ZephrFish/DockerAttack

Stars
277
Rank 148,875 (Top 3 %)
Language
Shell
License
Apache License 2.0
Created over 6 years ago
Updated over 6 years ago

ZephrFish/DockerAttack

ZephrFish

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Various Tools and Docker Images

DockerAttack

Various Tools and Docker Images

If you're unsure what docker is or where to start, check out this blog on Docker for Hackers by m0rv4i.

Outcomes

Deployable Pentesting Images for Various Jobs
Personal Repo of tools
Deployment scripts in one docker image

Contents

InstallDocker.sh - Install docker on Debian based system, wrote for Kali but will work on others too
ITHC - Basic tooling for carrying out IT Health Check type assessments, Build Reviews, Seg testing & basic inf
AttackDeploy - Attack Deploy in docker form, features Aquatone setup which was pulled from a similar image made by @RandomRobbie
Inf (Work in Progesss) - Docker image for internal inf quick deployment

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

BugBountyTemplates

A collection of templates for bug bounty reporting

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

Wordlists

Various Payload wordlists

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax

static-tools

Static compiled binaries + scripts ready to use on systems

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

XSSPayloads

Cross Site Scripting Payloads -- Variations

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

RandomScripts

Random Shell Scripts and other ideas I have along the way

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp

GoogD0rk

AttackDeploy

Scripts for Deploying new server

AutoHoneyPoC

AutoPoC Generator HoneyPoC

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner

DynamicMSBuilder

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML

ChunkyIngress

Solving problems I didn't think I'd have on a saturday with clipboard copy pasta limits with powershell

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

CVE-2021-41773-PoC

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

PotUtils

HelloJackHunter

Research into WinSxS binaries and finding hijackable paths

LOLSearches

Living off the land searches for explorer and sharepoint

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.

MoveIT-WebShellCheck

Autopeeper

Automated Screenshot Tool

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett

xss-proxy

BeEF-inspired XSS proxy service

XSS

A collection of XSS Attack vectors

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

ZephrFish

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool

LogsSteelcon

OldGold

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection

PS-Scripts

Useful scripts for labs

LegacyResearch

DoNotRunMe

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3

Exch-CVE-2021-26855_Priv

patched to work

Mailgun-python

Python Wrapper for sending email with mailgun

WebSocketsAreFun

FAFO with WebSockets

csc_cypher

Cyber Security Challenge Cipher Challenge

zephrfish.github.io

zsec backup blog

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

ghostDebian

GhostDeployment Script for Debian

redsocial

SSH_Notify

Different Scripts for SSH hardening blog

Writeups

Various write-ups from CTFs, fixes for things and others

CTF-Solutions

cloudathost-debian

Provision Script for Debian on CAC

Bootspeed

Check the boot speed of a windows machine

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?

Sub2CDN

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career

VPNConnectScript

VPN Connection Menu Script, Created in Bash

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.

subroot

Another subdomain bruteforcer

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)

HoffPwn

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices

LearningThings

xfer

ingress tooling

configFiles

SH

zephrsnaps.github.io