Discover @ZephrFish Open Source projects

Andy | ZephrFish (@ZephrFish)

ZephrFish

Stars
3,216
Global Rank 9,076 (Top 0.4 %)
Followers 1,090
Following 117
Registered about 11 years ago
Most used languages

Python
40.7 %

Shell
22.2 %

PowerShell
16.7 %

C#
5.6 %

HTML
3.7 %

Go
3.7 %

YARA 1.9 %

Batchfile 1.9 %

Lua
1.9 %

Visual Basic 1.9 %
Location 🇬🇧 United Kingdom
Country Total Rank 496
Country Ranking

Batchfile 5

YARA 5

PowerShell
11

Lua
42

Shell
93

Visual Basic 115

Python
298

C#
491

Go
862

HTML
1,222

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

BugBountyTemplates

A collection of templates for bug bounty reporting

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

DockerAttack

Various Tools and Docker Images

Wordlists

Various Payload wordlists

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax

static-tools

Static compiled binaries + scripts ready to use on systems

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

XSSPayloads

Cross Site Scripting Payloads -- Variations

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

RandomScripts

Random Shell Scripts and other ideas I have along the way

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp

GoogD0rk

AttackDeploy

Scripts for Deploying new server

AutoHoneyPoC

AutoPoC Generator HoneyPoC

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner

DynamicMSBuilder

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

ADFSDump-PS

PowerShell Implementation of ADFSDump to assist with GoldenSAML

ChunkyIngress

Solving problems I didn't think I'd have on a saturday with clipboard copy pasta limits with powershell

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

CVE-2021-41773-PoC

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

PotUtils

HelloJackHunter

Research into WinSxS binaries and finding hijackable paths

LOLSearches

Living off the land searches for explorer and sharepoint

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.

MoveIT-WebShellCheck

Autopeeper

Automated Screenshot Tool

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett

xss-proxy

BeEF-inspired XSS proxy service

XSS

A collection of XSS Attack vectors

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

ZephrFish

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool

LogsSteelcon

OldGold

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection

PS-Scripts

Useful scripts for labs

LegacyResearch

DoNotRunMe

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3

Exch-CVE-2021-26855_Priv

patched to work

Mailgun-python

Python Wrapper for sending email with mailgun

WebSocketsAreFun

FAFO with WebSockets

csc_cypher

Cyber Security Challenge Cipher Challenge

zephrfish.github.io

zsec backup blog

CVE-2024-4577-PHP-RCE

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

ghostDebian

GhostDeployment Script for Debian

redsocial

SSH_Notify

Different Scripts for SSH hardening blog

Writeups

Various write-ups from CTFs, fixes for things and others

CTF-Solutions

cloudathost-debian

Provision Script for Debian on CAC

Bootspeed

Check the boot speed of a windows machine

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?

Sub2CDN

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career

VPNConnectScript

VPN Connection Menu Script, Created in Bash

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.

subroot

Another subdomain bruteforcer

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)

HoffPwn

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices

LearningThings

xfer

ingress tooling

configFiles

SH

zephrsnaps.github.io