{"id":15120448,"url":"https://github.com/boostsecurityio/lotp","last_synced_at":"2026-02-20T00:36:14.976Z","repository":{"id":223347352,"uuid":"758064230","full_name":"boostsecurityio/lotp","owner":"boostsecurityio","description":"boostsecurityio/lotp","archived":false,"fork":false,"pushed_at":"2026-02-17T22:30:12.000Z","size":179,"stargazers_count":138,"open_issues_count":30,"forks_count":14,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-02-18T03:34:43.908Z","etag":null,"topics":["living-off-the-pipeline","lotp","supply-chain-security"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/boostsecurityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-02-15T14:56:05.000Z","updated_at":"2026-02-17T22:30:17.000Z","dependencies_parsed_at":"2024-02-21T16:43:19.683Z","dependency_job_id":"929dfeaa-811b-4371-9970-322e07523b48","html_url":"https://github.com/boostsecurityio/lotp","commit_stats":null,"previous_names":["boostsecurityio/lotp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/boostsecurityio/lotp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boostsecurityio%2Flotp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boostsecurityio%2Flotp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boostsecurityio%2Flotp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boostsecurityio%2Flotp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/boostsecurityio","download_url":"https://codeload.github.com/boostsecurityio/lotp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boostsecurityio%2Flotp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29637442,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T22:32:43.237Z","status":"ssl_error","status_checked_at":"2026-02-19T22:32:38.330Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["living-off-the-pipeline","lotp","supply-chain-security"],"created_at":"2024-09-26T02:00:39.913Z","updated_at":"2026-02-20T00:36:14.938Z","avatar_url":"https://github.com/boostsecurityio.png","language":"HTML","readme":"# Living Off the Pipeline (LOTP)\n[![boostsecurityio - lotp](https://img.shields.io/static/v1?label=boostsecurityio\u0026message=lotp\u0026color=blue\u0026logo=github)](https://github.com/boostsecurityio/lotp \"Go to GitHub repo\")\n[![stars - lotp](https://img.shields.io/github/stars/boostsecurityio/lotp?style=social)](https://github.com/boostsecurityio/lotp)\n[![forks - lotp](https://img.shields.io/github/forks/boostsecurityio/lotp?style=social)](https://github.com/boostsecurityio/lotp)\n[![issues - lotp](https://img.shields.io/github/issues/boostsecurityio/lotp)](https://github.com/boostsecurityio/lotp/issues)\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\n[![View site - GH Pages](https://img.shields.io/badge/View_site-GH_Pages-2ea44f?style=for-the-badge)](https://boostsecurityio.github.io/lotp/)\n\n# Introduction\n\nThe idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features (\"foot guns\"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.\n\n# Contributions\n\nWe welcome contributions submitted as `Pull Requests` with new tool contributions or simply `Issues` for new ideas.\n\n# License\n\nReleased under [Apache 2.0](/LICENSE) by [@boostsecurityio](https://github.com/boostsecurityio).\n\n---\n\n# Prior art / Credits\n\nThis project is largely inspired from previous projects such as:\n- https://gtfobins.github.io\n- https://lolbas-project.github.io\n- https://github.com/rotem-cider/cicd-lamb\n","funding_links":[],"categories":["Techniques"],"sub_categories":["Post Exploitation"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboostsecurityio%2Flotp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fboostsecurityio%2Flotp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboostsecurityio%2Flotp/lists"}