GitOops – All Paths Lead To Clouds

October 10, 2021

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It’ll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p

GitOops takes inspiration from tools like Bloodhound and Cartography.

Check out the docs and more example queries.

Download Gitoops

click here to read full Article

Read More on Pentesting Tools

Tags: CloudsCybersecurityethical hackingGitOopshack androidhack apphack wordpresshacker newshackinghacking tools for windowskeyloggerkitkitploitleadpassword brute forcePathspenetration testingpentestpentest androidpentest linuxpentest toolkitpentest toolsspy tool kitspywaretools

You may also like...

• 0

  Preparing for Better Payment Card Security With PCI DSS 4.0

  October 20, 2020

   by HakTechs · Published October 20, 2020

• 0

  Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild

  June 20, 2021

   by HakTechs · Published June 20, 2021

• 0

  Penelope – Shell Handler

  September 7, 2021

   by HakTechs · Published September 7, 2021