p0dalirius

Security Researcher, Speaker, Microsoft MVP in Security

Podalirius Labshttps://podalirius.net/

Pinned Repositories

ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
Language:Python745 11 3195
Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
Language:Dockerfile1.8k 42 15208
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Language:Python1.6k 22 56176
ExtractBitlockerKeys
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
Language:Python286 6 241
FindUncommonShares
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
Language:Python373 4 2343
ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
Language:Python365 5 054
LDAPmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Language:C#801 17 1270
LDAPWordlistHarvester
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
Language:Python289 4 223
webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
480 12 1108
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
Language:Python465 10 257

p0dalirius's Repositories

p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Language:Python1.6k 22 56176
p0dalirius/LDAPmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Language:C#801 17 1270
p0dalirius/ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
Language:Python745 11 3195
p0dalirius/webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
480 12 1108
p0dalirius/FindUncommonShares
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
Language:Python373 4 2343
p0dalirius/ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
Language:Python365 5 054
p0dalirius/ExtractBitlockerKeys
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
Language:Python286 6 241
p0dalirius/CVE-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Language:Python78 6 016
p0dalirius/RDWAtool
A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
Language:Python74 2 613
p0dalirius/CVE-2021-43008-AdminerRead
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
Language:Python73 3 114
p0dalirius/LFIDump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
Language:Python63 4 013
p0dalirius/pyLAPS
Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
Language:Python62 2 012
p0dalirius/ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Language:Python55 2 1310
p0dalirius/sectools
A Python native library containing lots of useful functions to write efficient scripts to hack stuff.
Language:Python29 3 26
p0dalirius/p0dalirius
Front page README of my GitHub profile
27 2 07
p0dalirius/DomainUsersToXLSX
Extract all users from an Active Directory domain to an Excel worksheet.
Language:Python24 2 16
p0dalirius/AccountShadowTakeover
A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
Language:Python20 2 02
p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
CVE-2022-30780 - lighttpd remote denial of service
Language:Perl16 2 04
p0dalirius/CodeIgniter-session-unsign
Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.
Language:Python13 2 02
p0dalirius/DescribeNTSecurityDescriptor
A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
Language:Python12 2 43
p0dalirius/goLAPS
Go setter/getter for property ms-Mcs-AdmPwd used by LAPS.
Language:Go11 2 0
p0dalirius/Joomla-1.6-1.7-2.5-Privilege-Escalation-Vulnerability
A Python script to create an administrator account on Joomla! 1.6/1.7/2.5 using a privilege escalation vulnerability
Language:Python10 2 12
p0dalirius/DescribeSDDL
A python tool to parse and describe the SDDL string.
Language:Python8 2 02
p0dalirius/impacket
Impacket is a collection of Python classes for working with network protocols.
Language:Python7 1 01
p0dalirius/linux-kernels
List of linux kernel versions and download links in JSON
Language:Python7 3 02
p0dalirius/streamableDownloader
A simple python script to download videos hosted on streamable from their link
Language:Python7 2 12
p0dalirius/UsersWithPwdLastSetOlderThan
Extract all users from an Active Directory domain with password last set older than X days to an Excel worksheet.
Language:Python6 2 21
p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime
CVE-2020-8813 - RCE through graph_realtime.php in Cacti 1.2.8
Language:Python4 2 02
p0dalirius/ADcheck
2
p0dalirius/BloodHound.py
A Python based ingestor for BloodHound