Octoscan is a static vulnerability scanner for GitHub action workflows.
☆245Dec 8, 2025Updated 3 months ago
Alternatives and similar repositories for octoscan
Users that are interested in octoscan are comparing it to the libraries listed below
Sorting:
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆482Updated this week
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆35Jan 25, 2026Updated last month
- GitHub Actions Pipeline Enumeration and Attack Tool☆732Updated this week
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆316Jan 25, 2026Updated last month
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆103Jan 28, 2026Updated last month
- ☆93Dec 15, 2025Updated 2 months ago
- boostsecurityio/poutine☆373Feb 23, 2026Updated last week
- ☆154Aug 18, 2023Updated 2 years ago
- ☆11Dec 19, 2024Updated last year
- How GitHub Actions workflows can be hacked☆177Aug 23, 2024Updated last year
- boostsecurityio/lotp☆139Updated this week
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆153Aug 28, 2024Updated last year
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆28Oct 13, 2024Updated last year
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆173Jan 9, 2026Updated last month
- ☆192Apr 16, 2025Updated 10 months ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆43Dec 16, 2024Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- ☆20Sep 6, 2023Updated 2 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Oct 17, 2024Updated last year
- Auto-Recon script that will help you in the Burp Suite Certified Practitioner Examor with any web-security lab.☆52Jul 8, 2024Updated last year
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆229Feb 25, 2026Updated last week
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆112Jun 23, 2025Updated 8 months ago
- ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.☆113Jan 4, 2024Updated 2 years ago
- 📦 A GitHub Action that performs a security scan of your GitHub Actions.☆26Oct 28, 2024Updated last year
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆495Jun 27, 2025Updated 8 months ago
- ��💅🏽 analyzes your github actions☆98Feb 9, 2026Updated 3 weeks ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,773May 22, 2024Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Feb 16, 2024Updated 2 years ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆149Dec 9, 2024Updated last year
- Awesome secure by default libraries to help you eliminate bug classes!☆700Dec 6, 2025Updated 3 months ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆161Jul 2, 2024Updated last year
- bypass-url-parser☆1,115Updated this week
- ☆93Apr 29, 2024Updated last year
- ☆51Jun 13, 2024Updated last year
- A lightweight WAF (web app firewall) written in Golang☆13May 3, 2021Updated 4 years ago
- ☆99Jun 22, 2025Updated 8 months ago
- Enumerate / Dump Docker Registry☆182Apr 10, 2024Updated last year
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆833Mar 28, 2025Updated 11 months ago