24 open source projects by BishopFox

PoC code from DEF CON 25 presentation

The Rickmote Controller: Hijack TVs using Google Chromecast

Search exposed EBS volumes for secrets

Find cloud assets that no one wants exposed 🔎 ☁️

A ZigBee hacking toolkit by Bishop Fox

Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"

Adversary Simulation Framework

Firecat is a penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network.

A collection of manifests that will create pods with elevated privileges.

Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.

Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks

Simple script that checks a domain for email protections

Convolutional neural network for analyzing pentest screenshots

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

A reverse engineering framework for iOS

Utility to decrypt App Store apps on jailbroken iOS 11.x

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

An auxiliary spellcheck dictionary that corresponds with the Bishop Fox Cybersecurity Style Guide

Web application that lets you test if your domain is vulnerable to email spoofing

A version of Theos/CydiaSubstrate for non-jailbroken iOS devices

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.

Proof of Concept code for CVE-2015-0345 (APSB15-07)