TinderSec/gh-workflow-auditor external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

TinderSec/gh-workflow-auditor

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/TinderSec/gh-workflow-auditor)

Close

TinderSec / gh-workflow-auditorView on GitHubMore

• External links
• Readme badge

Script to audit GitHub Action Workflow files for potential vulnerabilities.

☆153Aug 28, 2024Updated last year

Alternatives and similar repositories for gh-workflow-auditor

Users that are interested in gh-workflow-auditor are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆502Mar 6, 2026Updated last month
• crashappsec / github-analyzer

  View on GitHub
  A tool to check the security settings of Github Organizations.
  ☆75Feb 9, 2026Updated 2 months ago
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆88Updated this week
• TinderSec / oidc-scanner-aws

  View on GitHub
  ☆49Mar 21, 2023Updated 3 years ago
• artis3n / course-vault-github-oidc

  View on GitHub
  Take this course to learn how to create fine-grained, least-privilege HashiCorp Vault roles for GitHub Action workflows using GitHub OIDC…
  ☆16Updated this week
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆149Mar 3, 2026Updated last month
• praetorian-inc / gato

  View on GitHub
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆742Mar 26, 2026Updated 2 weeks ago
• nikitastupin / pwnhub

  View on GitHub
  How GitHub Actions workflows can be hacked
  ☆181Aug 23, 2024Updated last year
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆253Mar 30, 2026Updated 2 weeks ago
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆69May 18, 2024Updated last year
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆354Mar 10, 2026Updated last month
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆404Updated this week
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆138Jan 28, 2026Updated 2 months ago
• assetnote / h2csmuggler

  View on GitHub
  ☆75Feb 11, 2024Updated 2 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• redrays-io / WS_RaceCondition_PoC

  View on GitHub
  Simple PoC for demonstrating Race Conditions on Websockets
  ☆54Sep 14, 2023Updated 2 years ago
• matiassequeira / docker_explorer

  View on GitHub
  Scan DockerHub images that match a keyword to find secrets.
  ☆60Feb 17, 2021Updated 5 years ago
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆501Jun 27, 2025Updated 9 months ago
• sebastian-mora / awsssome_phish

  View on GitHub
  AWS SSO serverless phishing API.
  ☆32Jun 30, 2021Updated 4 years ago
• hakluke / hakcertstream

  View on GitHub
  Basic implementation of certstream to print new subdomains and domains
  ☆36Jul 6, 2021Updated 4 years ago
• digitalocean-labs / terraform-vault-github-oidc

  View on GitHub
  Terraform module to configure Vault for GitHub OIDC authentication from Action runners.
  ☆29Aug 23, 2024Updated last year
• DataDog / managed-kubernetes-auditing-toolkit

  View on GitHub
  All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.
  ☆373Apr 1, 2026Updated last week
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆841Mar 28, 2025Updated last year
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• doyensec / oidc-ssrf

  View on GitHub
  An Evil OIDC Server
  ☆53Oct 19, 2022Updated 3 years ago
• wfinn / redirex

  View on GitHub
  tool that generates bypasses for open redirects
  ☆51Apr 18, 2022Updated 3 years ago
• Permiso-io-tools / LogLicker

  View on GitHub
  Tool for obfuscating and deobfuscating data.
  ☆77Mar 20, 2024Updated 2 years ago
• Static-Flow / BurpSuiteAutoRepeaterNaming

  View on GitHub
  This extension replaces the default repeater tab name with the URL path of the repeater request.
  ☆24Sep 3, 2021Updated 4 years ago
• trickest / dsieve

  View on GitHub
  Filter and enrich a list of subdomains by level
  ☆213Sep 25, 2023Updated 2 years ago
• PaloAltoNetworks / github-oidc-utils

  View on GitHub
  ☆36Apr 29, 2025Updated 11 months ago
• pry0cc / jf

  View on GitHub
  A wrapper around jq, to help you parse jq output!
  ☆30Aug 23, 2020Updated 5 years ago
• DataDog / stratus-red-team

  View on GitHub
  Granular, Actionable Adversary Emulation for the Cloud
  ☆2,292Updated this week
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,082Apr 4, 2026Updated last week
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• tenable / hidden-services-revealer

  View on GitHub
  ☆40Aug 2, 2024Updated last year
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆341Updated this week
• advanced-security / ghas-reviewer-app

  View on GitHub
  GitHub Advanced Security Pull Request Security Team required review GitHub App
  ☆36Mar 30, 2026Updated 2 weeks ago
• TupleType / awesome-cicd-attacks

  View on GitHub
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆578Feb 12, 2026Updated 2 months ago
• pry0cc / nahamcon-axiom-demo-2021

  View on GitHub
  The commands and scripts I used in the Live Recon Village talks
  ☆37Mar 14, 2021Updated 5 years ago
• wdahlenburg / VhostFinder

  View on GitHub
  Identify virtual hosts by similarity comparison
  ☆135Mar 18, 2026Updated 3 weeks ago
• visma-prodsec / confused

  View on GitHub
  Tool to check for dependency confusion vulnerabilities in multiple package management systems
  ☆779Aug 19, 2024Updated last year