Bishop Fox

Repositories

• guardian-ci
  Shell MIT 0 1 0 0 Updated Jan 22, 2021

• badPods

  A collection of manifests that will create pods with elevated privileges.

  kubernetes security assessment penetration-testing exploitation podspec pods
  Shell MIT 5 22 0 0 Updated Jan 21, 2021

• sliver

  Implant framework

  golang http dns-server red-team security-tools c2 red-team-engagement
  Go GPL-3.0 183 1,258 69 (8 issues need help) 3 Updated Jan 16, 2021

• zigdiggity

  A ZigBee hacking toolkit by Bishop Fox

  zigbee iot-security security-tools pentest-tool zigbee-hacking
  Python GPL-3.0 41 163 3 1 Updated Jan 5, 2021

• cyberdic

  An auxiliary spellcheck dictionary that corresponds with the Bishop Fox Cybersecurity Style Guide

  language spellcheck dictionary spelling cyber hunspell word-processor
  CC-BY-SA-4.0 12 53 0 0 Updated Dec 9, 2020

• rmiscout

  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

  java scanner javassist offensive-security java-rmi security-tools java-deserialization
  Java MIT 41 265 0 0 Updated Dec 8, 2020

• GitGot

  Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

  python github-api security osint fuzzy-matching recon gists
  Python LGPL-3.0 149 943 0 1 Updated Sep 28, 2020

• h2csmuggler

  HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

  infosec bugbounty security-tools security-research
  Python MIT 27 257 0 1 Updated Sep 15, 2020

• smogcloud

  Find cloud assets that no one wants exposed 🔎 ☁️

  aws cloud api-documentation penetration-testing infosec blueteam security-tools
  Go 19 155 2 0 Updated Jul 20, 2020

• bfdecrypt

  Utility to decrypt App Store apps on jailbroken iOS 11.x
  C Apache-2.0 58 329 4 1 Updated May 24, 2020

• GadgetProbe

  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

  java pentesting javassist security-tools burp-extensions java-deserialization pentest-tools
  Java MIT 50 319 0 0 Updated Apr 22, 2020

• IDontSpeakSSL-deprecated Archived

  Simple tool based on sslyze to scan large scope and provide SSL/TLS vulnerabilities

  tls ssl security-tools testssl
  Python GPL-3.0 8 46 0 0 Updated Apr 6, 2020

• ca-clone

  Scripts to clone CA certificates for use in HTTPS client attacks.

  reverse-engineering mitm pentesting security-tools
  Shell GPL-3.0 11 18 0 0 Updated Mar 26, 2020

• dufflebag

  Search exposed EBS volumes for secrets

  aws-ebs elasticbeanstalk security-tools aws-ebs-volumes aws-ebs-snapshot aws-eb
  Go GPL-3.0 15 167 1 0 Updated Feb 5, 2020

• rickmote

  The Rickmote Controller: Hijack TVs using Google Chromecast

  prank google-chromecast rickroll rickmote
  Python GPL-3.0 34 193 4 0 Updated Feb 4, 2020

• eyeballer

  Convolutional neural network for analyzing pentest screenshots

  python machine-learning ai tensorflow security-tools pentesting-tools
  Python GPL-3.0 58 408 12 4 Updated Jan 23, 2020

• pwn-pulse

  Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

  exploit penetration-testing infosec pentesting cve red-team pentest-scripts
  Shell GPL-3.0 49 103 1 0 Updated Jan 15, 2020

• bfinject

  Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
  Objective-C++ Apache-2.0 146 534 25 9 Updated Dec 19, 2019

• aws_seeker

  Forked from hachisanju/aws_seeker
  Python 3 0 0 0 Updated Nov 22, 2019

• .github

  Bishop Fox Engineering
  0 1 0 0 Updated Nov 20, 2019

• n0sc0p3

  Forked from hachisanju/n0sc0p3

  Silly little aws auditing project
  Python 1 0 0 0 Updated Nov 14, 2019

• s3-odradek

  Forked from hachisanju/s3-odradek

  Little tool to suss out S3 permissions as visible to the public.
  Python 1 0 0 0 Updated Nov 14, 2019

• spoofcheck

  Simple script that checks a domain for email protections

  python phishing spf dmarc-record email-security security-tools
  Python MIT 106 420 4 5 Updated Nov 1, 2019

• gowitness

  Forked from sensepost/gowitness

  🔍 gowitness - a golang, web screenshot utility using Chrome Headless
  Go 144 7 0 0 Updated May 31, 2019

• SpoofcheckSelfTest

  Web application that lets you test if your domain is vulnerable to email spoofing
  Python Apache-2.0 13 21 0 1 Updated Mar 5, 2019

• deephack

  PoC code from DEF CON 25 presentation

  machine-learning ai proof-of-concept tensorflow keras security-tools
  Python 49 222 3 1 Updated Apr 18, 2018

• xsshunter

  Forked from mandatoryprogrammer/xsshunter

  The XSS Hunter service - a portable version of XSSHunter.com
  JavaScript 242 20 0 0 Updated Nov 13, 2017

• ProxyListReliabilityCheck

  Perl script to test the reliability of a list of open web proxies.
  Perl 9 17 1 0 Updated Jul 4, 2017

• iSpy

  A reverse engineering framework for iOS
  Logos Apache-2.0 101 356 8 0 Updated Aug 11, 2016

• ispy-shell
  C 1 15 1 0 Updated Jul 18, 2016