synacktiv / gh-hijack-runner
A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
☆18Updated last month
Related projects ⓘ
Alternatives and complementary repositories for gh-hijack-runner
- ☆40Updated last month
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- Additional active scan checks for BURP☆20Updated last month
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated 3 months ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆45Updated 2 months ago
- An Evil OIDC Server☆51Updated 2 years ago
- ☆40Updated 5 months ago
- Simple PoC for demonstrating Race Conditions on Websockets☆56Updated last year
- A curated list of argument injection vectors☆37Updated 2 months ago
- Check robustness of your (their) Active Directory accounts passwords☆32Updated 8 months ago
- ☆31Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated 11 months ago
- A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes☆42Updated last year
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆22Updated 4 months ago
- Python's handling of NaN is....interesting?broken?...this project illustrates the issue☆13Updated 2 years ago
- Unicode Security Toolkit☆26Updated last month
- dauthi is a tool that takes advantage of API functionality across a variety of MDM solutions to perform user enumeration and single-facto…☆36Updated 6 months ago
- A tool for quickly evaluating IAM permissions in AWS.☆57Updated last year
- ☠️ Code for the Defcon Workshop☆22Updated 3 months ago
- ☆17Updated 2 years ago
- Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.☆33Updated 3 years ago
- Use the GCP testIamPermissions functionality to bruteforce and discover your permissions☆21Updated 2 months ago
- ☆13Updated 4 months ago
- ☆90Updated 2 years ago
- Make better use of the embedded browser that comes by default with Burp☆38Updated 10 months ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆29Updated 7 months ago
- Advanced test for proxy & waf☆12Updated 2 months ago
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- ☆58Updated last year
- CTF challenges WriteUp☆14Updated 2 years ago