Search websites for git repos, exposed config files, and more as you browse.
Bishop is a vulnerability scanner that searches websites in the background while you browse, looking for exposed version control systems, misconfigured administrative tools, and more. With a whitelisting regex system, you can easily restrict this tool to hosts that you are authorized to scan.
It works by searching for files with a given path on the current URL path and all parent paths, applying given regex to the results to check for proof positive of a vulnerable location. If the path returns 200 and matches the regex, it's flagged as vulnerable and alerts you. All rules are run on all directories in a set of time-staggered background XHR requests, so network throughput remains high at all times.
Bishop comes with a set of rules that hunt for the lowest hanging fruit, but the rule system is entirely extensible - rules are regular expressions that are run on specified directories, so if you can turn it into a regex, Bishop will look for it.
Bishop is intended SOLELY for legal use on web servers that you control or are permitted to scan, and the developers are not responsible for how you choose to use this software.
Bishop is MIT licensed and open source; contribute at https://github.com/jkingsman/bishop.
Latest reviews
- (2023-05-29) Muzafar Ali Yousaf Ali: How can add Vulnerable Sites, is there any template or something like that. it's not adding any site
- (2015-08-24) Moron Perfectus: Excellent for finding vulnerabilities in my projects so i can fix them ASAP. Ability to add your own rules comes in handy quite a bit when I need something specific to look for. Highly recommended.
- (2015-03-24) Jacob Sifuentes: Has an ability to import demo rules that the developer already had setup. Love this! This makes it easier to find mistakes in my own projects and the company I work for's products.