synacktiv/octoscan external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

synacktiv/octoscan

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/synacktiv/octoscan)

Close

synacktiv / octoscanView on GitHubMore

• External links
• Readme badge

Octoscan is a static vulnerability scanner for GitHub action workflows.

☆266Mar 30, 2026Updated last month

Alternatives and similar repositories for octoscan

Users that are interested in octoscan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• AdnaneKhan / gato-x

  View on GitHub
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆536Updated this week
• AdnaneKhan / ActionsTOCTOU

  View on GitHub
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆41Jan 25, 2026Updated 4 months ago
• synacktiv / nord-stream

  View on GitHub
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆358Apr 21, 2026Updated last month
• synacktiv / DepFuzzer

  View on GitHub
  ☆93Dec 15, 2025Updated 5 months ago
• AdnaneKhan / Cacheract

  View on GitHub
  GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
  ☆156May 8, 2026Updated 3 weeks ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• nikitastupin / pwnhub

  View on GitHub
  How GitHub Actions workflows can be hacked
  ☆183Aug 23, 2024Updated last year
• nodyhub / zipslipper

  View on GitHub
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Sep 20, 2024Updated last year
• kulkansecurity / gitxray

  View on GitHub
  A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.
  ☆181Jan 9, 2026Updated 4 months ago
• synacktiv / gh-hijack-runner

  View on GitHub
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆30Oct 13, 2024Updated last year
• boostsecurityio / poutine

  View on GitHub
  poutine, a supply chain vulnerability scanner for build pipelines
  ☆460May 6, 2026Updated 3 weeks ago
• TinderSec / gh-workflow-auditor

  View on GitHub
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆152Aug 28, 2024Updated last year
• boostsecurityio / lotp

  View on GitHub
  Supply Chain Security Research - Living Off The Pipeline tools
  ☆150May 7, 2026Updated 3 weeks ago
• synacktiv / action-octoscan

  View on GitHub
  📦 A GitHub Action that performs a security scan of your GitHub Actions.
  ☆26Oct 28, 2024Updated last year
• google / acjs

  View on GitHub
  ☆11Dec 19, 2024Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• jstawinski / GitHub-Actions-Attack-Diagram

  View on GitHub
  ☆192Apr 16, 2025Updated last year
• Nishacid / WSAAR

  View on GitHub
  Auto-Recon script that will help you in the Burp Suite Certified Practitioner Examor with any web-security lab.
  ☆56Jul 8, 2024Updated last year
• trufflesecurity / of-CORS

  View on GitHub
  ☆154Aug 18, 2023Updated 2 years ago
• laluka / lalubuntu

  View on GitHub
  ☆99Jun 22, 2025Updated 11 months ago
• pingidentity / AuraIntruder

  View on GitHub
  ☆20Sep 6, 2023Updated 2 years ago
• hac01 / gcp-iam-brute

  View on GitHub
  ☆51Jun 13, 2024Updated last year
• step-security / github-actions-goat

  View on GitHub
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆505Jun 27, 2025Updated 11 months ago
• p0dalirius / mercurial-scm-extract

  View on GitHub
  A tool to extract and dump files of mercurial SCM exposed on a web server.
  ☆13Jan 31, 2025Updated last year
• GitHubSecurityLab / ruby-unsafe-deserialization

  View on GitHub
  Proof of Concepts for unsafe deserialization in Ruby
  ☆17Oct 17, 2024Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• Betterment / claws

  View on GitHub
  💅🏽 analyzes your github actions
  ☆98May 8, 2026Updated 3 weeks ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆149Dec 9, 2024Updated last year
• Moopinger / smugglefuzz

  View on GitHub
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆314May 16, 2024Updated 2 years ago
• synacktiv / mojarragadget

  View on GitHub
  ☆15Oct 25, 2021Updated 4 years ago
• RefactorSecurity / vscode-security-notes

  View on GitHub
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆142May 3, 2026Updated 3 weeks ago
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,835May 22, 2024Updated 2 years ago
• AnubisSec / GroovyWaiter

  View on GitHub
  ☆17May 16, 2022Updated 4 years ago
• padok-team / cognito-scanner

  View on GitHub
  A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation
  ☆110Feb 16, 2024Updated 2 years ago
• Syzik / DockerRegistryGrabber

  View on GitHub
  Enumerate / Dump Docker Registry
  ☆183Apr 10, 2024Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• offensive-actions / azure-storage-reverse-shell

  View on GitHub
  This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs
  ☆39Sep 25, 2024Updated last year
• MathisHammel / stringcheese

  View on GitHub
  StringCheese is a CTF tool to solve easy challenges automatically in many cases where a strings | grep is just not enough
  ☆87Jun 16, 2021Updated 4 years ago
• Ruulian / CSPass

  View on GitHub
  This tool allows to automatically test for Content Security Policy bypass payloads.
  ☆45Sep 4, 2024Updated last year
• ANSSI-FR / OSAKA

  View on GitHub
  Outil de sécurité des architectures kubernetes avancées
  ☆83Nov 27, 2025Updated 6 months ago
• tldrsec / awesome-secure-defaults

  View on GitHub
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆707Dec 6, 2025Updated 5 months ago
• Legit-Labs / legitify

  View on GitHub
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆872Mar 28, 2025Updated last year
• snyk-labs / github-actions-scanner

  View on GitHub
  Scans your Github Actions for security issues
  ☆113Updated this week