resources.bishopfox.comOpen-Source Hacking Tools from the Bishop Fox Labs | Bishop

Fox Bishop Fox named Leader” in 2024 GigaOm Radar for Attack Surface Management . Read the Report › Cosmos Services Resources Customers PartnersGet Started Introducing Cosmos Named Leader of the GigaOm Radar for the third year in a row! Request A Demo Cosmos Overview Meet Cosmos: The continuous offensive security solution designed to provide proactive defense. Cosmos Attack Surface Management Get Cosmos Attack Surface Management (CASM) for unmatched visibility into your changing external attack surface with continuous discovery and mapping. Cosmos Application Penetration Testing Cosmos Application Penetration Testing (CAPT) strengthens the security of business-critical applications with in-depth assessments. Cosmos External Penetration Testing Cosmos External Penetration Testing (CEPT) builds on Cosmos Attack Surface Management to provide the highest level of attack surface protection with post-exploitation activities. The Best Defense is a Great Offense See Why We’re the Leaders in Offensive Security Explore Services Application Security Ensure your applications are secure and improve your DevSecOps practices. Application Pen Testing Hybrid App Assessment Mobile App Assessment View More Red Team & Readiness Get a holistic view of your ability to defend against a real-world attack. Social Engineering Incident Response Tabletop Exercise Ransomware Readiness IoT & Product Security Validate interconnected devices and products are secure against attackers. Cloud Security Assess cloud security posture with expert testing and analysis of your environment. Network Security Get insight into how skilled adversaries could establish network access and put sensitive systems and data at risk. External Pen Testing Internal Pen Testing Continuous Attack Surface Testing AI/ML Security Assessment Fortify the security of rapidly evolving AI/ML applications, models, and supporting infrastructures. Compliance, Regulations, & Frameworks Satisfy governance, risk, and compliance programs with our testing services. Assessments for Our Partners We’re proud to work with Google, Facebook, and Amazon to increase security in their partner ecosystems. Cloud App Security Assessments (CASA) Meta Workplace Assessments Amazon Alexa Assessments View More A Ponemon Institute Report The State of Offensive Security Get the blueprint. Insights into how mature security organizations invest in offensive strategies. Get the Report Resource Center Discover new offensive security resources, ranging from reports and eBooks to slide decks from speaking gigs. Webcasts Reports eBooks & Guides Cybersecurity Style Guide View All Bulletins & Advisories Explore the latest security bulletins and advisories released by our team. Exploit for Fortinet CVE-2022-42475 Latest View All Blog Dive into our blog for insights and perspectives from our offensive security experts. Industry Technology Bishop Fox Labs Learn more about our research and some of the most popular open-source security tools. Check them out here! Hacking Tools Training Sessions Why Partner with Us? Join Forces with the Leaders in Offensive Security Independent Assessment by TAG Cyber Get the Report Partner Program Overview Learn about our partner programs and see how we can work together to provide best-in-class security offerings. Find a Partner Check out our awesome ecosystem of trusted partners to find the right solution for your needs. Become a Partner Explore partnership opportunities and apply to join forces with Bishop Fox. Assessments for Our Partners We’re proud to work with Google, Facebook, and Amazon to increase the security of their partner ecosystems. Cloud Application Security Assessments Mobile Application Security Assessment Nest Assessments Meta Workplace Assessments Amazon Alexa Assessments We’re Hiring! Want to Work with the Best Minds in Offensive Security? Be part of an elite team and work on projects that have a real impact. Explore Openings Company Overview Get to know us. Learn about our roots and see why we’re on a mission to improve security for all. Events Join us at an upcoming event or peruse our speaking engagements, past and present. Newsroom Read the latest articles, announcements, and press releases from Bishop Fox. Contact Us Want to get in touch? We’re ready to connect. Career Opportunities We’re hiring! Explore our open positions and discover why the Fox Den is a great place to build your career. Intern & Educational Programs Starting your offensive security journey? Check out our internships and educational programs. Bishop Fox Mexico ¡Celebramos! Bishop Fox is now in Mexico. Learn more about our expansion. Cosmos Overview Cosmos Overview Cosmos Attack Surface Management Cosmos Application Penetration Testing Cosmos External Penetration Testing Services Overview Application Security Red Team & Readiness IoT & Product Security Cloud Security Network Security AI/ML Security Assessment Compliance, Regulations, & Frameworks Assessments for Our Partners Resources Overview Resource Center Bulletins & Advisories Blog Bishop Fox Labs Customers Partners Overview Partner Program Overview Find a Partner Become a Partner Assessments for Our PartnersOverview Company Overview Events Newsroom Contact Us Career Opportunities Intern & Educational Programs Bishop Fox Mexico Get Started Our research is your research Hacking Tools and Research We focus on finding solutions to difficult problems and then sharing that information freely with the broader cybersecurity community whenever possible. In fact, Bishop Fox is home to the innovators and engineers behind some of the most popular offensive security tools in the industry. We hope you find them useful. Learn About Labs Expand your hacking toolkit with tools and research from our team of experts. Swagger Jacker Improved auditing of OpenAPI definition files. Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files. Get Swagger Jacker asminject.py Compromise Linux-trusted processes to capture sensitive data. asminject.py is a code injection tool that compromises Linux-trusted processes and containers. Get asminject.py CLOUDFOX Find exploitable attack paths in cloud infrastructure. CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS. Get CloudFox UNREDACTER How to Unredact Pixelized Text Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form. Get Unredacter BIG IP SCANNER Determine If Your Version is at Risk Big-IP Scanner aids you in determining which software version is running on a remote F5 BIG-IP management interface. Get Big-IP Scanner EYEBALLER Give those screenshots of yours a quick eyeballing. Eyeballer is for large-scope network penetration tests where you need to find targets from a huge set of web-based hosts. Use your favorite screenshotting tools and then run them through Eyeballer to tell you what’s likely to contain vulnerabilities, and what isn’t. Get Eyeballer GADGETPROBE Shine a light on remote classpaths and raise bug severity for all. GadgetProbe takes a wordlist of Java classes, outputs serialized DNS callback objects, and reports what’s lurking in the remote classpath. Start probing endpoints! Get GadgetProbe GITGOT Search through troves of public data on GitHub for sensitive secrets. GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. Get GitGot Danger Drone Test the effectiveness of drone defenses. Practical guide to Drone hacking for penetration testers. This research is helping equip security professionals with the tools to test the effectiveness of their drone defenses and eliminate...