synacktiv/gh-hijack-runner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

synacktiv/gh-hijack-runner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/synacktiv/gh-hijack-runner)

Close

synacktiv / gh-hijack-runnerView on GitHubMore

• External links
• Readme badge

A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.

☆30Oct 13, 2024Updated last year

Alternatives and similar repositories for gh-hijack-runner

Users that are interested in gh-hijack-runner are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆42Jan 25, 2026Updated 4 months ago
• google / acjs

  View on GitHub
  ☆11Dec 19, 2024Updated last year
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆358Apr 21, 2026Updated last month
• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆547May 27, 2026Updated 2 weeks ago
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• ScottNorberg-NCG / CodeSheriff.NET

  View on GitHub
  ☆18Jun 11, 2024Updated 2 years ago
• chainguard-dev / ghscan

  View on GitHub
  Scan GitHub Actions Workflow logs for IOCs
  ☆18Jun 9, 2026Updated last week
• elementsinteractive / twyn

  View on GitHub
  Security tool against dependency typosquatting attacks
  ☆55Jun 9, 2026Updated last week
• Acceis / unisec

  View on GitHub
  Unicode Security Toolkit
  ☆40Oct 7, 2024Updated last year
• tenable / hidden-services-revealer

  View on GitHub
  ☆40Aug 2, 2024Updated last year
• TinderSec / oidc-scanner-aws

  View on GitHub
  ☆49Mar 21, 2023Updated 3 years ago
• synacktiv / DepFuzzer

  View on GitHub
  ☆93Dec 15, 2025Updated 6 months ago
• google / ctrdac

  View on GitHub
  ☆13Jan 30, 2025Updated last year
• AdnaneKhan / ActionsCacheBlasting

  View on GitHub
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Mar 9, 2025Updated last year
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• nais / salsa

  View on GitHub
  SLSA level 3 action
  ☆11Apr 26, 2024Updated 2 years ago
• ricardojoserf / AddUser-SAMR

  View on GitHub
  Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust
  ☆87Mar 7, 2026Updated 3 months ago
• ecosyste-ms / roadmap

  View on GitHub
  Planning and roadmap for future Ecosyste.ms development
  ☆21Jun 20, 2024Updated last year
• nikitastupin / orgs-data

  View on GitHub
  Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizations
  ☆87Updated this week
• synacktiv / octoscan

  View on GitHub
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆268Mar 30, 2026Updated 2 months ago
• the2dl / SSDT

  View on GitHub
  Stupid Simple Detection Testing
  ☆13Mar 7, 2024Updated 2 years ago
• boostsecurityio / supply-chain-research

  View on GitHub
  Supply Chain Security Research - Attack Trees
  ☆10Jan 9, 2023Updated 3 years ago
• ibrahimhaxor / Tsangaya

  View on GitHub
  ☆16Jun 26, 2025Updated 11 months ago
• Tedixx / ripey

  View on GitHub
  Tool to query the RIPE database
  ☆11Jun 2, 2025Updated last year
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• I3IT / Detect.Remote.ShadowSnapshot.Dump

  View on GitHub
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆32Jan 27, 2025Updated last year
• PaloAltoNetworks / github-oidc-utils

  View on GitHub
  ☆36Apr 29, 2025Updated last year
• geeknik / test-proxy

  View on GitHub
  Advanced test for proxy & waf
  ☆14Feb 10, 2026Updated 4 months ago
• xitmakes / jsberg

  View on GitHub
  JSBerg is a fast and efficient URL scraper that extracts links, JavaScript files, CSS files, images, and inline URLs from a list of websi…
  ☆24Mar 19, 2025Updated last year
• wv8672 / AWS-Linux-Mem-Dump

  View on GitHub
  A Python, Boto3 script that leverages a forensic volume to attach & mount to a selected instance, run a memory dump, unmount and detach f…
  ☆12Jul 15, 2020Updated 5 years ago
• jstawinski / GitHub-Actions-Attack-Diagram

  View on GitHub
  ☆192Apr 16, 2025Updated last year
• dazzyddos / GraphShell

  View on GitHub
  A command line tool to interact with Microsoft Graph API
  ☆23May 27, 2024Updated 2 years ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆149Dec 9, 2024Updated last year
• NetSPI / FuncoPop

  View on GitHub
  Tools for attacking Azure Function Apps
  ☆89Oct 28, 2025Updated 7 months ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• Wh04m1001 / UserManagerEoP

  View on GitHub
  ☆81Apr 9, 2024Updated 2 years ago
• atomiczsec / Web-Cache-Scanner

  View on GitHub
  Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache …
  ☆19Updated this week
• evilsocket / legba-cookbook

  View on GitHub
  Legba recipes.
  ☆53Aug 21, 2024Updated last year
• dariusztytko / jwt-key-id-injector

  View on GitHub
  Simple python script to check against hypothetical JWT vulnerability.
  ☆51Nov 29, 2020Updated 5 years ago
• codewhitesec / NewRemotingTricks

  View on GitHub
  New exploitation tricks for hardened .NET Remoting servers
  ☆32Aug 5, 2025Updated 10 months ago
• k-vitali / operation-shadowhammer

  View on GitHub
  This repository contains various files linked to Operation Shadowhammer as it was originally discovered by Kaspersky Team.
  ☆12Mar 27, 2019Updated 7 years ago
• UlisseMini / pwn

  View on GitHub
  pwntools for go!
  ☆12Jul 14, 2019Updated 6 years ago