nikitastupin/pwnhub external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nikitastupin/pwnhub

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nikitastupin/pwnhub)

Close

nikitastupin / pwnhubView on GitHubMore

• External links
• Readme badge

How GitHub Actions workflows can be hacked

☆181Aug 23, 2024Updated last year

Alternatives and similar repositories for pwnhub

Users that are interested in pwnhub are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• nikitastupin / orgs-data

  View on GitHub
  Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
  ☆87Apr 11, 2026Updated last week
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆143Jan 28, 2026Updated 2 months ago
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆505Mar 6, 2026Updated last month
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆38Jan 25, 2026Updated 2 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆149Updated this week
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆253Mar 30, 2026Updated 2 weeks ago
• praetorian-inc / gato

  View on GitHub
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆742Mar 26, 2026Updated 3 weeks ago
• Ling-Yizhou / zendframework3-

  View on GitHub
  ☆17Jan 3, 2021Updated 5 years ago
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆153Aug 28, 2024Updated last year
• theronielanddaronpodcastshow / svja

  View on GitHub
  The Super Vulnerable Java Application (SVJA), as demonstrated in the Roniel and DaRon Podcast Show, is an Apache Struts application desig…
  ☆13Jan 1, 2026Updated 3 months ago
• TinderSec / oidc-scanner-aws

  View on GitHub
  ☆49Mar 21, 2023Updated 3 years ago
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆502Jun 27, 2025Updated 9 months ago
• dibsy / Recipies-Of-A-Jenkins-Hacker

  View on GitHub
  Jenkins Security Research or Hacking Jenkins ;)
  ☆12Dec 10, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• github / audit-actions-workflow-runs

  View on GitHub
  Audit your GitHub Actions workflow runs to see exactly which Actions were downloaded
  ☆88Updated this week
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆414Updated this week
• yavolo / param-extract

  View on GitHub
  Regex out URI parameters from backend code, craft URIs to check for reflections or send to local burp proxy
  ☆13Dec 8, 2022Updated 3 years ago
• c3l3si4n / subdomain_data

  View on GitHub
  Results from analyzing data gathered from 1.6 billion subdomains
  ☆32Oct 15, 2024Updated last year
• synacktiv / gh-hijack-runner

  View on GitHub
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆29Oct 13, 2024Updated last year
• step-security / harden-runner

  View on GitHub
  Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…
  ☆1,092Updated this week
• raesene / k8s_ssrf_portscanner

  View on GitHub
  ☆30Jan 12, 2023Updated 3 years ago
• Adversis / sketchy

  View on GitHub
  A tool for folks who `git clone` first and ask questions later
  ☆67Sep 12, 2025Updated 7 months ago
• KaplanOpenSource / dev-call-for-papers

  View on GitHub
  Call for papers infomration for Developers, DevOps and DevSecOps / App Sec
  ☆20May 3, 2023Updated 2 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• carlospolop / bf-aws-perms-simulate

  View on GitHub
  ☆20Feb 9, 2024Updated 2 years ago
• caido-community / burp2caido

  View on GitHub
  A tool to migrate Burpsuite HTTP history to Caido
  ☆36Apr 25, 2025Updated 11 months ago
• zer0yu / anew

  View on GitHub
  A tool for adding new lines to files, skipping duplicates and written in Rust!
  ☆21May 8, 2025Updated 11 months ago
• Cache-Money / chronorace

  View on GitHub
  ☆73Nov 22, 2021Updated 4 years ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• PaloAltoNetworks / github-oidc-utils

  View on GitHub
  ☆36Apr 29, 2025Updated 11 months ago
• GitHubSecurityLab / ruby-unsafe-deserialization

  View on GitHub
  Proof of Concepts for unsafe deserialization in Ruby
  ☆17Oct 17, 2024Updated last year
• nikitastupin / clairvoyance

  View on GitHub
  Obtain GraphQL API schema even if the introspection is disabled
  ☆1,427Dec 5, 2025Updated 4 months ago
• defparam / haptyc

  View on GitHub
  ☆95Sep 18, 2021Updated 4 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• wspr-ncsu / github-actions-security-analysis

  View on GitHub
  ☆11Dec 26, 2023Updated 2 years ago
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆69May 18, 2024Updated last year
• cedowens / Helpful_aws-scripts

  View on GitHub
  python3 scripts to help with aws triage needs
  ☆15Feb 11, 2022Updated 4 years ago
• irgoncalves / awesome-security-articles

  View on GitHub
  This repository contains links to awesome security articles.
  ☆42Aug 2, 2025Updated 8 months ago
• Outpost24 / outpost24-cors-check

  View on GitHub
  Additional active scan checks for BURP
  ☆28Oct 3, 2024Updated last year
• tehryanx / ssslide

  View on GitHub
  View screenshots as a slideshow over http
  ☆15Mar 13, 2020Updated 6 years ago
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆356Updated this week