Projects in Awesome Lists by p0dalirius
A curated list of projects in awesome lists by p0dalirius .
https://github.com/p0dalirius/coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
authentication automatic call coerce fuzzing ntlm privilege-escalation rpc
Last synced: 14 May 2025
https://github.com/p0dalirius/Coercer
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
authentication automatic call coerce fuzzing ntlm privilege-escalation rpc
Last synced: 07 May 2025
https://github.com/p0dalirius/smbclient-ng
smbclient-ng, a fast and user friendly way to interact with SMB shares.
Last synced: 12 Apr 2025
https://github.com/p0dalirius/ldapmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
active-directory csharp ldap monitor pentest powershell python tool
Last synced: 12 Apr 2025
https://github.com/p0dalirius/LDAPmonitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
active-directory csharp ldap monitor pentest powershell python tool
Last synced: 10 Apr 2025
https://github.com/p0dalirius/ApacheTomcatScanner
A python script to scan for Apache Tomcat server vulnerabilities.
Last synced: 12 Jul 2025
https://github.com/p0dalirius/apachetomcatscanner
A python script to scan for Apache Tomcat server vulnerabilities.
Last synced: 14 May 2025
https://github.com/p0dalirius/windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
authentication call coerce microsoft privilege-escalation rpc windows
Last synced: 08 Apr 2025
https://github.com/p0dalirius/webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
application bugbounty cms content-management-system drupal pentesting typo3 version web wordlists wordpress
Last synced: 15 May 2025
https://github.com/p0dalirius/pyfinduncommonshares
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
active-directory pentesting python shares smb uncommon windows
Last synced: 15 May 2025
https://github.com/p0dalirius/finduncommonshares
FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE accesses.
active-directory pentesting python shares smb uncommon windows
Last synced: 26 Mar 2025
https://github.com/p0dalirius/ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
bugbounty bypass headers http ip pentesting python tool
Last synced: 16 May 2025
https://github.com/p0dalirius/extractbitlockerkeys
A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.
active-directory bitlocker domain post-exploitation recovery
Last synced: 16 May 2025
https://github.com/p0dalirius/pyldapwordlistharvester
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
active-directory cracking ldap ntds wordlist
Last synced: 16 May 2025
https://github.com/p0dalirius/ldapwordlistharvester
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
active-directory cracking ldap ntds wordlist
Last synced: 26 Mar 2025
https://github.com/p0dalirius/DumpSMBShare
A python script to dump files and folders remotely from a Windows SMB share.
active-directory dump remote smb windows
Last synced: 12 Jul 2025
https://github.com/p0dalirius/dumpsmbshare
A python script to dump files and folders remotely from a Windows SMB share.
active-directory dump remote smb windows
Last synced: 12 Apr 2025
https://github.com/p0dalirius/geowordlists
GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
activedirectory distance france generate geography passwords windows wordlist
Last synced: 05 Apr 2025
https://github.com/p0dalirius/ctfd-parser
A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
challenges ctf ctfd dump parser python
Last synced: 05 Apr 2025
https://github.com/p0dalirius/ldap2json
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
active-directory analysis bugbounty export json ldap pentesting
Last synced: 05 Apr 2025
https://github.com/p0dalirius/pypdbdownload
A Python script to download PDB files associated with a Portable Executable (PE)
debug download microsoft pdb pe portable-executable tool
Last synced: 23 Apr 2025
https://github.com/p0dalirius/pdbdownload
A Python script to download PDB files associated with a Portable Executable (PE)
debug download microsoft pdb pe portable-executable tool
Last synced: 03 Apr 2025
https://github.com/p0dalirius/cve-2022-36446-webmin-software-package-updates-rce
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
cve-2022-36446 exploit package rce software update webmin
Last synced: 05 Apr 2025
https://github.com/p0dalirius/pylaps
Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
ad administrator laps local ms-mcs-admpwd python3
Last synced: 25 Oct 2025
https://github.com/p0dalirius/rdwatool
A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application
active-directory domain python rdp rdwa recon web
Last synced: 06 Apr 2025
https://github.com/p0dalirius/wordpress-webshell-plugin
A webshell plugin and interactive shell for pentesting a WordPress website.
Last synced: 25 Jun 2025
https://github.com/p0dalirius/cve-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
crash cve-2022-21907 iis-server poc python rce
Last synced: 03 Sep 2025
https://github.com/p0dalirius/CVE-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
crash cve-2022-21907 iis-server poc python rce
Last synced: 28 Sep 2025
https://github.com/p0dalirius/cve-2021-43008-adminerread
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
adminer bugbounty cve cve-2021-43008 exploit file hacking pentest read tool vulnerability
Last synced: 03 Sep 2025
https://github.com/p0dalirius/findunusualsessions
A tool to remotely detect unusual sessions opened on windows machines using RPC
remote rpc session smb suspicious windows
Last synced: 23 Apr 2025
https://github.com/p0dalirius/lfidump
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
bugbounty dump file inclusion local pentesting
Last synced: 04 Aug 2025
https://github.com/p0dalirius/owabrute
Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
hydra outlook pentest pentest-tool tool
Last synced: 03 Sep 2025
https://github.com/p0dalirius/ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
active-directory bugbounty ldap pentesting search
Last synced: 03 Apr 2025
https://github.com/p0dalirius/pydsinternals
A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
active-directory directory dotnet internals library python
Last synced: 16 May 2025
https://github.com/p0dalirius/remotemouse-3.008-exploit
This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
exploit pentest remote-control remotemouse
Last synced: 03 Sep 2025
https://github.com/p0dalirius/cve-2022-45771-pwndoc-lfi-to-rce
Pwndoc local file inclusion to remote code execution of Node.js code on the server
cve-2022-45771 exploit pwndoc rce
Last synced: 03 Sep 2025
https://github.com/p0dalirius/volatility2-profiles
Memory mapping profiles for forensic analysis using volatility 2
debian forensics linux profiles volatility
Last synced: 20 Aug 2025
https://github.com/p0dalirius/robotstester
This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
bugbounty crawler pentesting python robots tool
Last synced: 21 Aug 2025
https://github.com/p0dalirius/sectools
A Python native library containing lots of useful functions to write efficient scripts to hack stuff.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/p0dalirius
Front page README of my GitHub profile
Last synced: 15 Oct 2025
https://github.com/p0dalirius/argon2cracker
A multithreaded bruteforcer of argon2 hashes.
argon2 cracker hash mutlithreading python
Last synced: 03 Sep 2025
https://github.com/p0dalirius/domainuserstoxlsx
Extract all users from an Active Directory domain to an Excel worksheet.
accounts active-directory administration audit excel extract pentest system xlsx
Last synced: 06 Jul 2025
https://github.com/p0dalirius/getfortinetserialnumber
A Python script to extract the serial number of a remote Fortinet device.
certificate fortinet pentest recon serial-number
Last synced: 24 Jun 2025
https://github.com/p0dalirius/targetalldomainobjects
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
active-directory command computer domain user wrapper
Last synced: 03 Sep 2025
https://github.com/TheManticoreProject/winacl
winacl, a cross platforms Go library to work with ntSecurityDescriptor.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/volatility3-symbols
Memory mapping profiles for forensic analysis using volatility 3
3 forensics symbols volatility
Last synced: 04 Apr 2025
https://github.com/p0dalirius/creap
crEAP will identify WPA Enterprise mode EAP types and harvest usernames and/or handshakes if insecure protocols are in use.
eap handshakes pentest wifi wireless wpa
Last synced: 03 Sep 2025
https://github.com/p0dalirius/pylootapacheserverstatus
A script to automatically dump all URLs present in /server-status to a file locally.
apache dump live loot pentest server-status
Last synced: 20 Jun 2025
https://github.com/p0dalirius/pyLootApacheServerStatus
A script to automatically dump all URLs present in /server-status to a file locally.
apache dump live loot pentest server-status
Last synced: 03 Apr 2025
https://github.com/p0dalirius/hashes-harvester
Automatically extracts NT and LM hashes from Windows memory dumps based on volatility.
extractor forensics hive lm nt volatility windows
Last synced: 03 Sep 2025
https://github.com/p0dalirius/docker-volatility2
A volatility 2 docker for forensic investigations
Last synced: 08 Aug 2025
https://github.com/p0dalirius/accountshadowtakeover
A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
account credentials shadow takeover user
Last synced: 12 Oct 2025
https://github.com/p0dalirius/pydescribentsecuritydescriptor
A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
ace acl dacl ntsecuritydescriptor parse python sacl securitydescriptor
Last synced: 15 Jul 2025
https://github.com/p0dalirius/cve-2020-14144-gitea-git-hooks-rce
A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks
cve-2020-14144 git gitea hook rce
Last synced: 03 Sep 2025
https://github.com/p0dalirius/msflagsdecoder
Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
active decode directory ldap properties samaccounttype useraccountcontrol windows
Last synced: 03 Sep 2025
https://github.com/p0dalirius/robotsvalidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
allow bugbounty bypass check disallow robots-txt web
Last synced: 03 Sep 2025
https://github.com/p0dalirius/msrprn-coerce
A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).
