Senior Security Researcher @SpecterOps, Speaker, Microsoft MVP
Coercer. A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
2.3kAwesome-RCE-techniques. Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
1.9ksmbclient-ng. smbclient-ng, a fast and user friendly way to interact with SMB shares.
1kLDAPmonitor. Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
942ApacheTomcatScanner. A python script to scan for Apache Tomcat server vulnerabilities.
892windows-coerced-authentication-methods. A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
598webapp-wordlists. This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
537pyFindUncommonShares. FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
431ipsourcebypass. This Python script can be used to bypass IP source restrictions using HTTP headers.
401ExtractBitlockerKeys. A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
399pyLDAPWordlistHarvester. A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
378DumpSMBShare. A python script to dump files and folders remotely from a Windows SMB share.
230ctfd-parser. A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
173GeoWordlists. GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
164ldap2json. The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
149MSSQL-Analysis-Coerce. A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.
133Tomcat-webshell-application. A webshell application and interactive shell for pentesting Apache Tomcat servers.
133pyLAPS. Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
132pyPDBdownload. A Python script to download PDB files associated with a Portable Executable (PE)
130FindUnusualSessions. A tool to remotely detect unusual sessions opened on windows machines using RPC
122RDWAtool. A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
120CVE-2022-36446-Webmin-Software-Package-Updates-RCE. A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
115Wordpress-webshell-plugin. A webshell plugin and interactive shell for pentesting a WordPress website.
114objectwalker. A python module to explore the object tree to extract paths to interesting objects in memory.
105CVE-2021-43008-AdminerRead. Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
85CVE-2022-21907-http.sys. Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
83LFIDump. A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
78pydsinternals. A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
76owabrute. Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
72ldapconsole. The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
69RemoteMouse-3.008-Exploit. This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
66bhopengraph. A python library to create BloodHound OpenGraphs
64Joomla-webshell-plugin. A webshell plugin and interactive shell for pentesting a Joomla website.
61volatility2-profiles. Memory mapping profiles for forensic analysis using volatility 2
53microsoft-rpc-fuzzing-tools. This repository contains a list of python scripts to work with Microsoft RPC for research purposes.
51robotstester. This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
48CVE-2022-45771-Pwndoc-LFI-to-RCE. Pwndoc local file inclusion to remote code execution of Node.js code on the server
47Argon2Cracker. A multithreaded bruteforcer of argon2 hashes.
46Moodle-webshell-plugin. A webshell plugin and interactive shell for pentesting a Moodle instance.
43GhostSPN. List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.
43FindProcessesWithNamedPipes. A simple C++ Windows tool to get information about processes exposing named pipes.
42sectools. A Python native library containing lots of useful functions to write efficient scripts to hack stuff.
42DomainUsersToXLSX. Extract all users from an Active Directory domain to an Excel worksheet.
39WifiListProbeRequests. Monitor 802.11 probe requests from a capture file or network sniffing!
38p0dalirius. Front page README of my GitHub profile
34GetFortinetSerialNumber. A Python script to extract the serial number of a remote Fortinet device.
34CVE-2020-14144-GiTea-git-hooks-rce. A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks
32volatility3-symbols. Memory mapping profiles for forensic analysis using volatility 3
32MSRPRN-Coerce. A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).
31TargetAllDomainObjects. A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
31pyDescribeNTSecurityDescriptor. A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
30pyLootApacheServerStatus. A script to automatically dump all URLs present in /server-status to a file locally.
24