Bishop Vulnerability Scanner
Item logo image for Bishop Vulnerability Scanner

Bishop Vulnerability Scanner

Featured
3.8(

12 ratings

)
Item media 1 screenshot
Item media 2 screenshot

Overview

Search websites for git repos, exposed config files, and more as you browse.

Bishop is a vulnerability scanner that searches websites in the background while you browse, looking for exposed version control systems, misconfigured administrative tools, and more. With a whitelisting regex system, you can easily restrict this tool to hosts that you are authorized to scan. It works by searching for files with a given path on the current URL path and all parent paths, applying given regex to the results to check for proof positive of a vulnerable location. If the path returns 200 and matches the regex, it's flagged as vulnerable and alerts you. All rules are run on all directories in a set of time-staggered background XHR requests, so network throughput remains high at all times. Bishop comes with a set of rules that hunt for the lowest hanging fruit, but the rule system is entirely extensible - rules are regular expressions that are run on specified directories, so if you can turn it into a regex, Bishop will look for it. Bishop is intended SOLELY for legal use on web servers that you control or are permitted to scan, and the developers are not responsible for how you choose to use this software. Bishop is MIT licensed and open source; contribute at https://github.com/jkingsman/bishop.

3.8 out of 512 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Muzafar Ali Yousaf AliMay 29, 2023

How can add Vulnerable Sites, is there any template or something like that. it's not adding any site

Review's profile picture

Moron PerfectusAug 24, 2015

Excellent for finding vulnerabilities in my projects so i can fix them ASAP. Ability to add your own rules comes in handy quite a bit when I need something specific to look for. Highly recommended.

1 person found this review to be helpful
Review's profile picture

Jacob SifuentesMar 24, 2015

Has an ability to import demo rules that the developer already had setup. Love this! This makes it easier to find mistakes in my own projects and the company I work for's products.

2 out of 3 people found this helpful

Details

  • Version
    1.0.12
  • Updated
    January 20, 2019
  • Offered by
    Jack Kingsman
  • Size
    198KiB
  • Languages
    English
  • Developer
    Email
    jack.kingsman+chrome@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has not provided any information about the collection or usage of your data.

Support

Related

Plugin Vulnerabilities

5.0(1)

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for.

Get Git

3.2(6)

Find misconfigured, web accessible .git directories on websites you browse.

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

Display Access Keys

4.3(3)

Displays hint of access keys next ot the elements.

Vulners Web Scanner

4.5(19)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

HackBar

4.1(48)

A browser extension for Penetration Testing

XSS

5.0(7)

Web Development tool

Breakbot

3.8(5)

Quickly add disruptive unicode, naughty strings, and more to your clipboard.

Pulsedive Threat Intelligence

5.0(28)

Highlight IPs, domains, and URLs on any website to enrich them using Pulsedive's free threat intelligence data set.

d3coder

4.1(37)

Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion

OWASP Penetration Testing Kit

4.9(43)

OWASP Penetration Testing Kit

Plugin Vulnerabilities

5.0(1)

Adds warning message to WordPress Plugin Directory pages when plugins are from developer we have released security advisories for.

Get Git

3.2(6)

Find misconfigured, web accessible .git directories on websites you browse.

Shodan

4.5(132)

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

Display Access Keys

4.3(3)

Displays hint of access keys next ot the elements.

Vulners Web Scanner

4.5(19)

Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet!

Hack-Tools

4.7(22)

The all in one Red team extension for web pentester

HackBar

4.1(48)

A browser extension for Penetration Testing

XSS

5.0(7)

Web Development tool

Google apps