Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ovotech/gitoops

all paths lead to clouds
https://github.com/ovotech/gitoops

bloodhound cicd company-kaluza hacktheplanet redteam security

Last synced: about 2 months ago
JSON representation

all paths lead to clouds

Awesome Lists containing this project

README

        



GitOops!

😱


all paths lead to clouds




GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

```
MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p
```





GitOops takes inspiration from tools like [Bloodhound](https://github.com/BloodHoundAD/BloodHound) and [Cartography](https://github.com/lyft/cartography).

Check out the [docs](docs/README.md), some [more example queries](./docs/examples.md) and our [BSides London talk](https://www.youtube.com/watch?v=Gf0sqqHnHOU).