p0dalirius / sortwindowsisos Goto Github PK

I'm a French Security Researcher and Microsoft MVP. I specialize in finding vulnerabilities in various environments, including Windows, Active Directory, and web applications. With a passion for tinkering with undefined behaviors in computers, I have published 90 open-source security tools so far, and there are many more to come! 🥳

If any of my tools have been helpful to you, please consider sponsoring my work. Sponsorship will support the costs of my projects, including server expenses, mainframe restoration, and research materials. You can support me through GitHub Sponsors https://github.com/sponsors/p0dalirius or through Patreon: https://www.patreon.com/podalirius

As part of my dedication to security, I actively report vulnerabilities I discover. To date, I have reported and responsibly disclosed 10 security vulnerabilities found in the wild. I have also received 6 CVEs (CVE-2020-16147, CVE-2020-16148, CVE-2021-43008, CVE-2022-26159, CVE-2022-29710, CVE-2022-30780), with 2 more awaiting release.

Summary of my tools

Active Directory tools

• AccountShadowTakeover: A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.
• Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
• DomainUsersToXLSX: Extract all users from an Active Directory domain to an Excel worksheet.
• DumpSMBShare: A script to dump files and folders remotely from a Windows SMB share.
• FindUncommonShares: A Python tool allowing to quickly find uncommon shares in vast Windows Domains.
• ldap2json: The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
• ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
• LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
• MSRPRN-Coerce: A python script to force authentification using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 69).
• pydsinternals: A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
• pyLAPS: Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.
• TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain.

Web exploitation tools

• Awesome-RCE-techniques: Awesome list of techniques to achieve Remote Code Execution on various apps!
• crawlersuseragents: Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
• http-fuzzing-scripts: A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.
• ipsourcebypass: This Python script can be used to bypass IP source restrictions using HTTP headers.
• JoGet-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
• LimeSurvey-plugin-webshell: A webshell plugin and interactive shell for pentesting JoGet application.
• LFIDump: A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
• LootApacheServerStatus: A script to automatically dump all URLs present in /server-status to a file locally.
• Moodle-webshell-plugin: A webshell plugin and interactive shell for pentesting a Moodle instance.
• owabrute: Hydra wrapper for bruteforcing Microsoft Outlook Web Application.
• RDWArecon: A python script to extract information from a Microsoft Remote Desktop Web Access (RDWA) application.
• robotstester: This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
• robotsvalidator: The robotsvalidator script allows you to check if URLs are allowed or disallowed by a robots.txt file.
• TimeBasedLoginUserEnum: A script to enumerate valid usernames based on the requests response times.
• Tomcat-application-webshell: A webshell application and interactive shell for pentesting Apache Tomcat servers.
• webapp-wordlists: This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Vulnerability exploits

• RemoteMouse-3.008-Exploit: This exploit allows to connect to the remote RemoteMouse 3.008 service to virtually press arbitrary keys and execute code on the machine.
• CVE-2016-10956-mail-masta: MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956).
• CVE-2020-14144-GiTea-git-hooks-rce: A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks.
• CVE-2021-43008-AdminerRead: Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability.
• CVE-2022-21907-http.sys: Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
• CVE-2022-26159-Ametys-Autocompletion-XML: A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
• CVE-2022-30780-lighttpd-denial-of-service: CVE-2022-30780 - lighttpd remote denial of service

Windows

• DownloadPDBSymbols: A Python script to download PDB files associated with a Portable Executable (PE).
• hivetools: A collection of python scripts to work with Windows Hives.
• msFlagsDecoder: Decode the values of common Windows properties such as userAccountControl and sAMAccountType.
• OffensiveBatchScripts: Offensive batch scripts.
• SortWindowsISOs: Extract the windows major and minor build numbers from an ISO file, and automatically sort the iso files.

Data & Researches

• linux-kernels: List of linux kernel versions in JSON.
• microsoft-rpc-fuzzing-tools: This repository contains a list of python scripts to work with Microsoft RPC for research purposes.
• volatility3-symbols: Memory mapping profiles for forensic analysis using volatility 3.
• volatility2-profiles: Memory mapping profiles for forensic analysis using volatility 2.
• WindowsBuilds: This repository contains the list of windows builds as parsable JSON files.
• windows-coerced-authentication-methods: A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

Other

• Argon2Cracker: A multithreaded bruteforcer of argon2 hashes.
• ctfd-parser: A python script to dump all the challenges locally of a CTFd-based Capture the Flag.
• factorizator: A script to factorize integers with sagemath and factordb.
• GetFortinetSerialNumber: A Python script to extract the serial number of a remote Fortinet device.
• GithubBackupAllRepos: A Python script to backup all repos (public or private) of a user.
• Hashes-Harvester: Automatically extracts NTLM hashes from Windows memory dumps.
• ParseFortinetSerialNumber: A Python script to parse Fortinet products serial numbers, and detect the associated model and version.
• python_packages_paths: This repository contains paths to python modules from inside python modules.
• streamableDownloader: A simple python script to download videos hosted on streamable from their link.
• wav2mmv: WAV to MMV converter. You can then use the MMV file in input of MSSTV to decode Slow Scan Television (SSTV) sound signals.
• WifiListProbeRequests: Monitor 802.11 probe requests from a capture file or network sniffing!