bigbrobro / gitoops

all paths lead to clouds

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GitOops!
😱

all paths lead to clouds


GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p

GitOops takes inspiration from tools like Bloodhound and Cartography.

Check out the docs and more example queries.

About

all paths lead to clouds

License:MIT License


Languages

Language:Go 84.8%Language:HCL 11.4%Language:Python 3.5%Language:Dockerfile 0.2%Language:Makefile 0.1%