Discover ZephrFish/csc_cypher Open Source project

A collection of templates for bug bounty reporting

374

BugBountyTemplates

312

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

Various Tools and Docker Images

280

DockerAttack

Various Payload wordlists

277

Wordlists

224

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax

191

static-tools

Static compiled binaries + scripts ready to use on systems

Lua

151

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

AzureAttackKit

Cross Site Scripting Payloads -- Variations

XSSPayloads

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

Random Shell Scripts and other ideas I have along the way

RandomScripts

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

Scripts for Deploying new server

AttackDeploy

Some settings stolen from multiple scripts @ZephrFish

WindowsHardeningScript

Batchfile

GoogD0rk

Timestomp Tool to flatten MAC times with a specific timestamp

Stompy

AutoHoneyPoC

AutoPoC Generator HoneyPoC

CVE-2023-20198 & 0Day Implant Scanner

CVE-2023-20198-Checker

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Exch-CVE-2021-26855

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

CVE-2020-16898

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

CVE-2021-41773-PoC

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

SandboxSpy

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

PotUtils

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.

MoveIT-WebShellCheck

Automated Screenshot Tool

Autopeeper

A collection of XSS Attack vectors

XSS

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett

BeEF-inspired XSS proxy service

xss-proxy

HTML

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

Purple Team Workshop by @jorgeorchilles

PurpleTeamWorkshop-LabManual

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool

A list of various ways of injecting payloads for CSV Injection

ZephrFish

LogsSteelcon

CSVInjectionPayloads

dns-parallel-prober

PoC for an adaptive parallelised DNS prober

OldGold

Sysadmin Tools

HTML

PS-Scripts

Useful scripts for labs

Git All the Payloads! A collection of web attack payloads.

payloads

A collection of yara rules I've gathered over the years :-)

DoNotRunMe

Random-Yara-Rules

YARA

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3

Exch-CVE-2021-26855_Priv

patched to work

Python Wrapper for sending email with mailgun

Mailgun-python

LegacyResearch

zephrfish.github.io

WebSocketsAreFun

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework

GhostDeployment Script for Debian

ghostDebian

redsocial

Different Scripts for SSH hardening blog

SSH_Notify

Various write-ups from CTFs, fixes for things and others

Writeups

CTF-Solutions

cloudathost-debian

Provision Script for Debian on CAC

Check the boot speed of a windows machine

Bootspeed

Visual Basic

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP

Sub2CDN

VPN Connection Menu Script, Created in Bash

VPNConnectScript

An outline as to how to get the basics nailed down before approaching information security as a career

LearnTheRopes

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.

Another subdomain bruteforcer

subroot

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)

fwallower

Analyze Windows Firewall outbound blocks and selectively allow traffic

A basic python script that takes your weekly wage and works out how much tax you pay

HoffPwn

Hoff in Style

IncomeTaxCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices

UnlmtdCalc

Have we not learnt from HoneyPoC?

LearningThings

CVE-2024-3400-Canary

xfer

configFiles

CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files

InsightEngineering

Debugging

EDRs

scripts