Skip to content

/ gitoops Public

main
Switch branches/tags
1 branch 1 tag
Code

Latest commit

@serain
serain fix queries (#46)
3b27681 Sep 30, 2021
fix queries (#46) 
* fix blog query

* fix v.variable to v.name

* fix queries
3b27681

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
 
 
cmd
 
 
docs
 
 
pkg
 
 
scripts
 
 
test
 
 
.gitignore
 
 
Dockerfile
 
 
LICENSE
 
 
Makefile
 
 
README.md
 
 
docker-compose.yml
 
 
go.mod
 
 
go.sum
 
 

README.md

GitOops!
😱

all paths lead to clouds


GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p

GitOops takes inspiration from tools like Bloodhound and Cartography.

Check out the docs and more example queries.

About

all paths lead to clouds

Topics

security bloodhound cicd redteam hacktheplanet

Resources

Readme

License

MIT License

Releases 1

v0.0.0 Latest
Sep 22, 2021

Packages

No packages published

Contributors 2

  •  
  •  

Languages