updates-RCE. A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.

115

Wordpress-webshell-plugin. A webshell plugin and interactive shell for pentesting a WordPress website.

114

objectwalker. A python module to explore the object tree to extract paths to interesting objects in memory.

105

CVE-2021-43008-AdminerRead. Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

85

CVE-2022-21907-http.sys. Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

83

LFIDump. A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

78

pydsinternals. A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.

76

owabrute. Hydra wrapper for bruteforcing Microsoft Outlook Web Application.

72

ldapconsole. The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

69

RemoteMouse-3.008-Exploit. This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.

66

bhopengraph. A python library to create BloodHound OpenGraphs

64

Joomla-webshell-plugin. A webshell plugin and interactive shell for pentesting a Joomla website.

61

volatility2-profiles. Memory mapping profiles for forensic analysis using volatility 2

53

microsoft-rpc-fuzzing-tools. This repository contains a list of python scripts to work with Microsoft RPC for research purposes.

51

robotstester. This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.

48

CVE-2022-45771-Pwndoc-LFI-to-RCE. Pwndoc local file inclusion to remote code execution of Node.js code on the server

47

Argon2Cracker. A multithreaded bruteforcer of argon2 hashes.

46

Moodle-webshell-plugin. A webshell plugin and interactive shell for pentesting a Moodle instance.

43

GhostSPN. List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.

43

FindProcessesWithNamedPipes. A simple C++ Windows tool to get information about processes exposing named pipes.

42

sectools. A Python native library containing lots of useful functions to write efficient scripts to hack stuff.

42

DomainUsersToXLSX. Extract all users from an Active Directory domain to an Excel worksheet.

39

WifiListProbeRequests. Monitor 802.11 probe requests from a capture file or network sniffing!

38

p0dalirius. Front page README of my GitHub profile

34

GetFortinetSerialNumber. A Python script to extract the serial number of a remote Fortinet device.

34

CVE-2020-14144-GiTea-git-hooks-rce. A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks

32

volatility3-symbols. Memory mapping profiles for forensic analysis using volatility 3

32

MSRPRN-Coerce. A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).

31

TargetAllDomainObjects. A python wrapper to run a command on against all users/computers/DCs of a Windows Domain

31

pyDescribeNTSecurityDescriptor. A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.

30

pyLootApacheServerStatus. A script to automatically dump all URLs present in /server-status to a file locally.

24
52
Apply