itsMe Posted April 7, 2023 Share Posted April 7, 2023 This is the hidden content, please Sign In or Sign Up Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners. Who is it for? Security engineers who want to understand the level of access a compromised classic PAT could provide an attacker Blue teams that want to build detections for self-hosted runner attacks Red Teamers Bug bounty hunters who want to try and prove RCE on organizations that are utilizing self-hosted runners Features GitHub Classic PAT Privilege Enumeration GitHub Code Search API-based enumeration GitHub Action Run Log Parsing to identify Self-Hosted Runners Bulk Repo Sparse Clone Features GitHub Action Workflow Parsing Automated Command Execution Fork PR Creation Automated Command Execution Workflow Creation SOCKS5 Proxy Support HTTPS Proxy Support This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts