Skip to content
Avatar
πŸ¦‹
πŸ¦‹
444 followers · 3 following
Block or Report

Block or report p0dalirius

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
p0dalirius/README.md

Podalirius πŸ¦‹

French Security Researcher πŸ‡«πŸ‡· | OSCP | Semipro CTF Player

  • Vulnerabilities found in the wild: 10 (see responsible disclosures) | (4 CVEs + 3 waiting for release)

  • I write opensource security tools to exploit vulnerabilities on many environments.

  • I help maintaining opensource security projects such as impacket by fixing bugs and responding to issues.

Connect with me:

Summary of my tools

Active Directory tools

  • DumpSMBShare: A script to dump files and folders remotely from a Windows SMB share.
  • pydsinternals: A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
  • FindUncommonShares: A Python tool allowing to quickly find uncommon shares in vast Windows Domains.
  • ldap2json: The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
  • ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
  • LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
  • MSRPRN-Coerce: A python script to force authentification using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 69).
  • pyLAPS: Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
  • TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain.

Web exploitation tools

  • crawlersuseragents: Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
  • ipsourcebypass: This Python script can be used to bypass IP source restrictions using HTTP headers.
  • JoGet-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
  • LimeSurvey-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
  • LFIDump: A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
  • RDWArecon: A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
  • owabrute: Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
  • robotstester: This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
  • robotsvalidator: The robotsvalidator script allows you to check if URLs are allowed or disallowed by a robots.txt file.
  • TimeBasedLoginUserEnum: A script to enumerate valid usernames based on the requests response times.
  • webapp-wordlists: This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Vulnerability exploits

Windows

  • DownloadPDBSymbols: A Python script to download PDB files associated with a Portable Executable (PE).
  • hivetools: A collection of python scripts to work with Windows Hives.
  • msFlagsDecoder: Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
  • SortWindowsISOs: Extract the windows major and minor build numbers from an ISO file, and automatically sort the iso files.

Data

Other

  • Argon2Cracker: A multithreaded bruteforcer of argon2 hashes.
  • GetFortinetSerialNumber: A Python script to extract the serial number of a remote Fortinet device.
  • GithubBackupAllRepos: A Python script to backup all repos (public or private) of a user.
  • Hashes-Harvester: Automatically extracts NTLM hashes from Windows memory dumps.
  • ParseFortinetSerialNumber: A Python script to parse Fortinet products serial numbers, and detect the associated model and version.
  • streamableDownloader: A simple python script to download videos hosted on streamable from their link.
  • wav2mmv: WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.

Pinned

  1. LDAPmonitor Public

    Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

    Python 464 44

  2. webapp-wordlists Public

    This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

    Python 302 74

  3. ipsourcebypass Public

    This Python script can be used to bypass IP source restrictions using HTTP headers.

    Python 278 46

  4. DumpSMBShare Public

    A script to dump files and folders remotely from a Windows SMB share.

    Python 125 27

  5. FindUncommonShares Public

    FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains.

    Python 118 15

  6. RDWArecon Public

    A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application

    Python 48 7

11,477 contributions in the last year

May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Mon Wed Fri
Learn how we count contributions
Less More
NEW! View your contributions in 3D, VR and IRL!