How GitHub Actions workflows can be hacked
☆185Aug 23, 2024Updated last year
Alternatives and similar repositories for pwnhub
Users that are interested in pwnhub are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations☆87Updated this week
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated last year
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆162May 8, 2026Updated 2 months ago
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆553Jun 22, 2026Updated 2 weeks ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆44Jan 25, 2026Updated 5 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Supply Chain Security Research - Living Off The Pipeline tools☆158May 7, 2026Updated 2 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆270Mar 30, 2026Updated 3 months ago
- ☆17Jan 3, 2021Updated 5 years ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆152Aug 28, 2024Updated last year
- The Super Vulnerable Java Application (SVJA), as demonstrated in the Roniel and DaRon Podcast Show, is an Apache Struts application desig…☆13Jan 1, 2026Updated 6 months ago
- ☆48Mar 21, 2023Updated 3 years ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆507Jun 27, 2025Updated last year
- Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded☆90Jun 15, 2026Updated 3 weeks ago
- poutine, a supply chain vulnerability scanner for build pipelines☆487Jun 30, 2026Updated last week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Regex out URI parameters from backend code, craft URIs to check for reflections or send to local burp proxy☆13Dec 8, 2022Updated 3 years ago
- Results from analyzing data gathered from 1.6 billion subdomains☆33Oct 15, 2024Updated last year
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆1,210Jun 30, 2026Updated last week
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆29Oct 13, 2024Updated last year
- ☆30Jan 12, 2023Updated 3 years ago
- A tool for folks who `git clone` first and ask questions later☆70Apr 15, 2026Updated 2 months ago
- Call for papers infomration for Developers, DevOps and DevSecOps / App Sec☆20May 3, 2023Updated 3 years ago
- ☆21Feb 9, 2024Updated 2 years ago
- A tool for adding new lines to files, skipping duplicates and written in Rust!☆21May 8, 2025Updated last year
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- ☆73Nov 22, 2021Updated 4 years ago
- A tool to migrate Burpsuite HTTP history to Caido☆42Apr 25, 2025Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- ☆37Apr 29, 2025Updated last year
- Proof of Concepts for unsafe deserialization in Ruby☆17Oct 17, 2024Updated last year
- Obtain GraphQL API schema even if the introspection is disabled☆1,487Dec 5, 2025Updated 7 months ago
- ☆94Sep 18, 2021Updated 4 years ago
- ☆11Dec 26, 2023Updated 2 years ago
- Finds graphql queries in javascript files☆69May 18, 2024Updated 2 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- python3 scripts to help with aws triage needs☆15Feb 11, 2022Updated 4 years ago
- This repository contains links to awesome security articles.☆43May 25, 2026Updated last month
- Additional active scan checks for BURP☆28Oct 3, 2024Updated last year
- View screenshots as a slideshow over http☆15Mar 13, 2020Updated 6 years ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆365Apr 21, 2026Updated 2 months ago
- ☆192Apr 16, 2025Updated last year
- Segment's Threat Modeling training for our engineers☆244May 4, 2021Updated 5 years ago