Bishop Fox

All

75 repositories

CVE-2025-0282-check
Public
Safely detect if an Ivanti server is vulnerable to CVE-2025-0282
Python
•
GNU General Public License v3.0
•0•2•0•0•Updated Jan 10, 2025Jan 10, 2025
sliver
Public
Adversary Emulation Framework
golang http dns-server red-team security-tools c2 red-team-engagement command-and-control implant adversarial-attacks
Go
•
GNU General Public License v3.0
•1.2k•8.8k•204•13•Updated Jan 7, 2025Jan 7, 2025
cloudfox
Public
Automating situational awareness for cloud penetration tests.
golang cloud cloud-security penetration-testing-tools aws security
Go
•
MIT License
•191•2k•7•2•Updated Dec 30, 2024Dec 30, 2024
BrokenHill
Public
A productionized greedy coordinate gradient (GCG) attack tool for large language models (LLMs)
Python
•
MIT License
•13•75•0•0•Updated Dec 18, 2024Dec 18, 2024
sj
Public
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
Go
•
MIT License
•83•570•3•0•Updated Nov 15, 2024Nov 15, 2024
local-llm-ctf
Public
A small go harness that uses Ollama to orchestrate LLMs in a restricted process flow
Go
•
MIT License
•1•5•0•0•Updated Sep 10, 2024Sep 10, 2024
cve-2024-21762-check
Public
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762
Python
•
GNU General Public License v3.0
•15•95•3•1•Updated Jul 5, 2024Jul 5, 2024
awsservicemap
Public
Go module that returns supported regions for a service or supported services for a region
Go
•
MIT License
•6•15•0•1•Updated Jun 4, 2024Jun 4, 2024
cloudfoxable
Public
Create your own vulnerable by design AWS penetration testing playground
Python
•
MIT License
•34•343•0•1•Updated May 23, 2024May 23, 2024
jsluice
Public
Extract URLs, paths, secrets, and other interesting bits from JavaScript
javascript security
Go
•
MIT License
•100•1.5k•7•1•Updated May 22, 2024May 22, 2024
gcp-terraform-cloud-connector
Public
This repo provides a terraform module for customers looking to implement Google Cloud connector support for Bishop Fox Cosmos
HCL
•
Apache License 2.0
•1•0•0•0•Updated May 20, 2024May 20, 2024
CVE-2023-27997-check
Public
Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing
Python
•
GNU General Public License v3.0
•25•131•0•0•Updated May 8, 2024May 8, 2024
unredacter
Public
Never ever ever use pixelation as a redaction technique
TypeScript
•
GNU General Public License v3.0
•738•7.9k•24•11•Updated Mar 15, 2024Mar 15, 2024
aws-signing
Public
CLI that allows user to submit http requests using AWS request signing
engineering
Go
•
MIT License
•8•6•0•0•Updated Mar 14, 2024Mar 14, 2024
GitGot
Public
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
github-api security osint fuzzy-matching recon gists security-scanner security-tools reconnaissance sensitive-data-exposure
Python
•
GNU Lesser General Public License v3.0
•213•1.5k•3•1•Updated Mar 7, 2024Mar 7, 2024
eyeballer
Public
Convolutional neural network for analyzing pentest screenshots
python machine-learning ai tensorflow security-tools pentesting-tools
Python
•
GNU General Public License v3.0
•126•1.1k•6•3•Updated Feb 19, 2024Feb 19, 2024
llm-testing-findings
Public
LLM Testing Findings Templates
reporting templates penetration-testing gpt llm genai
HTML
•
MIT License
•14•66•0•0•Updated Feb 14, 2024Feb 14, 2024
ysoserial-bf
Public
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Java
•
MIT License
•1.8k•25•0•0•Updated Feb 9, 2024Feb 9, 2024
iam-vulnerable
Public
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
HCL
•
MIT License
•84•486•0•0•Updated Feb 1, 2024Feb 1, 2024
CVE-2022-22274_CVE-2023-0656
Public
Python
•
GNU General Public License v3.0
•5•20•0•0•Updated Jan 12, 2024Jan 12, 2024
bigip-scanner
Public
Determine the running software version of a remote F5 BIG-IP management interface.
Python
•
MIT License
•18•66•0•2•Updated Jan 3, 2024Jan 3, 2024
knownawsaccountslookup
Public
Go module that provides two lookup functions for the data in https://github.com/fwdcloudsec/known_aws_accounts
Go
•
MIT License
•0•2•0•0•Updated Dec 28, 2023Dec 28, 2023
VulnerableGWTApp
Public
An intentionally-vulnerable GWT-based web application to test tooling and techniques
Java
•0•3•1•0•Updated Dec 18, 2023Dec 18, 2023
kafka-connect-field-and-time-partitioner
Public
Kafka Connect Store Partitioner by custom fields and time; also removing topic from s3 file path
Java
•
Apache License 2.0
•29•2•0•0•Updated Sep 18, 2023Sep 18, 2023
action-gh-release
Public
📦 GitHub Action for creating GitHub Releases
TypeScript
•
MIT License
•476•0•0•0•Updated Aug 24, 2023Aug 24, 2023
CVE-2023-3519
Public
RCE exploit for CVE-2023-3519
Python
•42•220•4•0•Updated Aug 23, 2023Aug 23, 2023
mellon
Public
OSDP attack tool (and the Elvish word for friend)
HTML
•
GNU General Public License v3.0
•5•95•1•0•Updated Aug 15, 2023Aug 15, 2023
forticrack
Public
Decrypt encrypted Fortienet FortiOS firmware images
Python
•
GNU General Public License v3.0
•24•101•0•0•Updated Aug 2, 2023Aug 2, 2023
wordlist-sanitizer
Public
Remove Offensive and Profane Words from Wordlists
Go
•
MIT License
•7•14•0•2•Updated Jul 27, 2023Jul 27, 2023
action-zip
Public
A GitHub action used to zip file contents
Dockerfile
•
MIT License
•32•0•0•0•Updated Jul 26, 2023Jul 26, 2023