There are no reviews yet. Be the first to send feedback to the community and the maintainers!
sliver
Adversary Emulation Frameworkunredacter
Never ever ever use pixelation as a redaction techniquecloudfox
Automating situational awareness for cloud penetration tests.GitGot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScripteyeballer
Convolutional neural network for analyzing pentest screenshotsspoofcheck
Simple script that checks a domain for email protectionsh2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)bfinject
Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaksGadgetProbe
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.badPods
A collection of manifests that will create pods with elevated privileges.sj
A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.iam-vulnerable
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.bfdecrypt
Utility to decrypt App Store apps on jailbroken iOS 11.xiSpy
A reverse engineering framework for iOSrmiscout
RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilitiessmogcloud
Find cloud assets that no one wants exposed 🔎 ☁️cloudfoxable
Create your own vulnerable by design AWS penetration testing playgroundsliver-gui
A Sliver GUI Clientdufflebag
Search exposed EBS volumes for secretszigdiggity
A ZigBee hacking toolkit by Bishop Foxdeephack
PoC code from DEF CON 25 presentationrickmote
The Rickmote Controller: Hijack TVs using Google ChromecastCVE-2023-3519
RCE exploit for CVE-2023-3519json-interop-vuln-labs
Companion labs to "An Exploration of JSON Interoperability Vulnerabilities"Imperva_gzip_WAF_Bypass
pwn-pulse
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)firecat
Firecat is a penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network.CVE-2023-27997-check
Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timingasminject
Heavily-modified fork of David Buchanan's dlinject project. Injects arbitrary assembly (or precompiled binary) payloads directly into x86-64, x86, and ARM32 Linux processes without the use of ptrace by accessing /proc/<pid>/mem. Useful for certain post-exploitation scenarios, recovering content from process memory, etc..cve-2024-21762-check
Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762anti-anti-automation
Anti-Anti-Automation Frameworkmellon
OSDP attack tool (and the Elvish word for friend)forticrack
Decrypt encrypted Fortienet FortiOS firmware imagescyberdic
An auxiliary spellcheck dictionary that corresponds with the Bishop Fox Cybersecurity Style Guidellm-testing-findings
LLM Testing Findings Templatesbigip-scanner
Determine the running software version of a remote F5 BIG-IP management interface.IDontSpeakSSL-deprecated
Simple tool based on sslyze to scan large scope and provide SSL/TLS vulnerabilitiesspfmap
A program to map out SPF and DKIM records for a large number of domainsCVE-2021-35211
SpoofcheckSelfTest
Web application that lets you test if your domain is vulnerable to email spoofingca-clone
Scripts to clone CA certificates for use in HTTPS client attacks.ProxyListReliabilityCheck
Perl script to test the reliability of a list of open web proxies.ispy-shell
coldfusion-10-11-xss
Proof of Concept code for CVE-2015-0345 (APSB15-07)CVE-2022-22274_CVE-2023-0656
awsservicemap
Go module that returns supported regions for a service or supported services for a regionwordlist-sanitizer
Remove Offensive and Profane Words from Wordlistssliver-overlord
burpcage
guardian-ci
VulnerableGWTApp
An intentionally-vulnerable GWT-based web application to test tooling and techniques.github
Bishop Fox Engineeringknownawsaccountslookup
Go module that provides two lookup functions for the data in https://github.com/fwdcloudsec/known_aws_accountsLove Open Source and this site? Check out how you can help us