Locked Github Attack Toolkit: GitHub Self-Hosted Runner Enumeration and Attack Tool

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization.

The tool also allows searching for and thoroughly enumerating public repositories that utilize self-hosted runners. GitHub recommends that self-hosted runners only be utilized for private repositories, however, there are thousands of organizations that utilize self-hosted runners.

Who is it for?

    Security engineers who want to understand the level of access a compromised classic PAT could provide an attacker
    Blue teams that want to build detections for self-hosted runner attacks
    Red Teamers
    Bug bounty hunters who want to try and prove RCE on organizations that are utilizing self-hosted runners

Features

    GitHub Classic PAT Privilege Enumeration
    GitHub Code Search API-based enumeration
    GitHub Action Run Log Parsing to identify Self-Hosted Runners
    Bulk Repo Sparse Clone Features
    GitHub Action Workflow Parsing
    Automated Command Execution Fork PR Creation
    Automated Command Execution Workflow Creation
    SOCKS5 Proxy Support
    HTTPS Proxy Support

This is the hidden content, please

• Sign In
• or
• Sign Up