I'm a French Security Researcher and Microsoft MVP in Security. I specialize in finding vulnerabilities in various environments, including Windows, Active Directory, and web applications. With a passion for tinkering with undefined behaviors in computers, I have published 101 open-source security tools so far, and there are many more to come! 🥳
If any of my tools have been helpful to you, please consider sponsoring my work. Sponsorship will support the costs of my projects, including server expenses, mainframe restoration, and research materials. You can support me through GitHub Sponsors https://www.github.com/sponsors/p0dalirius or through Patreon: https://www.patreon.com/podalirius
As part of my dedication to security, I actively report vulnerabilities I discover. To date, I have reported and responsibly disclosed 10 security vulnerabilities found in the wild. I have also received 6 CVEs (CVE-2020-16147, CVE-2020-16148, CVE-2021-43008, CVE-2022-26159, CVE-2022-29710, CVE-2022-30780), with 2 more awaiting release.
- AccountShadowTakeover: A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
- Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
- DomainUsersToXLSX: Extract all users from an Active Directory domain to an Excel worksheet.
- DumpSMBShare: A script to dump files and folders remotely from a Windows SMB share.
- ExtractBitlockerKeys: A post-exploitation python script to automatically extract the bitlocker recovery keys from a domain.
- FindUncommonShares: A Python tool allowing to quickly find uncommon shares in vast Windows Domains.
- GeoWordlists: GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
- ldap2json: The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
- ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
- LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
- LDAPWordlistHarvester: A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
- MSRPRN-Coerce: A python script to force authentification using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 69).
- pydsinternals: A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
- pyLAPS: Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
- TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain.
- ApacheTomcatScanner: A python script to scan for Apache Tomcat server vulnerabilities.
- Awesome-RCE-techniques: Awesome list of techniques to achieve Remote Code Execution on various apps!
- crawlersuseragents: Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
- CodeIgniter-session-unsign: Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.
- FindAzureDomainTenant: A Python script to find tenant id an region from a list of domain names.
- http-fuzzing-scripts: A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.
- ipsourcebypass: This Python script can be used to bypass IP source restrictions using HTTP headers.
- Joomla-1.6-1.7-2.5-Privilege-Escalation-Vulnerability: A Python script to create an administrator account on Joomla! 1.6/1.7/2.5 using a privilege escalation vulnerability.
- LFIDump: A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
- LootApacheServerStatus: A script to automatically dump all URLs present in /server-status to a file locally.
- mercurial-scm-extract: A tool to extract and dump files of mercurial SCM exposed on a web server.
- owabrute: Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
- RDWArecon: A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
- robotstester: This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
- robotsvalidator: The robotsvalidator script allows you to check if URLs are allowed or disallowed by a robots.txt file.
- TimeBasedLoginUserEnum: A script to enumerate valid usernames based on the requests response times.
- webapp-wordlists: This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
- JoGet-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
- LimeSurvey-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
- Moodle-webshell-plugin: A webshell plugin and interactive shell for pentesting a Moodle instance.
- Tomcat-application-webshell: A webshell application and interactive shell for pentesting Apache Tomcat servers.
- RemoteMouse-3.008-Exploit: This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
- CVE-2016-10956-mail-masta: MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956).
- CVE-2020-14144-GiTea-git-hooks-rce: A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks.
- CVE-2021-43008-AdminerRead: Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability.
- CVE-2022-21907-http.sys: Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
- CVE-2022-26159-Ametys-Autocompletion-XML: A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
- CVE-2022-30780-lighttpd-denial-of-service: CVE-2022-30780 - lighttpd remote denial of service
- CVE-2022-36446-Webmin-Software-Package-Updates-RCE: A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
- pdbdownload: A Python script to download PDB files associated with a Portable Executable (PE).
- hivetools: A collection of python scripts to work with Windows Hives.
- msFlagsDecoder: Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
- MSSQL-Analysis-Coerce: A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.
- OffensiveBatchScripts: Offensive batch scripts.
- SortPEbyVersions: A Python script to sort Portable Executable (PE) files by their version and download debug symbols if existing.
- SortWindowsISOs: Extract the windows major and minor build numbers from an ISO file, and automatically sort the iso files.
- win32errorcodes: A small C/C++ library to lookup Windows error codes.
- DescribeNTSecurityDescriptor: A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
- linux-kernels: List of linux kernel versions in JSON.
- microsoft-rpc-fuzzing-tools: This repository contains a list of python scripts to work with Microsoft RPC for research purposes.
- volatility3-symbols: Memory mapping profiles for forensic analysis using volatility 3.
- volatility2docker: A volatility 2 docker for forensic investigations.
- volatility2-profiles: Memory mapping profiles for forensic analysis using volatility 2.
- WindowsBuilds: This repository contains the list of windows builds as parsable JSON files.
- windows-coerced-authentication-methods: A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
- Argon2Cracker: A multithreaded bruteforcer of argon2 hashes.
- ctfd-parser: A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
- CpuCoresTemperatureGraph: A python tool to print CPU core temperatures for each cores.
- factorizator: A script to factorize integers with sagemath and factordb.
- GetFortinetSerialNumber: A Python script to extract the serial number of a remote Fortinet device.
- GithubBackupAllRepos: A Python script to backup all repos (public or private) of a user.
- Hashes-Harvester: Automatically extracts NTLM hashes from Windows memory dumps.
- hexcat: A tool to show only printable characters of a file.
- objectwalker: A python module to explore the object tree to extract paths to interesting objects in memory.
- ParseFortinetSerialNumber: A Python script to parse Fortinet products serial numbers, and detect the associated model and version.
- python_packages_paths: This repository contains paths to python modules from inside python modules.
- pwndocapi: A python library to interact with Pwndoc instances for pentest reports generation.
- pdsimage-downloader: A python script to filter by filename and download PDS images.
- streamableDownloader: A simple python script to download videos hosted on streamable from their link.
- wav2mmv: WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.
- WifiListProbeRequests: Monitor 802.11 probe requests from a capture file or network sniffing!