This is your work, valued

Scotland

Andy | ZephrFish

Elite
@ZephrFish

Security Researcher - FAFO

BugBountyTemplates. A collection of templates for bug bounty reporting

487

GoogD0rker. Note: Going through a full re-write of the tooling so the current versions in the repo do not work!

417

OmniProx. IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare

287

Bloodhound-CustomQueries. Custom Queries - Brought Up to BH4.1 syntax

283

DockerAttack. Various Tools and Docker Images

281

CVE-2020-1350_HoneyPoC. HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.

278

Wordlists. Various Payload wordlists

244

pyLDAPGui. Python based GUI for browsing LDAP

182

static-tools. Static compiled binaries + scripts ready to use on systems

153

QoL-BOFs. Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning

140

WindowsHardeningScript. Some settings stolen from multiple scripts @ZephrFish

137

LOLSearches. Living off the land searches for explorer and sharepoint

102

BurpFeed. Hacked together script for feeding urls into Burp's Sitemap

97

AzureAttackKit. Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information

79

RandomScripts. Random Shell Scripts and other ideas I have along the way

73

XSSPayloads. Cross Site Scripting Payloads -- Variations

72

F5-CVE-2022-1388-Exploit. Exploit and Check Script for CVE 2022-1388

59

GoClipC2. Clipboard for Command and Control between VDI, RDP and Others on Windows

53

AttackDeploy. Scripts for Deploying new server

49

Stompy. Timestomp Tool to flatten MAC times with a specific timestamp

49

CVE-2021-22893_HoneyPoC2. DO NOT RUN THIS.

47

ADFSDump-PS. PowerShell Implementation of ADFSDump to assist with GoldenSAML

44

GoogD0rk. Python

43

DynamicMSBuilder. A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

38

AutoHoneyPoC. AutoPoC Generator HoneyPoC

36

CVE-2023-20198-Checker. CVE-2023-20198 & 0Day Implant Scanner

33

CVE-2024-4577-PHP-RCE. PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

32

HelloJackHunter. Research into WinSxS binaries and finding hijackable paths

31

SandboxSpy. Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

31

Exch-CVE-2021-26855. CVE-2021-26855: PoC (Not a HoneyPoC for once!)

30

ChunkyIngress. Leverages B64 chunks to split files and save to clipboard

26

bug-bounty-reference. Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature

25

CVE-2020-16898. HoneyPoC 2.0: Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

22

Blog_Backup. A repository with various tutorials on how to do things in Pentesting, setup environments and other things

21

RepoMan. Repo hacks

21

CVE-2023-34362. CVE-2023-34362: MOVEit Transfer Unauthenticated RCE

19

CVE-2025-53770-Scanner. ToolShell scanner - CVE-2025-53770 and detection information

18

CVE-2021-41773-PoC. Python

17

SCCMSiteCodeHunter. C#

16

PotUtils. Go

16

NessusPreFlight. Nessus Preflight(NPF) Check for local and remote systems. Essentially sets three registry keys and restarts a service to allow nessus to scan a machine

16

edr-checker. Gets the name of all currently running process then checks them against a list of known defensive products such as AV's, EDR's and logging tools.

15

PurpleTeamWorkshop-LabManual. Purple Team Workshop by @jorgeorchilles

12

Red-Teaming-Toolkit. This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

11

MoveIT-WebShellCheck. Python

11

Lepus. Subdomain finder

11

CVE-2021-28480_HoneyPoC3. DO NOT RUN THIS.

10

NOPe. NOPe - Testing some alternate NOP opcodes

10

XSS. A collection of XSS Attack vectors

10

blind. A BOF for patching AMSI, ETW and NtTraceEvent aka Sysmon using Trampolines

10

xss-proxy. BeEF-inspired XSS proxy service

10

Autopeeper. Automated Screenshot Tool

9

MediaCenterSetup. A setup script for Plex, Sonarr, Radarr & Jackett

8

OffensiveSysAdmin. A collection of tools Neil and Andy have been working on released in one place and interlinked with previous tools

7

NotProxyShellScanner. Python implementation for NotProxyShell aka CVE-2022-40140 & CVE-2022-41082

7

LogsSteelcon.

6

PowerSploit_Sensitive_Info_Hunter. Modifed PowerSploit/PowerView to search files and match RegEx for Sensitive info (PII, PCI, Passwords, Usernames, SNMP Strings, etc.)

4

Exch-CVE-2021-26855_Priv. patched to work

4

Mailgun-python. Python Wrapper for sending email with mailgun

4

UnhookingPatch. Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime

3