ID KITPLOIT:935767582514934867Type kitploitReporter KitPloitModified 2021-10-09T20:30:00
Description
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.
It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:
MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p
GitOops takes inspiration from tools like Bloodhound and Cartography .
Check out the docs and more example queries .
Download Gitoops
{"id": "KITPLOIT:935767582514934867", "bulletinFamily": "tools", "title": "GitOops - All Paths Lead To Clouds", "description": "[  ](<https://blogger.googleusercontent.com/img/a/AVvXsEizrF9sqVk5IPiOzZab88QMm-zOpOtKKRgavZm6iXCJoUp_KFcq3m7fK7UV_y3QQLz0ki9RjXgpSzTuI9uFgbX1t1uw9CM7zhC7HMxfvq-6Tb-nlAfjn5qVHornwLlMtrOjUhsQ-lHMFcIqGvGbgm02CuRTjEP9l2Dq5e9thAktf2uk1MtELGBQ5p9flg=s2048>)\n\n \n\n\nGitOops is a tool to help attackers and defenders identify [ lateral movement ](<https://www.kitploit.com/search/label/Lateral%20Movement> \"lateral movement\" ) and [ privilege escalation ](<https://www.kitploit.com/search/label/Privilege%20Escalation> \"privilege escalation\" ) paths in GitHub organizations by abusing CI/CD pipelines and GitHub [ access ](<https://www.kitploit.com/search/label/Access> \"access\" ) controls. \n\n \n\n\nIt works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher: \n \n \n MATCH p=(:User{login:\"alice\"})-[*..5]->(v:EnvironmentVariable) \n WHERE v.name =~ \".*SECRET.*\" \n RETURN p \n \n\n \n\n\nGitOops takes inspiration from tools like [ Bloodhound ](<https://github.com/BloodHoundAD/BloodHound> \"Bloodhound\" ) and [ Cartography ](<https://github.com/lyft/cartography> \"Cartography\" ) . \n\nCheck out the [ docs ](<https://github.com/ovotech/gitoops/blob/main/docs/README.md> \"docs\" ) and [ more example queries ](<https://github.com/ovotech/gitoops/blob/main/docs/examples.md> \"more example queries\" ) . \n\n \n \n\n\n** [ Download Gitoops ](<https://github.com/ovotech/gitoops/> \"Download Gitoops\" ) **\n", "published": "2021-10-09T20:30:00", "modified": "2021-10-09T20:30:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2021/10/gitoops-all-paths-lead-to-clouds.html", "reporter": "KitPloit", "references": ["https://github.com/ovotech/gitoops/", "https://github.com/ovotech/gitoops/blob/main/docs/README.md", "https://github.com/lyft/cartography", "https://github.com/BloodHoundAD/BloodHound", "https://github.com/ovotech/gitoops/blob/main/docs/examples.md"], "cvelist": [], "immutableFields": [], "type": "kitploit", "lastseen": "2021-10-09T20:38:54", "edition": 1, "viewCount": 36, "enchantments": {"dependencies": {"references": [], "modified": "2021-10-09T20:38:54", "rev": 2}, "score": {"value": 1.8, "vector": "NONE", "modified": "2021-10-09T20:38:54", "rev": 2}, "vulnersScore": 1.8}, "toolHref": "https://github.com/ovotech/gitoops/"}
{}
