Skip to content

Exploit

pipeleek gh ghtoken exploit

Validate GitHub Actions token and attempt repo clone

Synopsis

Validate the GitHub Actions CI/CD token (GITHUB_TOKEN), then attempts to clone the repository using the token. The user must review the token's access scope manually for exploitation.

1
pipeleek gh ghtoken exploit [flags]

Examples

1
pipeleek gh ghtoken exploit --token ghs-xxxxxxxxxxx --repo owner/repo

Options

1
2
  -h, --help          help for exploit
  -r, --repo string   Repository in format owner/repo

Options inherited from parent commands

1
2
3
4
5
6
7
8
9
      --color              Enable colored log output (auto-disabled when using --logfile) (default true)
      --config string      Config file path. Example: ~/.config/pipeleek/pipeleek.yaml
  -g, --github string      GitHub API base URL
      --ignore-proxy       Ignore HTTP_PROXY environment variable
      --json               Use JSON as log output format
      --log-level string   Set log level globally (debug, info, warn, error). Example: --log-level=warn
  -l, --logfile string     Log output to a file
  -t, --token string       GitHub Actions CI/CD Token (GITHUB_TOKEN)
  -v, --verbose            Enable debug logging (shortcut for --log-level=debug)

SEE ALSO