bin3xish477 / ghast
GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environment for common security vulnerabilities or missing security configuration.
☆17Updated last year
Alternatives and similar repositories for ghast:
Users that are interested in ghast are comparing it to the libraries listed below
- ☆41Updated last month
- ☆58Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆40Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆64Updated last year
- ☆45Updated 9 months ago
- A PoC to Simulate Ransomware Attack on AWS Environment☆30Updated 5 months ago
- ☆35Updated this week
- Virtual Security Operations Center☆50Updated last year
- A tool for secrets management, encryption as a service, and privileged access management☆12Updated 3 weeks ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆33Updated 3 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- InfoSec OpenAI Examples☆19Updated last year
- ☆55Updated last year
- 📚A curated list of product security resources.☆19Updated 2 years ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆36Updated 6 months ago
- Autoconfigured ELK Stack That Contains All EPSS and NVD CVE Data☆49Updated 8 months ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated 2 years ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆31Updated 3 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated last year
- Determine privileges from cloud credentials via brute-force testing.☆67Updated 7 months ago
- ☆33Updated 3 years ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 7 months ago
- A GitHub Actions Supply Chain CTF / Goat☆17Updated last month
- ☆10Updated 2 years ago
- WAF bypass PoC☆46Updated last year
- Do bulk whois lookups and get alerted on domains of interest.☆33Updated 7 months ago
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆27Updated last year
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆16Updated 9 months ago
- MyOpenVDP is a free web application to install a vulnerability disclosure policy or a vulnerability disclosure program on your assets. (V…☆27Updated 7 months ago
- Scripts and misc. stuff related to the PortSwigger Web Academy☆17Updated 3 years ago