Repositories list

• sj

  Public

  BishopFox/sj’s past year of commit activity
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

  Go

  •

  MIT License

  •97•712•4•0•Updated Nov 25, 2025Nov 25, 2025

• sliver

  Public

  BishopFox/sliver’s past year of commit activity
  Adversary Emulation Framework

  dnsgolanghttp+ 12gplv3dns-serversliverred-teamsecurity-toolsc2red-team-engagement+ 5

  Go

  •

  GNU General Public License v3.0

  •1.4k•10k•243•16•Updated Nov 24, 2025Nov 24, 2025

• fortiweb-auth-bypass-check

  Public

  BishopFox/fortiweb-auth-bypass-check’s past year of commit activity
  Python

  •

  MIT License

  •0•2•0•0•Updated Nov 20, 2025Nov 20, 2025

• cloudfox

  Public

  BishopFox/cloudfox’s past year of commit activity
  Automating situational awareness for cloud penetration tests.

  golangawssecurity+ 3cloudcloud-securitypenetration-testing-tools

  Go

  •

  MIT License

  •212•2.3k•9•1•Updated Nov 12, 2025Nov 12, 2025

• shining-mask

  Public

  BishopFox/shining-mask’s past year of commit activity
  Python

  •0•8•0•0•Updated Oct 30, 2025Oct 30, 2025

• iam-vulnerable

  Public

  BishopFox/iam-vulnerable’s past year of commit activity
  Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

  HCL

  •

  MIT License

  •93•523•0•0•Updated Sep 11, 2025Sep 11, 2025

• cloudfoxable

  Public

  BishopFox/cloudfoxable’s past year of commit activity
  Create your own vulnerable by design AWS penetration testing playground

  Python

  •

  MIT License

  •45•406•0•0•Updated Aug 26, 2025Aug 26, 2025

• raink

  Public

  BishopFox/raink’s past year of commit activity
  Use LLMs for document ranking

  Go

  •

  MIT License

  •4•159•1•0•Updated Apr 17, 2025Apr 17, 2025

• sonicrack

  Public

  BishopFox/sonicrack’s past year of commit activity
  Decrypt encrypted SonicOSX firmware images

  Python

  •

  GNU General Public License v3.0

  •3•19•0•0•Updated Feb 24, 2025Feb 24, 2025

• BrokenHill

  Public
  A productionized greedy coordinate gradient (GCG) attack tool for large language models (LLMs)

  Python

  •

  MIT License

  •24•150•1•1•Updated Dec 18, 2024Dec 18, 2024

• local-llm-ctf

  Public
  A small go harness that uses Ollama to orchestrate LLMs in a restricted process flow

  Go

  •

  MIT License

  •1•13•0•0•Updated Sep 10, 2024Sep 10, 2024

• cve-2024-21762-check

  Public

  BishopFox/cve-2024-21762-check’s past year of commit activity
  Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762

  Python

  •

  GNU General Public License v3.0

  •17•106•3•1•Updated Jul 5, 2024Jul 5, 2024

• awsservicemap

  Public
  Go module that returns supported regions for a service or supported services for a region

  Go

  •

  MIT License

  •6•17•0•1•Updated Jun 4, 2024Jun 4, 2024

• jsluice

  Public

  BishopFox/jsluice’s past year of commit activity
  Extract URLs, paths, secrets, and other interesting bits from JavaScript

  javascriptsecurity

  Go

  •

  MIT License

  •128•1.7k•7•1•Updated May 22, 2024May 22, 2024

• gcp-terraform-cloud-connector

  Public

  BishopFox/gcp-terraform-cloud-connector’s past year of commit activity
  This repo provides a terraform module for customers looking to implement Google Cloud connector support for Bishop Fox Cosmos

  HCL

  •

  Apache License 2.0

  •1•1•0•0•Updated May 20, 2024May 20, 2024

• CVE-2023-27997-check

  Public

  BishopFox/CVE-2023-27997-check’s past year of commit activity
  Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

