p0dalirius
Security Researcher, Speaker, Microsoft MVP in Security
Podalirius Labshttps://podalirius.net/
Pinned Repositories
ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
FindUncommonShares
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
LDAPmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
LDAPWordlistHarvester
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
smbclient-ng
smbclient-ng, a fast and user friendly way to interact with SMB shares.
webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
p0dalirius's Repositories
p0dalirius/DumpSMBShare
A script to dump files and folders remotely from a Windows SMB share.
p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
p0dalirius/pydsinternals
A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
p0dalirius/Wordpress-webshell-plugin
A webshell plugin and interactive shell for pentesting a WordPress website.
p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE
Pwndoc local file inclusion to remote code execution of Node.js code on the server
p0dalirius/volatility2-profiles
Memory mapping profiles for forensic analysis using volatility 2
p0dalirius/microsoft-rpc-fuzzing-tools
This repository contains a list of python scripts to work with Microsoft RPC for research purposes.
p0dalirius/RemoteMouse-3.008-Exploit
This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
p0dalirius/Joomla-webshell-plugin
A webshell plugin and interactive shell for pentesting a Joomla website.
p0dalirius/Argon2Cracker
A multithreaded bruteforcer of argon2 hashes.
p0dalirius/DomainUsersToXLSX
Extract all users from an Active Directory domain to an Excel worksheet.
p0dalirius/WifiListProbeRequests
Monitor 802.11 probe requests from a capture file or network sniffing!
p0dalirius/TargetAllDomainObjects
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
p0dalirius/Moodle-webshell-plugin
A webshell plugin and interactive shell for pentesting a Moodle instance.
p0dalirius/RobotsValidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
p0dalirius/MSRPRN-Coerce
A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).
p0dalirius/TimeBasedLoginUserEnum
A script to enumerate valid usernames based on the requests response times.
p0dalirius/CVE-2020-14144-GiTea-git-hooks-rce
A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks
p0dalirius/Sprayer
Multithreaded spraying of a password on all accounts of a domain.
p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML
A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
p0dalirius/gitea-extract-users
A Python script to extract the list of users of a GiTea instance, unauthenticated or authenticated.
p0dalirius/JoGet-webshell-plugin
A webshell plugin and interactive shell for pentesting JoGet application.
p0dalirius/LimeSurvey-webshell-plugin
A webshell plugin and interactive shell for pentesting a LimeSurvey application.
p0dalirius/factorizator
A script to factorize integers with sagemath and factordb.
p0dalirius/CVE-2018-16763-FuelCMS-1.4.1-RCE
Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.
p0dalirius/impacket
Impacket is a collection of Python classes for working with network protocols.
p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write
A path traversal in smbserver.py allows an attacker to read/write arbitrary files on the server.
p0dalirius/SweetRice-webshell-plugin
A webshell plugin and interactive shell for pentesting a SweetRice website.
p0dalirius/Windows-Hardening
p0dalirius/lib-parseargs
A simple library to parse command line arguments in C++.