Skip to content
/ The-Butler Public

An interactive pentesting tool to discover and test for CI/CD misconfigurations in GitHub Actions, with modes for safe testing and secret exfiltration.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

addcontent/The-Butler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
multi-script.sh
multi-script.sh
 
 

Repository files navigation

Advanced GitHub Actions Security Toolkit

This script is a powerful tool designed for penetration testing and security auditing of GitHub Actions workflows. It automates the process of discovering vulnerabilities related to secret and file access within a repository's CI/CD environment.

⚠️ Disclaimer

This tool is for authorized security testing only. Using the 'Exploit' modes on repositories without explicit, written permission from the owner is illegal and unethical. The user assumes all liability for any misuse of this script.

Features

The script operates in three distinct modes:

  1. Safe Test (Canary Check): Verifies if a GitHub Actions workflow can access a repository secret without exfiltrating its value. It confirms access by creating a GitHub issue, providing a safe way to test for vulnerabilities.

  2. Exploit (Exfiltrate Repo Secret): Attempts to steal a specified repository secret and sends its value to a webhook URL provided by the user. This demonstrates the impact of an insecure configuration.

  3. Exploit (Exfiltrate File Content): Attempts to read a specified file from the repository, Base64 encode its contents, and send it to a webhook URL. This is useful for testing if sensitive files (e.g., .env, configuration files) are exposed.

How It Works

The script follows a multi-phase process:

  1. Setup & Mode Selection: The user selects an operation mode and provides a GitHub Personal Access Token (PAT) for authentication.
  2. Target Discovery: It lists all repositories accessible via the provided PAT, and the user selects a target.
  3. Payload Configuration: Based on the selected mode, the script gathers necessary information, such as the secret name to steal, the file path, or a webhook URL.
  4. Execution: The script clones the target repository, creates a new branch, and injects a malicious GitHub Actions workflow (.yml) file tailored to the chosen mode.
  5. Trigger & Monitor: It pushes the new branch to the repository, which triggers the workflow. The script then monitors the run's status.

Prerequisites

  • Bash: A standard Unix-like shell.
  • GitHub CLI (gh): Must be installed and authenticated. The script will handle authentication if you provide a PAT.
  • Git: Must be installed.

Usage

  1. Make the script executable: 
    chmod +x multi-script.sh
  2. Run the script: 
    ./multi-script.sh
  3. Follow the on-screen prompts to select a mode, target a repository, and configure the payload.

About

An interactive pentesting tool to discover and test for CI/CD misconfigurations in GitHub Actions, with modes for safe testing and secret exfiltration.

Topics

pentesting security-tools github-actions ci-cd-security bash-script-automation

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages