synacktiv / gh-hijack-runner
A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
☆18Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for gh-hijack-runner
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 2 months ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- A curated list of argument injection vectors☆37Updated 2 months ago
- Python's handling of NaN is....interesting?broken?...this project illustrates the issue☆13Updated 2 years ago
- ☆39Updated last month
- Create tar/zip archives that try to exploit zipslip vulnerability.☆45Updated last month
- Simple PoC for demonstrating Race Conditions on Websockets☆56Updated last year
- Webshell agent in aspx and php☆17Updated 2 weeks ago
- An Evil OIDC Server☆51Updated 2 years ago
- Make better use of the embedded browser that comes by default with Burp☆39Updated 10 months ago
- Additional active scan checks for BURP☆20Updated last month
- ☆19Updated 2 months ago
- A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…☆17Updated last year
- dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…☆36Updated 6 months ago
- A tool for quickly evaluating IAM permissions in AWS.☆57Updated last year
- Use the GCP testIamPermissions functionality to bruteforce and discover your permissions☆20Updated last month
- ☆27Updated last year
- ☆12Updated 4 months ago
- ☠️ Code for the Defcon Workshop☆22Updated 3 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆21Updated 4 months ago
- Unicode Security Toolkit☆26Updated last month
- Check robustness of your (their) Active Directory accounts passwords☆32Updated 7 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated 10 months ago
- My talks...☆23Updated last month
- A collection of utilities for building extensions using Burp's Montoya API☆46Updated 4 months ago
- ☆55Updated last year
- Python code to Serialize and Unserialize java binary serialization format.☆16Updated 10 months ago
- Dump Kerberos tickets from the KCM database of SSSD☆49Updated 2 months ago
- Demo of various ways to exploit post based reflected XSS☆16Updated last year
- ☆26Updated 2 years ago