π¦
Podalirius π«π· | OSCP | Semipro CTF Player
French Security Researcher -
Vulnerabilities found in the wild: 10 (see responsible disclosures) | (4 CVEs + 3 waiting for release)
-
I write opensource security tools to exploit vulnerabilities on many environments.
-
I help maintaining opensource security projects such as impacket by fixing bugs and responding to issues.
Connect with me:
πΊ My Youtube channel:π° Support my work on Patreon: https://www.patreon.com/podaliriusπ« Follow me on Twitter:π My website: https://podalirius.net/
Summary of my tools
Active Directory tools
- DumpSMBShare: A script to dump files and folders remotely from a Windows SMB share.
- pydsinternals: A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
- FindUncommonShares: A Python tool allowing to quickly find uncommon shares in vast Windows Domains.
- ldap2json: The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
- ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
- LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
- MSRPRN-Coerce: A python script to force authentification using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 69).
- pyLAPS: Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
- TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain.
Web exploitation tools
- crawlersuseragents: Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
- ipsourcebypass: This Python script can be used to bypass IP source restrictions using HTTP headers.
- JoGet-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
- LimeSurvey-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
- LFIDump: A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
- RDWArecon: A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
- owabrute: Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
- robotstester: This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
- robotsvalidator: The robotsvalidator script allows you to check if URLs are allowed or disallowed by a robots.txt file.
- TimeBasedLoginUserEnum: A script to enumerate valid usernames based on the requests response times.
- webapp-wordlists: This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Vulnerability exploits
- RemoteMouse-3.008-Exploit: This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
- CVE-2016-10956-mail-masta: MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)
- CVE-2020-14144-GiTea-git-hooks-rce: A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks.
- CVE-2021-43008-AdminerRead: Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability.
- CVE-2022-26159-Ametys-Autocompletion-XML: A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
- CVE-2022-21907-http.sys: Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Windows
- DownloadPDBSymbols: A Python script to download PDB files associated with a Portable Executable (PE).
- hivetools: A collection of python scripts to work with Windows Hives.
- msFlagsDecoder: Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
- SortWindowsISOs: Extract the windows major and minor build numbers from an ISO file, and automatically sort the iso files.
Data
- linux-kernels: List of linux kernel versions in JSON
- volatility3-symbols: Memory mapping profiles for forensic analysis using volatility 3
- volatility2-profiles: Memory mapping profiles for forensic analysis using volatility 2
- WindowsBuilds: This repository contains the list of windows builds as parsable JSON files
Other
- Argon2Cracker: A multithreaded bruteforcer of argon2 hashes.
- GetFortinetSerialNumber: A Python script to extract the serial number of a remote Fortinet device.
- GithubBackupAllRepos: A Python script to backup all repos (public or private) of a user.
- Hashes-Harvester: Automatically extracts NTLM hashes from Windows memory dumps.
- ParseFortinetSerialNumber: A Python script to parse Fortinet products serial numbers, and detect the associated model and version.
- streamableDownloader: A simple python script to download videos hosted on streamable from their link.
- wav2mmv: WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.