logo
DATABASE RESOURCES PRICING ABOUT US

GitOops - All Paths Lead To Clouds

Description

[![](https://blogger.googleusercontent.com/img/a/AVvXsEizrF9sqVk5IPiOzZab88QMm-zOpOtKKRgavZm6iXCJoUp_KFcq3m7fK7UV_y3QQLz0ki9RjXgpSzTuI9uFgbX1t1uw9CM7zhC7HMxfvq-6Tb-nlAfjn5qVHornwLlMtrOjUhsQ-lHMFcIqGvGbgm02CuRTjEP9l2Dq5e9thAktf2uk1MtELGBQ5p9flg=w640-h414)](<https://blogger.googleusercontent.com/img/a/AVvXsEizrF9sqVk5IPiOzZab88QMm-zOpOtKKRgavZm6iXCJoUp_KFcq3m7fK7UV_y3QQLz0ki9RjXgpSzTuI9uFgbX1t1uw9CM7zhC7HMxfvq-6Tb-nlAfjn5qVHornwLlMtrOjUhsQ-lHMFcIqGvGbgm02CuRTjEP9l2Dq5e9thAktf2uk1MtELGBQ5p9flg=s2048>) GitOops is a tool to help attackers and defenders identify [lateral movement](<https://www.kitploit.com/search/label/Lateral%20Movement> "lateral movement" ) and [privilege escalation](<https://www.kitploit.com/search/label/Privilege%20Escalation> "privilege escalation" ) paths in GitHub organizations by abusing CI/CD pipelines and GitHub [access](<https://www.kitploit.com/search/label/Access> "access" ) controls. It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher: MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable) WHERE v.name =~ ".*SECRET.*" RETURN p GitOops takes inspiration from tools like [Bloodhound](<https://github.com/BloodHoundAD/BloodHound> "Bloodhound" ) and [Cartography](<https://github.com/lyft/cartography> "Cartography" ). Check out the [docs](<https://github.com/ovotech/gitoops/blob/main/docs/README.md> "docs" ) and [more example queries](<https://github.com/ovotech/gitoops/blob/main/docs/examples.md> "more example queries" ). **[Download Gitoops](<https://github.com/ovotech/gitoops/> "Download Gitoops" )**