AdnaneKhan/ActionsTOCTOU external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

AdnaneKhan/ActionsTOCTOU

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AdnaneKhan/ActionsTOCTOU)

Close

AdnaneKhan / ActionsTOCTOUView on GitHubMore

• External links
• Readme badge

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

☆38Jan 25, 2026Updated 2 months ago

Alternatives and similar repositories for ActionsTOCTOU

Users that are interested in ActionsTOCTOU are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• synacktiv / gh-hijack-runner

  View on GitHub
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆29Oct 13, 2024Updated last year
• tr4l / iframeBusterXSS

  View on GitHub
  Check for know iframeBuster XSS
  ☆12Sep 25, 2024Updated last year
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆138Jan 28, 2026Updated 2 months ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• N0MoreSecr3ts / wraith-signatures

  View on GitHub
  Signatures for wraith used to detect secrets across various sources
  ☆15Jul 8, 2022Updated 3 years ago
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆253Mar 30, 2026Updated 2 weeks ago
• jstawinski / GitHub-Actions-Attack-Diagram

  View on GitHub
  ☆192Apr 16, 2025Updated 11 months ago
• deletehead / OctoC2t

  View on GitHub
  Simple C2 using GitHub repository as comms channel.
  ☆32Oct 26, 2024Updated last year
• synacktiv / DepFuzzer

  View on GitHub
  ☆93Dec 15, 2025Updated 3 months ago
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆404Updated this week
• Scorpion-Security-Labs / OpenHashAPI

  View on GitHub
  OpenHashAPI provides a secure method of communicating hashes and enables lightweight workflows for security practitioners and enthusiasts…
  ☆13Oct 27, 2024Updated last year
• SpecterOps / GitHound

  View on GitHub
  ☆127Apr 5, 2026Updated last week
• GovTech-CSG / ProxyAgent

  View on GitHub
  ☆66Dec 9, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• elementsinteractive / twyn

  View on GitHub
  Security tool against dependency typosquatting attacks
  ☆55Updated this week
• tenable / hidden-services-revealer

  View on GitHub
  ☆40Aug 2, 2024Updated last year
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆354Mar 10, 2026Updated last month
• pingidentity / AuraIntruder

  View on GitHub
  ☆20Sep 6, 2023Updated 2 years ago
• fox-it / skrapa

  View on GitHub
  A zero dependency and customizable Python library for scanning Windows and Linux process memory.
  ☆66Feb 1, 2024Updated 2 years ago
• boostsecurityio / bagel

  View on GitHub
  bagel, a CLI that inventories security-relevant metadata on developer workstations
  ☆116Updated this week
• offensive-actions / terraform-provider-statefile-rce

  View on GitHub
  This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.
  ☆62Jan 25, 2025Updated last year
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆502Mar 6, 2026Updated last month
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• stephenbradshaw / aws_url_signer

  View on GitHub
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆59Sep 20, 2023Updated 2 years ago
• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆149Mar 3, 2026Updated last month
• JosephTLucas / vger

  View on GitHub
  An interactive CLI application for interacting with authenticated Jupyter instances.
  ☆55May 7, 2025Updated 11 months ago
• 7h3rAm / rudra

  View on GitHub
  A developer-friendly framework for exhaustive analysis of (PCAP and PE) files.
  ☆15Nov 6, 2017Updated 8 years ago
• bilals12 / clusterfuck

  View on GitHub
  ☆42Nov 13, 2025Updated 5 months ago
• ecosyste-ms / roadmap

  View on GitHub
  Planning and roadmap for future Ecosyste.ms development
  ☆21Jun 20, 2024Updated last year
• eCrimeLabs / cratos-fastapi

  View on GitHub
  The CRATOS proxy API integrates with your MISP instance and allows to extract indicators that can be consumed by security components such…
  ☆13Sep 21, 2025Updated 6 months ago
• doyensec / oidc-ssrf

  View on GitHub
  An Evil OIDC Server
  ☆53Oct 19, 2022Updated 3 years ago
• ASOT-LABS / TeamsBreaker

  View on GitHub
  ☆47Jan 31, 2024Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• boostsecurityio / supply-chain-research

  View on GitHub
  Supply Chain Security Research - Attack Trees
  ☆10Jan 9, 2023Updated 3 years ago
• xpcmdshell / electron-probe

  View on GitHub
  Electron-Probe leverages the Node variant of the Chrome Debugging Protocol to execute JavaScript payloads inside of target Electron appli…
  ☆31Jan 13, 2026Updated 3 months ago
• jp-gouin / multi-cluster-supply-chain

  View on GitHub
  ☆16Jul 17, 2024Updated last year
• JFOZ1010 / H1Notifier

  View on GitHub
  HackerOne Notifier is an automated bot that monitors new programs launched on HackerOne and sends Telegram Bot notifications whenever a n…
  ☆22Nov 4, 2025Updated 5 months ago
• kyohmizu / seccamp2025-B4

  View on GitHub
  ☆28Aug 13, 2025Updated 8 months ago
• synacktiv / CacheData_decrypt

  View on GitHub
  A simple Toolkit to BF and decrypt Windows EntraId CacheData
  ☆20Jun 20, 2024Updated last year
• nikitastupin / orgs-data

  View on GitHub
  Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
  ☆87Updated this week