Bishop Fox

All

80 repositories

cloudfox
Public
Automating situational awareness for cloud penetration tests.
golang aws security cloud cloud-security penetration-testing-tools
Go
•
MIT License
•222•2.3k•8•1•Updated Mar 2, 2026Mar 2, 2026
sliver
Public
Adversary Emulation Framework
dns golang http gplv3 dns-server sliver red-team security-tools c2 red-team-engagement
Go
•
GNU General Public License v3.0
•1.5k•11k•205•5•Updated Mar 2, 2026Mar 2, 2026
sj
Public
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
Go
•
MIT License
•98•721•3•0•Updated Feb 28, 2026Feb 28, 2026
cloudfoxable
Public
Create your own vulnerable by design AWS penetration testing playground
Python
•
MIT License
•51•437•1•0•Updated Feb 16, 2026Feb 16, 2026
sliver-wasm-stager
Public archive
A stager and implant that executes remote Web Assembly
Rust
•
GNU General Public License v3.0
•7•37•0•0•Updated Feb 4, 2026Feb 4, 2026
badPods
Public
A collection of manifests that will create pods with elevated privileges.
kubernetes security assessment penetration-testing exploitation podspec pods privileged hostpath hostpid
Shell
•
MIT License
•118•687•0•0•Updated Dec 30, 2025Dec 30, 2025
awsservicemap
Public
Go module that returns supported regions for a service or supported services for a region
Go
•
MIT License
•7•18•0•0•Updated Dec 12, 2025Dec 12, 2025
CVE-2025-6980-check
Public
Safely test Arista NGFW for information disclosure
Python
•
MIT License
•0•3•0•0•Updated Dec 4, 2025Dec 4, 2025
fortiweb-auth-bypass-check
Public
Python
•
MIT License
•0•4•0•0•Updated Dec 3, 2025Dec 3, 2025
shining-mask
Public
Python
•0•12•0•0•Updated Oct 30, 2025Oct 30, 2025
iam-vulnerable
Public
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
HCL
•
MIT License
•101•550•0•0•Updated Sep 11, 2025Sep 11, 2025
raink
Public
Use LLMs for document ranking
Go
•
MIT License
•5•164•1•0•Updated Apr 17, 2025Apr 17, 2025
sonicrack
Public
Decrypt encrypted SonicOSX firmware images
Python
•
GNU General Public License v3.0
•3•20•0•0•Updated Feb 24, 2025Feb 24, 2025
BrokenHill
Public
A productionized greedy coordinate gradient (GCG) attack tool for large language models (LLMs)
Python
•
MIT License
•24•157•1•1•Updated Dec 18, 2024Dec 18, 2024
local-llm-ctf
Public
A small go harness that uses Ollama to orchestrate LLMs in a restricted process flow
Go
•
MIT License
•1•16•0•0•Updated Sep 10, 2024Sep 10, 2024
cve-2024-21762-check
Public
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762
Python
•
GNU General Public License v3.0
•18•106•3•1•Updated Jul 5, 2024Jul 5, 2024
jsluice
Public
Extract URLs, paths, secrets, and other interesting bits from JavaScript
javascript security
Go
•
MIT License
•136•1.8k•7•2•Updated May 22, 2024May 22, 2024
gcp-terraform-cloud-connector
Public
This repo provides a terraform module for customers looking to implement Google Cloud connector support for Bishop Fox Cosmos
HCL
•
Apache License 2.0
•1•1•0•0•Updated May 20, 2024May 20, 2024
CVE-2023-27997-check
Public
Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing
Python
•
GNU General Public License v3.0
•25•134•0•0•Updated May 8, 2024May 8, 2024
unredacter
Public
Never ever ever use pixelation as a redaction technique
TypeScript
•
GNU General Public License v3.0
•800•8.3k•22•13•Updated Mar 15, 2024Mar 15, 2024
aws-signing
Public
CLI that allows user to submit http requests using AWS request signing
engineering
Go
•
MIT License
•8•6•0•0•Updated Mar 14, 2024Mar 14, 2024
GitGot
Public
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
python github-api security osint fuzzy-matching recon gists security-scanner security-tools reconnaissance
Python
•
GNU Lesser General Public License v3.0
•217•1.5k•3•0•Updated Mar 7, 2024Mar 7, 2024
eyeballer
Public
Convolutional neural network for analyzing pentest screenshots
python machine-learning ai tensorflow security-tools pentesting-tools
Python
•
GNU General Public License v3.0
•148•1.3k•6•3•Updated Feb 19, 2024Feb 19, 2024
llm-testing-findings
Public
LLM Testing Findings Templates
reporting templates penetration-testing gpt llm genai
HTML
•
MIT License
•17•75•0•0•Updated Feb 14, 2024Feb 14, 2024
ysoserial-bf
Public
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Java
•
MIT License
•1.9k•34•0•0•Updated Feb 9, 2024Feb 9, 2024
CVE-2022-22274_CVE-2023-0656
Public
Python
•
GNU General Public License v3.0
•5•19•0•0•Updated Jan 12, 2024Jan 12, 2024
bigip-scanner
Public
Determine the running software version of a remote F5 BIG-IP management interface.
Python
•
MIT License
•21•69•0•2•Updated Jan 3, 2024Jan 3, 2024
knownawsaccountslookup
Public
Go module that provides two lookup functions for the data in https://github.com/fwdcloudsec/known_aws_accounts
Go
•
MIT License
•0•4•0•0•Updated Dec 28, 2023Dec 28, 2023
VulnerableGWTApp
Public
An intentionally-vulnerable GWT-based web application to test tooling and techniques
Java
•0•5•0•0•Updated Dec 18, 2023Dec 18, 2023
kafka-connect-field-and-time-partitioner
Public
Kafka Connect Store Partitioner by custom fields and time; also removing topic from s3 file path
Java
•
Apache License 2.0
•31•3•0•0•Updated Sep 18, 2023Sep 18, 2023