Last synced: 03 Sep 2025
https://github.com/p0dalirius/crawlersuseragents
Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
bugbounty crawler crawlers pentest request tool user-agent web
Last synced: 03 Sep 2025
https://github.com/p0dalirius/pysprayer
Multithreaded spraying of a password on all accounts of a domain.
active-directory domain passwords pentest spraying
Last synced: 23 Apr 2025
https://github.com/p0dalirius/windows-cryptographic-and-hashing-algorithms-explained
Detailed explanation of Windows cryptographic algorithms, with examples and schemes.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/timebasedloginuserenum
A script to enumerate valid usernames based on the requests response times.
enumerate leak login python side-channel-attacks time
Last synced: 03 Sep 2025
https://github.com/p0dalirius/sprayer
Multithreaded spraying of a password on all accounts of a domain.
active-directory domain passwords pentest spraying
Last synced: 03 Sep 2025
https://github.com/p0dalirius/githubbackupallrepos
A Python script to backup all repos (public or private) of a user.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/cve-2022-30780-lighttpd-denial-of-service
CVE-2022-30780 - lighttpd remote denial of service
cve cve-2022-30780 denial exploit lighttpd pentest remote service
Last synced: 07 Oct 2025
https://github.com/p0dalirius/binaryexploitation
A massive documentation about binary protections, exploitation techniques, and computer architecture concepts.
binary buffer exploit exploitation overflow pwn system
Last synced: 04 Apr 2025
https://github.com/p0dalirius/ghostspn
List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.
ghostspn kerberos serviceprincipalname spn
Last synced: 03 Sep 2025
https://github.com/p0dalirius/parsefortinetserialnumber
A Python script to parse Fortinet products serial numbers, and detect the associated model and revision.
fortinet models parse serialnumbers
Last synced: 24 Oct 2025
https://github.com/p0dalirius/cve-2016-10956-mail-masta
MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)
cve-2016-10956 mailmasta pentest plugin tool vulnerability wordpress
Last synced: 06 Aug 2025
https://github.com/p0dalirius/lootapacheserverstatus
A script to automatically dump all URLs present in /server-status to a file locally.
apache dump live loot pentest server-status
Last synced: 26 Mar 2025
https://github.com/p0dalirius/pwndocapi
A python library to interact with Pwndoc instances for pentest reports generation
Last synced: 03 Sep 2025
https://github.com/p0dalirius/limesurvey-webshell-plugin
A webshell plugin and interactive shell for pentesting a LimeSurvey application.
limesurvey pentest plugin rce webshell
Last synced: 03 Sep 2025
https://github.com/p0dalirius/http-fuzzing-scripts
A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/cve-2018-16763-fuelcms-1.4.1-rce
Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.
cms cve-2018-16763 exploit fuelcms
Last synced: 03 Sep 2025
https://github.com/p0dalirius/gitea-extract-users
A Python script to extract the list of users of a GiTea instance, unauthenticated or authenticated.
extract gitea osint unauthenticated users
Last synced: 03 Sep 2025
https://github.com/p0dalirius/wav2mmv
WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.
converter ctf mmsstv mmv satellite satellite-imagery signal sstv wav
Last synced: 03 Sep 2025
https://github.com/p0dalirius/joomla-1.6-1.7-2.5-privilege-escalation-vulnerability
A Python script to create an administrator account on Joomla! 1.6/1.7/2.5 using a privilege escalation vulnerability
account admin joomla vulnerability
Last synced: 03 Sep 2025
https://github.com/p0dalirius/cve-2022-26159-ametys-autocompletion-xml
A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
ametys autocompletion cms exploit plugin
Last synced: 12 Sep 2025
https://github.com/TheManticoreProject/goLAPS
Go setter/getter for property ms-Mcs-AdmPwd used by LAPS.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/bhopengraph
A python library to create BloodHound OpenGraphs
bloodhound library opengraph python
Last synced: 03 Sep 2025
https://github.com/p0dalirius/codeigniter-session-unsign
Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.
codeigniter cookie crack php session unsign
Last synced: 03 Sep 2025
https://github.com/p0dalirius/pydescribesddl
A python tool to parse and describe the SDDL string.
Last synced: 03 Sep 2025
https://github.com/p0dalirius/factorizator
A script to factorize integers with sagemath and factordb.
ctf factordb factorization integer rsa sagemath
Last synced: 03 Sep 2025
https://github.com/p0dalirius/mercurial-scm-extract
A tool to extract and dump files of mercurial SCM exposed on a web server.
exposed extract mercurial scm vulnerability web
Last synced: 28 Jun 2025
https://github.com/p0dalirius/hexcat
A tool to show only printable characters of a file
Last synced: 03 Sep 2025
https://github.com/p0dalirius/linux-kernels
List of linux kernel versions and download links in JSON
Last synced: 03 Sep 2025
https://github.com/p0dalirius/userswithpwdlastsetolderthan
Extract all users from an Active Directory domain with password last set older than X days to an Excel worksheet.
Last synced: 03 Sep 2025