  Python

  •

  GNU General Public License v3.0

  •26•134•0•0•Updated May 8, 2024May 8, 2024

• unredacter

  Public
  Never ever ever use pixelation as a redaction technique

  TypeScript

  •

  GNU General Public License v3.0

  •802•8.2k•22•13•Updated Mar 15, 2024Mar 15, 2024

• aws-signing

  Public

  BishopFox/aws-signing’s past year of commit activity
  CLI that allows user to submit http requests using AWS request signing

  engineering

  Go

  •

  MIT License

  •8•6•0•0•Updated Mar 14, 2024Mar 14, 2024

• GitGot

  Public

  BishopFox/GitGot’s past year of commit activity
  Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

  pythongithub-apisecurity+ 9osintfuzzy-matchingrecongistssecurity-scannersecurity-toolsreconnaissance+ 2

  Python

  •

  GNU Lesser General Public License v3.0

  •218•1.5k•3•0•Updated Mar 7, 2024Mar 7, 2024

• eyeballer

  Public
  Convolutional neural network for analyzing pentest screenshots

  pythonmachine-learningai+ 3tensorflowsecurity-toolspentesting-tools

  Python

  •

  GNU General Public License v3.0

  •146•1.3k•6•3•Updated Feb 19, 2024Feb 19, 2024

• llm-testing-findings

  Public

  BishopFox/llm-testing-findings’s past year of commit activity
  LLM Testing Findings Templates

  reportingtemplatespenetration-testing+ 3gptllmgenai

  HTML

  •

  MIT License

  •16•75•0•0•Updated Feb 14, 2024Feb 14, 2024

• ysoserial-bf

  Public

  BishopFox/ysoserial-bf’s past year of commit activity
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  Java

  •

  MIT License

  •1.8k•31•0•0•Updated Feb 9, 2024Feb 9, 2024

• CVE-2022-22274_CVE-2023-0656

  Public

  BishopFox/CVE-2022-22274_CVE-2023-0656’s past year of commit activity
  Python

  •

  GNU General Public License v3.0

  •5•20•0•0•Updated Jan 12, 2024Jan 12, 2024

• bigip-scanner

  Public
  Determine the running software version of a remote F5 BIG-IP management interface.

  Python

  •

  MIT License

  •22•69•0•2•Updated Jan 3, 2024Jan 3, 2024

• knownawsaccountslookup

  Public

  BishopFox/knownawsaccountslookup’s past year of commit activity
  Go module that provides two lookup functions for the data in https://github.com/fwdcloudsec/known_aws_accounts

  Go

  •

  MIT License

  •0•4•0•0•Updated Dec 28, 2023Dec 28, 2023

• VulnerableGWTApp

  Public

  BishopFox/VulnerableGWTApp’s past year of commit activity
  An intentionally-vulnerable GWT-based web application to test tooling and techniques

  Java

  •0•4•0•0•Updated Dec 18, 2023Dec 18, 2023

• kafka-connect-field-and-time-partitioner

  Public
  Kafka Connect Store Partitioner by custom fields and time; also removing topic from s3 file path

  Java

  •

  Apache License 2.0

  •31•3•0•0•Updated Sep 18, 2023Sep 18, 2023

• action-gh-release

  Public
  📦 GitHub Action for creating GitHub Releases

  TypeScript

  •

  MIT License

  •564•1•0•0•Updated Aug 24, 2023Aug 24, 2023

• CVE-2023-3519

  Public
  RCE exploit for CVE-2023-3519

  Python

  •43•230•4•0•Updated Aug 23, 2023Aug 23, 2023

• mellon

  Public
  OSDP attack tool (and the Elvish word for friend)

  HTML

  •

  GNU General Public License v3.0

  •8•107•1•0•Updated Aug 15, 2023Aug 15, 2023