Rémi GASCOU (Podalirius)'s starred repositories
crawlersuseragents
Python script to check if there is any differences in responses of an application when the request comes from a search engine's crawler.
CVE-2016-10956-mail-masta
MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)
robotstester
This Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
TimeBasedLoginUserEnum
A script to enumerate valid usernames based on the requests response times.
CVE-2020-14144-GiTea-git-hooks-rce
A script to exploit CVE-2020-14144 - GiTea authenticated Remote Code Execution using git hooks
CVE-2021-43008-AdminerRead
Exploit tool for CVE-2021-43008 Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability
CVE-2022-26159-Ametys-Autocompletion-XML
A python exploit to automatically dump all the data stored by the auto-completion plugin of Ametys CMS to a local sqlite database file.
GetFortinetSerialNumber
A Python script to extract the serial number of a remote Fortinet device.
http-fuzzing-scripts
A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.
Tomcat-webshell-application
A webshell application and interactive shell for pentesting Apache Tomcat servers.
JoGet-webshell-plugin
A webshell plugin and interactive shell for pentesting JoGet application.
ipsourcebypass
This Python script can be used to bypass IP source restrictions using HTTP headers.
Moodle-webshell-plugin
A webshell plugin and interactive shell for pentesting a Moodle instance.
Joomla-webshell-plugin
A webshell plugin and interactive shell for pentesting a Joomla website.
LimeSurvey-webshell-plugin
A webshell plugin and interactive shell for pentesting a LimeSurvey application.
CVE-2018-16763-FuelCMS-1.4.1-RCE
Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell.
SweetRice-webshell-plugin
A webshell plugin and interactive shell for pentesting a SweetRice website.
CVE-2022-30780-lighttpd-denial-of-service
CVE-2022-30780 - lighttpd remote denial of service
Wordpress-webshell-plugin
A webshell plugin and interactive shell for pentesting a WordPress website.
RobotsValidator
A python script to check if URLs are allowed or disallowed by a robots.txt file.
webapp-wordlists
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.
Awesome-RCE-techniques
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
windows-coerced-authentication-methods
A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.
CodeIgniter-session-unsign
Command line tool to fetch, decode and brute-force CodeIgniter session cookies by guessing and bruteforcing secret keys.
RopstenCtf
RopstenCtf is an easy tool to interact with the ethereum ropsten network for ctf purpose and more.
shellcoding-companion
A python script to automatically generate shellcode payload from assembly files.