Discover @ZephrFish Open Source projects

Andy (@ZephrFish)

ZephrFish

Stars
3,031
Global Rank 9,489 (Top 0.4 %)
Followers 1,053
Following 104
Registered over 10 years ago
Most used languages

Python
44.9 %

Shell
24.5 %

PowerShell
14.3 %

HTML
4.1 %

Lua
2.0 %

Batchfile 2.0 %

Go
2.0 %

YARA 2.0 %

Visual Basic 2.0 %

C#
2.0 %
Location 🇬🇧 United Kingdom
Country Total Rank 496
Country Ranking

YARA 5

Batchfile 11

PowerShell
13

Lua
42

Shell
92

Visual Basic 110

Python
296

C#
788

Go
958

HTML
1,298

GoogD0rker

Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

BugBountyTemplates

A collection of templates for bug bounty reporting

CVE-2020-1350_HoneyPoC

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

DockerAttack

Various Tools and Docker Images

Wordlists

Various Payload wordlists

Bloodhound-CustomQueries

Custom Queries - Brought Up to BH4.1 syntax

static-tools

Static compiled binaries + scripts ready to use on systems

BurpFeed

Hacked together script for feeding urls into Burp's Sitemap

AzureAttackKit

Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

XSSPayloads

Cross Site Scripting Payloads -- Variations

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

RandomScripts

Random Shell Scripts and other ideas I have along the way

CVE-2021-22893_HoneyPoC2

DO NOT RUN THIS.

AttackDeploy

Scripts for Deploying new server

WindowsHardeningScript

Some settings stolen from multiple scripts @ZephrFish

GoogD0rk

Stompy

Timestomp Tool to flatten MAC times with a specific timestamp

AutoHoneyPoC

AutoPoC Generator HoneyPoC

CVE-2023-20198-Checker

CVE-2023-20198 & 0Day Implant Scanner

Exch-CVE-2021-26855

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

CVE-2020-16898

HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

Blog_Backup

A repository with various tutorials on how to do things in Pentesting, setup environments and other things

CVE-2021-41773-PoC

SandboxSpy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

NessusPreFlight

Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

PotUtils

CVE-2021-28480_HoneyPoC3

DO NOT RUN THIS.

MoveIT-WebShellCheck

Autopeeper

Automated Screenshot Tool

XSS

A collection of XSS Attack vectors

MediaCenterSetup

A setup script for Plex, Sonarr, Radarr & Jackett

xss-proxy

BeEF-inspired XSS proxy service

NotProxyShellScanner

Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

PurpleTeamWorkshop-LabManual

Purple Team Workshop by @jorgeorchilles

HeadlessBounties

A shell script that bundles Eyewitness and Sublist3r to create a great fingerprinting tool

ZephrFish

LogsSteelcon

CSVInjectionPayloads

A list of various ways of injecting payloads for CSV Injection

OldGold

PS-Scripts

Useful scripts for labs

DoNotRunMe

Random-Yara-Rules

A collection of yara rules I've gathered over the years :-)

CVE-2021-22986_Check

CVE-2021-22986 Checker Script in Python3

Exch-CVE-2021-26855_Priv

patched to work

Mailgun-python

Python Wrapper for sending email with mailgun

LegacyResearch

zephrfish.github.io

zsec backup blog

WebSocketsAreFun

FAFO with WebSockets

csc_cypher

Cyber Security Challenge Cipher Challenge

rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

ghostDebian

GhostDeployment Script for Debian

redsocial

SSH_Notify

Different Scripts for SSH hardening blog

Writeups

Various write-ups from CTFs, fixes for things and others

CTF-Solutions

cloudathost-debian

Provision Script for Debian on CAC

Bootspeed

Check the boot speed of a windows machine

FSMF-BurpExtension

Find Subdomains MoFo - Burp Extension WIP

Sub2CDN

VPNConnectScript

VPN Connection Menu Script, Created in Bash

LearnTheRopes

An outline as to how to get the basics nailed down before approaching information security as a career

Kali_Setup

Epic Kali Script, oracle and other thinfs need to be added soon.

subroot

Another subdomain bruteforcer

LTR101

Repository for Breaking into Information Security: Learning the Ropes 101 (https://leanpub.com/ltr101-breaking-into-infosec)

HoffPwn

IncomeTaxCalc

A basic python script that takes your weekly wage and works out how much tax you pay

UnlmtdCalc

A python application that takes the Value of a Cineworld Unlimited card and then works out if it's worth while you getting one based upon your film choices

LearningThings

CVE-2024-3400-Canary

Have we not learnt from HoneyPoC?

xfer

ingress tooling

AzureHound

configFiles

SH

MultiPotato