bin3xish477 / ghast
GHAST (GitHub Actions Static Analysis Tool) is a tool to analyze the security posture of your GitHub Actions and its surrounding environment for common security vulnerabilities or missing security configuration.
☆17Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ghast
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated 11 months ago
- HazProne is a Cloud Pentesting Framework that emulates close to Real-World Scenarios by deploying Vulnerable-By-Demand AWS resources enab…☆39Updated 2 years ago
- ☆37Updated 7 months ago
- InfoSec OpenAI Examples☆19Updated 11 months ago
- ☆40Updated 5 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 3 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF☆58Updated last year
- ☆31Updated last week
- GCP GOAT is the vulnerable application for learn the GCP Security☆62Updated last year
- OWASP Foundation Web Respository☆37Updated 2 months ago
- CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.☆27Updated 2 years ago
- An LLM and OCR based Indicator of Compromise Extraction Tool☆31Updated 7 months ago
- ☆15Updated 9 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆46Updated last year
- A PoC to Simulate Ransomware Attack on AWS Environment☆27Updated last month
- ☆58Updated last year
- ☆25Updated 3 years ago
- 📚A curated list of product security resources.☆18Updated 2 years ago
- Virtual Security Operations Center☆49Updated last year
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated last year
- ☆55Updated last year
- Build a CVE library with aggregated CISA, EPSS and CVSS data☆27Updated last year
- AWS SSO serverless phishing API.☆29Updated 3 years ago
- ☆13Updated last year
- A GitHub Actions Supply Chain CTF / Goat☆17Updated 5 months ago
- WAF bypass PoC☆43Updated last year
- Determine privileges from cloud credentials via brute-force testing.☆64Updated 2 months ago
- A set of AWS resources for testing the Log4Shell vulnerability, deployable with terraform☆12Updated 2 years ago
- ☆90Updated 2 years ago
- Additional active scan checks for BURP☆20Updated last month