nikitastupin/pwnhub external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nikitastupin/pwnhub

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nikitastupin/pwnhub)

Close

nikitastupin / pwnhubView on GitHubMore

• External links
• Readme badge

How GitHub Actions workflows can be hacked

☆181Aug 23, 2024Updated last year

Alternatives and similar repositories for pwnhub

Users that are interested in pwnhub are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• nikitastupin / orgs-data

  View on GitHub
  Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
  ☆87Apr 25, 2026Updated 2 weeks ago
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆146Jan 28, 2026Updated 3 months ago
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆529Updated this week
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆41Jan 25, 2026Updated 3 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆150Apr 14, 2026Updated 3 weeks ago
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆266Mar 30, 2026Updated last month
• Ling-Yizhou / zendframework3-

  View on GitHub
  ☆17Jan 3, 2021Updated 5 years ago
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆152Aug 28, 2024Updated last year
• theronielanddaronpodcastshow / svja

  View on GitHub
  The Super Vulnerable Java Application (SVJA), as demonstrated in the Roniel and DaRon Podcast Show, is an Apache Struts application desig…
  ☆13Jan 1, 2026Updated 4 months ago
• TinderSec / oidc-scanner-aws

  View on GitHub
  ☆49Mar 21, 2023Updated 3 years ago
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆501Jun 27, 2025Updated 10 months ago
• dibsy / Recipies-Of-A-Jenkins-Hacker

  View on GitHub
  Jenkins Security Research or Hacking Jenkins ;)
  ☆12Dec 10, 2024Updated last year
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆88Apr 24, 2026Updated 2 weeks ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆446Updated this week
• yavolo / param-extract

  View on GitHub
  Regex out URI parameters from backend code, craft URIs to check for reflections or send to local burp proxy
  ☆13Dec 8, 2022Updated 3 years ago
• c3l3si4n / subdomain_data

  View on GitHub
  Results from analyzing data gathered from 1.6 billion subdomains
  ☆32Oct 15, 2024Updated last year
• synacktiv / gh-hijack-runner

  View on GitHub
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆30Oct 13, 2024Updated last year
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,115Updated this week
• raesene / k8s_ssrf_portscanner

  View on GitHub
  ☆30Jan 12, 2023Updated 3 years ago
• Adversis / sketchy

  View on GitHub
  A tool for folks who `git clone` first and ask questions later
  ☆68Apr 15, 2026Updated 3 weeks ago
• carlospolop / bf-aws-perms-simulate

  View on GitHub
  ☆20Feb 9, 2024Updated 2 years ago
• zer0yu / anew

  View on GitHub
  A tool for adding new lines to files, skipping duplicates and written in Rust!
  ☆21May 8, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Cache-Money / chronorace

  View on GitHub
  ☆73Nov 22, 2021Updated 4 years ago
• caido-community / burp2caido

  View on GitHub
  A tool to migrate Burpsuite HTTP history to Caido
  ☆37Apr 25, 2025Updated last year
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• PaloAltoNetworks / github-oidc-utils

  View on GitHub
  ☆36Apr 29, 2025Updated last year
• GitHubSecurityLab / ruby-unsafe-deserialization

  View on GitHub
  Proof of Concepts for unsafe deserialization in Ruby
  ☆17Oct 17, 2024Updated last year
• nikitastupin / clairvoyance

  View on GitHub
  Obtain GraphQL API schema even if the introspection is disabled
  ☆1,444Dec 5, 2025Updated 5 months ago
• defparam / haptyc

  View on GitHub
  ☆93Sep 18, 2021Updated 4 years ago
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆69May 18, 2024Updated last year
• cedowens / Helpful_aws-scripts

  View on GitHub
  python3 scripts to help with aws triage needs
  ☆15Feb 11, 2022Updated 4 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• irgoncalves / awesome-security-articles

  View on GitHub
  This repository contains links to awesome security articles.
  ☆42Apr 25, 2026Updated 2 weeks ago
• Outpost24 / outpost24-cors-check

  View on GitHub
  Additional active scan checks for BURP
  ☆28Oct 3, 2024Updated last year
• tehryanx / ssslide

  View on GitHub
  View screenshots as a slideshow over http
  ☆15Mar 13, 2020Updated 6 years ago
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆356Apr 21, 2026Updated 2 weeks ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆969Dec 31, 2021Updated 4 years ago
• jstawinski / GitHub-Actions-Attack-Diagram

  View on GitHub
  ☆192Apr 16, 2025Updated last year
• segmentio / threat-modeling-training

  View on GitHub
  Segment's Threat Modeling training for our engineers
  ☆246May 4, 2021Updated 5 years ago