GitHub Actions Pipeline Enumeration and Attack Tool
☆742Mar 26, 2026Updated 3 weeks ago
Alternatives and similar repositories for gato
Users that are interested in gato are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆505Mar 6, 2026Updated last month
- ☆192Apr 16, 2025Updated last year
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆253Mar 30, 2026Updated 2 weeks ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆356Updated this week
- Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.☆2,324Feb 21, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Azure DevOps Services Attack Toolkit☆313Mar 15, 2025Updated last year
- Automating situational awareness for cloud penetration tests.☆2,340Apr 12, 2026Updated last week
- Supply Chain Security Research - Living Off The Pipeline tools☆149Updated this week
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆291May 16, 2025Updated 11 months ago
- A collection of Azure AD/Entra tools for offensive and defensive security purposes☆2,582Feb 5, 2026Updated 2 months ago
- Tool for building Kubernetes attack paths☆958Apr 8, 2026Updated last week
- ☆570Mar 28, 2024Updated 2 years ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆175Mar 11, 2026Updated last month
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆270Sep 14, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Granular, Actionable Adversary Emulation for the Cloud☆2,292Apr 9, 2026Updated last week
- A Slack bot phishing framework for Red Teaming exercises☆166Apr 27, 2024Updated last year
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆581Feb 12, 2026Updated 2 months ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆484Oct 14, 2022Updated 3 years ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆1,019Apr 10, 2026Updated last week
- ☆102Oct 27, 2022Updated 3 years ago
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆819Apr 9, 2026Updated last week
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆29Oct 13, 2024Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆180Feb 14, 2023Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Automated Attack Simulation in the Cloud, complete with detection use cases.☆613Nov 28, 2024Updated last year
- Weaponized Browser-in-the-Middle (BitM) for Penetration Testers☆620Apr 2, 2026Updated 2 weeks ago
- Abusing Azure services over C2☆368Jan 20, 2026Updated 2 months ago
- Standalone utility for service discovery on open ports!☆751Jan 13, 2026Updated 3 months ago
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,378Mar 9, 2026Updated last month
- GATOR - GCP Attack Toolkit for Offensive Research, a tool designed to aid in research and exploiting Google Cloud Environments☆90Jun 22, 2024Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated last year
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆502Jun 27, 2025Updated 9 months ago
- Interactive results explorer and annotation tool for Nosey Parker☆57Jun 28, 2025Updated 9 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- How GitHub Actions workflows can be hacked☆181Aug 23, 2024Updated last year
- Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit☆170Updated this week
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆799Apr 2, 2026Updated 2 weeks ago
- An offensive data enrichment pipeline☆949Apr 2, 2026Updated 2 weeks ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆153Aug 28, 2024Updated last year
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆649Nov 21, 2019Updated 6 years ago