Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Our research is your research

Hacking Tools and Research

We focus on finding solutions to difficult problems and then sharing that information freely with the broader cybersecurity community whenever possible. In fact, Bishop Fox is home to the innovators and engineers behind some of the most popular offensive security tools in the industry. We hope you find them useful.

Expand your hacking toolkit with tools and research from our team of experts.

Swagger Jacker

Improved auditing of OpenAPI definition files.

Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files.

Compromise Linux-trusted processes to capture sensitive data. is a code injection tool that compromises Linux-trusted processes and containers.


Find exploitable attack paths in cloud infrastructure.

CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.


How to Unredact Pixelized Text

Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form.


Determine If Your Version is at Risk

Big-IP Scanner aids you in determining which software version is running on a remote F5 BIG-IP management interface.


Give those screenshots of yours a quick eyeballing.

Eyeballer is for large-scope network penetration tests where you need to find targets from a huge set of web-based hosts. Use your favorite screenshotting tools and then run them through Eyeballer to tell you what's likely to contain vulnerabilities, and what isn't.


Shine a light on remote classpaths and raise bug severity for all.

GadgetProbe takes a wordlist of Java classes, outputs serialized DNS callback objects, and reports what's lurking in the remote classpath. Start probing endpoints!


Search through troves of public data on GitHub for sensitive secrets.

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

Danger Drone

Test the effectiveness of drone defenses.

Practical guide to Drone hacking for penetration testers. This research is helping equip security professionals with the tools to test the effectiveness of their drone defenses and eliminate exposed attack vectors.


Search exposed EBS volumes for secrets.

Search through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around!


Conduct effective IoT product security evaluation.

Defeat Zigbee smart locks and alarms sensors with ZigDiggity. It enables cybersecurity professionals and developers to run complex interactions with ZigBee networks using a single device.


Emulate threats and demonstrate the risk of a breach.

Sliver is a cross-platform general purpose implant framework designed to be an open-source alternative to Cobalt Strike. It supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS, and supports multiplayer mode for collaboration.

h2c Smuggler

Find insecure edge-server proxy_pass configurations.

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations allowing a bypass of proxy rules and access controls.


Guess method signatures without invocation.

RMIScout enables wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. It supports multiple Java RMI protocols, method invocation, and exploitation.

iam vulnerable

Create your own vulnerable by design AWS IAM privilege escalation playground.

IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation.

AWS PrivEsc Methods

Explore AWS Privilege Escalation with tried-and-tested methods.

This research builds upon existing AWS privesc research and expands it. We tried 21 existing methods and grouped them into five categories. The result is findings that can benefit both attackers and defenders.

RFID Hacking

Investigate attack tools & techniques for stealing RFID badge information.

Practical guide for penetration testers includes tools and techniques for stealing and using RFID proximity badge information to gain unauthorized access to buildings and other secure areas.

Google Hacking Diggity Research

Identify vulnerable systems and sensitive data in corporate networks.

This research is dedicated to investigating Google Hacking, i.e. the latest techniques that leverage search engines, such as Google, Bing, and Shodan, to quickly identify vulnerable systems and sensitive data in corporate networks.

Home & Office Security System Hacking

Bypass home and office security systems without leaving a trace!

This research is about bypassing home and office digital physical security systems before it can alert the authorities. All the methods presented are for covert entry and leave no physical sign of entry or compromise.

SharePoint Hacking Diggity Project

Identify exposures in vulnerable SharePoint deployments.

This research investigates tools and techniques in hacking Microsoft SharePoint to help administrators identify insecure configurations and exposures introduced by vulnerable SharePoint deployments.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.