GitHub Actions Attack Diagram
The GitHub Actions Attack Diagram is a visual guide for identifying and exploiting vulnerabilities in GitHub Actions configurations. It outlines various attack paths, starting from read-only or write access to a GitHub organization or repository. The diagram covers multiple attack vectors, including: 1. Self-hosted runner takeover 2. PWN requests 3. Secrets exfiltration It provides links to additional resources for context and is based on real-world red team engagements and public vulnerability research. The diagram focuses on major attack paths and Tactics, Techniques, and Procedures (TTPs) that have been successfully used in live environments. While not exhaustive, the tool serves as a reference for security professionals to understand and mitigate potential risks in GitHub Actions workflows. It also includes references to related research presentations and blog posts detailing real-world exploits of CI/CD vulnerabilities.
FEATURES
SIMILAR TOOLS
Offensive security tool for reconnaissance and information gathering with a wide range of features and future roadmap.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A tool that simplifies the installation of tools and configuration for Kali Linux
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.