synacktiv / octoscanView external linksLinks
Octoscan is a static vulnerability scanner for GitHub action workflows.
☆243Dec 8, 2025Updated 2 months ago
Alternatives and similar repositories for octoscan
Users that are interested in octoscan are comparing it to the libraries listed below
Sorting:
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆480Jan 5, 2026Updated last month
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆35Jan 25, 2026Updated 3 weeks ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆726Sep 17, 2025Updated 4 months ago
- GitHub Actions Cache Native Malware - for Educational and Research Purposes only.☆92Jan 28, 2026Updated 2 weeks ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆48Sep 20, 2024Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆314Jan 25, 2026Updated 3 weeks ago
- ☆94Dec 15, 2025Updated 2 months ago
- boostsecurityio/poutine☆362Feb 2, 2026Updated 2 weeks ago
- ☆154Aug 18, 2023Updated 2 years ago
- A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.☆27Oct 13, 2024Updated last year
- ☆11Dec 19, 2024Updated last year
- How GitHub Actions workflows can be hacked☆176Aug 23, 2024Updated last year
- boostsecurityio/lotp☆138Jan 25, 2026Updated 3 weeks ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆153Aug 28, 2024Updated last year
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆171Jan 9, 2026Updated last month
- ☆192Apr 16, 2025Updated 10 months ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆42Dec 16, 2024Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.☆311May 16, 2024Updated last year
- ☆20Sep 6, 2023Updated 2 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Oct 17, 2024Updated last year
- Auto-Recon script that will help you in the Burp Suite Certified Practitioner Examor with any web-security lab.☆52Jul 8, 2024Updated last year
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆228Updated this week
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆110Jun 23, 2025Updated 7 months ago
- 💅🏽 analyzes your github actions☆97Updated this week
- ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.☆113Jan 4, 2024Updated 2 years ago
- 📦 A GitHub Action that performs a security scan of your GitHub Actions.☆25Oct 28, 2024Updated last year
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆494Jun 27, 2025Updated 7 months ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,755May 22, 2024Updated last year
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆148Dec 9, 2024Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Feb 16, 2024Updated 2 years ago
- Awesome secure by default libraries to help you eliminate bug classes!☆699Dec 6, 2025Updated 2 months ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆158Jul 2, 2024Updated last year
- bypass-url-parser☆1,111Feb 7, 2026Updated last week
- ☆91Apr 29, 2024Updated last year
- A lightweight WAF (web app firewall) written in Golang☆13May 3, 2021Updated 4 years ago
- ☆51Jun 13, 2024Updated last year
- ☆100Jun 22, 2025Updated 7 months ago
- Enumerate / Dump Docker Registry☆181Apr 10, 2024Updated last year
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆829Mar 28, 2025Updated 10 months ago