Discover ZephrFish/ChunkyIngress Open Source project

A collection of templates for bug bounty reporting

374

BugBountyTemplates

312

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

Various Tools and Docker Images

280

DockerAttack

Various Payload wordlists

277

Wordlists

224

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax

202

static-tools

Static compiled binaries + scripts ready to use on systems

Lua

151

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish

Batchfile

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

AzureAttackKit

Cross Site Scripting Payloads -- Variations

XSSPayloads

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

Random Shell Scripts and other ideas I have along the way

RandomScripts

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

Timestomp Tool to flatten MAC times with a specific timestamp

Stompy

GoogD0rk

Scripts for Deploying new server

AttackDeploy

AutoPoC Generator HoneyPoC

AutoHoneyPoC

CVE-2023-20198 & 0Day Implant Scanner

CVE-2023-20198-Checker

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

DynamicMSBuilder

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

PowerShell Implementation of ADFSDump to assist with GoldenSAML

ADFSDump-PS

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

CVE-2020-16898

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

CVE-2021-41773-PoC

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

SandboxSpy

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

PotUtils

Research into WinSxS binaries and finding hijackable paths

HelloJackHunter

LOLSearches

Living off the land searches for explorer and sharepoint

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.

MoveIT-WebShellCheck

Automated Screenshot Tool

Autopeeper

A setup script for Plex, Sonarr, Radarr & Jackett

MediaCenterSetup

BeEF-inspired XSS proxy service

xss-proxy

HTML

XSS

A collection of XSS Attack vectors

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

Purple Team Workshop by @jorgeorchilles

ZephrFish

PurpleTeamWorkshop-LabManual

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool

A list of various ways of injecting payloads for CSV Injection

LogsSteelcon

OldGold

Sysadmin Tools

HTML

CSVInjectionPayloads

PS-Scripts

Useful scripts for labs

LegacyResearch

A collection of yara rules I've gathered over the years :-)

DoNotRunMe

Random-Yara-Rules

YARA

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3

Exch-CVE-2021-26855_Priv

patched to work

Python Wrapper for sending email with mailgun

Mailgun-python

WebSocketsAreFun

FAFO with WebSockets

Cyber Security Challenge Cipher Challenge

csc_cypher

zephrfish.github.io

zsec backup blog

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

ghostDebian

GhostDeployment Script for Debian

redsocial

Different Scripts for SSH hardening blog

SSH_Notify

Various write-ups from CTFs, fixes for things and others

Writeups

CTF-Solutions

cloudathost-debian

Provision Script for Debian on CAC

Check the boot speed of a windows machine

Bootspeed

Visual Basic

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP

Have we not learnt from HoneyPoC?

CVE-2024-3400-Canary

Sub2CDN

An outline as to how to get the basics nailed down before approaching information security as a career

LearnTheRopes

VPNConnectScript

VPN Connection Menu Script, Created in Bash

Epic Kali Script, oracle and other thinfs need to be added soon.

Kali_Setup

Another subdomain bruteforcer

subroot

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)

HoffPwn

Hoff in Style

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices

UnlmtdCalc