nikitastupin/pwnhub external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nikitastupin/pwnhub

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nikitastupin/pwnhub)

Close

nikitastupin / pwnhubView on GitHubMore

• External links
• Readme badge

How GitHub Actions workflows can be hacked

☆181Aug 23, 2024Updated last year

Alternatives and similar repositories for pwnhub

Users that are interested in pwnhub are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• nikitastupin / orgs-data

  View on GitHub
  Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
  ☆86Updated this week
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆135Jan 28, 2026Updated 2 months ago
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆495Mar 6, 2026Updated 3 weeks ago
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆36Jan 25, 2026Updated 2 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• boostsecurityio / lotp

  View on GitHub
  boostsecurityio/lotp
  ☆147Mar 3, 2026Updated 3 weeks ago
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆249Dec 8, 2025Updated 3 months ago
• praetorian-inc / gato

  View on GitHub
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆739Updated this week
• Ling-Yizhou / zendframework3-

  View on GitHub
  ☆17Jan 3, 2021Updated 5 years ago
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆153Aug 28, 2024Updated last year
• theronielanddaronpodcastshow / svja

  View on GitHub
  The Super Vulnerable Java Application (SVJA), as demonstrated in the Roniel and DaRon Podcast Show, is an Apache Struts application desig…
  ☆13Jan 1, 2026Updated 2 months ago
• TinderSec / oidc-scanner-aws

  View on GitHub
  ☆49Mar 21, 2023Updated 3 years ago
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆497Jun 27, 2025Updated 9 months ago
• dibsy / Recipies-Of-A-Jenkins-Hacker

  View on GitHub
  Jenkins Security Research or Hacking Jenkins ;)
  ☆12Dec 10, 2024Updated last year
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆85Updated this week
• boostsecurityio / poutine

  View on GitHub
  boostsecurityio/poutine
  ☆392Mar 20, 2026Updated last week
• yavolo / param-extract

  View on GitHub
  Regex out URI parameters from backend code, craft URIs to check for reflections or send to local burp proxy
  ☆13Dec 8, 2022Updated 3 years ago
• c3l3si4n / subdomain_data

  View on GitHub
  Results from analyzing data gathered from 1.6 billion subdomains
  ☆32Oct 15, 2024Updated last year
• synacktiv / gh-hijack-runner

  View on GitHub
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆29Oct 13, 2024Updated last year
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,021Mar 18, 2026Updated last week
• shhnjk / Safe-Blob-URL

  View on GitHub
  A Web Platform API proposal for Blob URL
  ☆10Feb 24, 2023Updated 3 years ago
• raesene / k8s_ssrf_portscanner

  View on GitHub
  ☆30Jan 12, 2023Updated 3 years ago
• Adversis / sketchy

  View on GitHub
  A tool for folks who `git clone` first and ask questions later
  ☆67Sep 12, 2025Updated 6 months ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• KaplanOpenSource / dev-call-for-papers

  View on GitHub
  Call for papers infomration for Developers, DevOps and DevSecOps / App Sec
  ☆20May 3, 2023Updated 2 years ago
• carlospolop / bf-aws-perms-simulate

  View on GitHub
  ☆20Feb 9, 2024Updated 2 years ago
• caido-community / burp2caido

  View on GitHub
  A tool to migrate Burpsuite HTTP history to Caido
  ☆35Apr 25, 2025Updated 11 months ago
• zer0yu / anew

  View on GitHub
  A tool for adding new lines to files, skipping duplicates and written in Rust!
  ☆19May 8, 2025Updated 10 months ago
• Cache-Money / chronorace

  View on GitHub
  ☆73Nov 22, 2021Updated 4 years ago
• PaloAltoNetworks / github-oidc-utils

  View on GitHub
  ☆36Apr 29, 2025Updated 11 months ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• GitHubSecurityLab / ruby-unsafe-deserialization

  View on GitHub
  Proof of Concepts for unsafe deserialization in Ruby
  ☆17Oct 17, 2024Updated last year
• nikitastupin / clairvoyance

  View on GitHub
  Obtain GraphQL API schema even if the introspection is disabled
  ☆1,412Dec 5, 2025Updated 3 months ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• defparam / haptyc

  View on GitHub
  ☆95Sep 18, 2021Updated 4 years ago
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆69May 18, 2024Updated last year
• boostsecurityio / bagel

  View on GitHub
  boostsecurityio/bagel
  ☆100Mar 20, 2026Updated last week
• cedowens / Helpful_aws-scripts

  View on GitHub
  python3 scripts to help with aws triage needs
  ☆15Feb 11, 2022Updated 4 years ago
• irgoncalves / awesome-security-articles

  View on GitHub
  This repository contains links to awesome security articles.
  ☆42Aug 2, 2025Updated 7 months ago
• Outpost24 / outpost24-cors-check

  View on GitHub
  Additional active scan checks for BURP
  ☆28Oct 3, 2024Updated last year
• tehryanx / ssslide

  View on GitHub
  View screenshots as a slideshow over http
  ☆15Mar 13, 2020Updated 6 years ago