synacktiv / gh-hijack-runnerView external linksLinks
A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
☆27Oct 13, 2024Updated last year
Alternatives and similar repositories for gh-hijack-runner
Users that are interested in gh-hijack-runner are comparing it to the libraries listed below
Sorting:
- ☆11Dec 19, 2024Updated last year
- ☆49Mar 21, 2023Updated 2 years ago
- Welcome to Autoaudit, a log tampering detection tool.☆13Mar 19, 2024Updated last year
- Stupid Simple Detection Testing☆13Mar 7, 2024Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆314Jan 25, 2026Updated 2 weeks ago
- ☆13Jan 30, 2025Updated last year
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆480Jan 5, 2026Updated last month
- ☆39Aug 2, 2024Updated last year
- Unicode Security Toolkit☆40Oct 7, 2024Updated last year
- Scan GitHub Actions Workflow logs for IOCs☆16Feb 6, 2026Updated last week
- A collection of Terraform projects, Ansible playbooks, and roles designed to build a Red Team infrastructure.☆18Jan 3, 2026Updated last month
- ☆94Dec 15, 2025Updated last month
- Tools for attacking Azure Function Apps☆88Oct 28, 2025Updated 3 months ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- ☆23May 27, 2024Updated last year
- ☆26May 6, 2024Updated last year
- Attack chain emulator. Write recipes for initial access easily☆23Feb 26, 2025Updated 11 months ago
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆31Jan 27, 2025Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated 11 months ago
- Security tool against dependency typosquatting attacks☆54Updated this week
- A GitHub Actions Supply Chain CTF / Goat☆27Jan 6, 2026Updated last month
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆243Dec 8, 2025Updated 2 months ago
- ☆23Apr 11, 2024Updated last year
- PoC☆104Updated this week
- A straightforward tool for exploiting SMTP Smuggling vulnerabilities.☆14Jul 22, 2024Updated last year
- Simple C2 using GitHub repository as comms channel.☆32Oct 26, 2024Updated last year
- This is a PoC exploit for CVE-2020-8559 Kubernetes Vulnerability☆54Jul 23, 2020Updated 5 years ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆726Sep 17, 2025Updated 4 months ago
- ☆29Jan 31, 2025Updated last year
- ☆30Jul 29, 2021Updated 4 years ago
- ☆27Oct 1, 2025Updated 4 months ago
- Tool for obfuscating and deobfuscating data.☆75Mar 20, 2024Updated last year
- Results from analyzing data gathered from 1.6 billion subdomains☆32Oct 15, 2024Updated last year
- boostsecurityio/lotp☆138Jan 25, 2026Updated 2 weeks ago
- MSIX Building Made Easy for Defenders☆59Aug 25, 2025Updated 5 months ago
- Tool to manage user privileges☆31Sep 4, 2019Updated 6 years ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆81Jan 26, 2026Updated 2 weeks ago
- Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations☆85Feb 7, 2026Updated last week
- ☆36Apr 29, 2025Updated 9 months ago