Full Report
Security scanner for GitHub Actions. Looks for Pwn Requests, TOCTOU issues, command injection and several other issues. It even has some post compromise exploitation it tries to do.
Analysis Summary
# Tool/Technique: Gato-X (GitHub Attack Toolkit - Extreme Edition)
## Overview
Gato-X is an advanced open-source static analysis and post-exploitation framework designed specifically for GitHub Actions. It is an evolution of the original GATO tool, focused on identifying security misconfigurations, "Pwn Requests," and injection vulnerabilities within CI/CD pipelines. Beyond simple scanning, it provides capabilities for red teamers and bug bounty hunters to perform post-compromise exploitation of GitHub environments.
## Technical Details
- **Type:** Attack Tool / Framework (CI/CD Exploitation)
- **Platform:** GitHub Actions (Across Linux, macOS, and Windows runners)
- **Capabilities:** Static analysis of YAML workflows, vulnerability scanning, post-exploitation, and secret exfiltration.
- **First Seen:** Continuous development; significant updates noted in late 2024/2025.
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- **[T1190 - Exploit Public-Facing Application]**: Targeting vulnerable workflow triggers.
- **[TA0007 - Discovery]**
- **[T1083 - File and Directory Discovery]**: Searching for workflow files and repository secrets.
- **[TA0008 - Lateral Movement]**
- **[T1538 - Cloud Service Dashboard]**: Moving from a compromised runner to the broader GitHub organization.
- **[TA0005 - Defense Evasion]**
- **[T1550.001 - Use Alternate Authentication Material: Application Access Token]**: Using ephemeral `GITHUB_TOKEN` for unauthorized actions.
## Functionality
### Core Capabilities
- **Static Analysis:** Scans `.github/workflows` for common vulnerabilities such as script injection through `github.event` context.
- **Pwn Request Detection:** Specifically identifies workflows that allow untrusted code from pull requests to run in a privileged context (e.g., `pull_request_target`).
- **TOCTOU Identification:** Looks for "Time-of-Check to Time-of-Use" vulnerabilities where a workflow checks a state that changes before execution.
- **Command Injection:** Detects workflows where user-controlled input is passed directly into a shell execution block (`run:`).
### Advanced Features
- **Post-Exploitation Tooling:** Includes modules to automate the compromise of a runner and use it as a pivot point.
- **Secret Exfiltration:** Attempts to identify and exfiltrate GitHub Secrets and Environment variables.
- **Self-Hosted Runner Enumeration:** Identifies organizations using self-hosted runners, which often provide a direct path into internal infrastructure.
## Indicators of Compromise
- **File Names:** `.github/workflows/*.yml` (Changes to these files by unauthorized users).
- **Network Indicators:**
- Automated traffic to `api[.]github[.]com` using unusual User-Agents or high frequency.
- Exfiltration attempts to external domains (defanged): `webhook[.]site`, `attacker-controlled-domain[.]com`.
- **Behavioral Indicators:**
- Presence of malicious code in a Pull Request targeting a `pull_request_target` workflow.
- Unusual workflow runs triggered by forks of the repository.
- Log entries showing environment variable mass-print attempts (e.g., `printenv` or `env` in workflow logs).
## Associated Threat Actors
- While primarily used by **Red Teams** and **Bug Bounty Hunters**, similar techniques are utilized by:
- **UNC2903** (Known for targeting CI/CD pipelines).
- State-sponsored actors targeting supply chains (e.g., SolarWinds style pivots).
## Detection Methods
- **Signature-based detection:** Scanning workflow YAML files for patterns like `run: | ... ${{ github.event.inputs... }}`.
- **Behavioral detection:**
- Monitoring GitHub Audit Logs for `workflow_run` events from unexpected actors.
- Detecting "Repo Hijacking" via unauthorized branch creation or PR pushes.
- **YARA Rules:** Can be written to detect Gato-X’s specific exploitation payloads (shell commands) within workflow logs.
## Mitigation Strategies
- **Prevention measures:**
- Follow the "Principle of Least Privilege" for `GITHUB_TOKEN` (set `permissions: contents: read`).
- Use the `pull_request` trigger instead of `pull_request_target` whenever possible.
- **Hardening recommendations:**
- Sanitize all inputs in workflow scripts.
- Use OpenID Connect (OIDC) for accessing external cloud providers rather than long-lived secrets.
- Require approval for all outside contributors before workflows run.
## Related Tools/Techniques
- **GATO:** The original GitHub Attack Toolkit.
- **Cycode / Raven:** Other CI/CD security scanning tools.
- **Living off the Pipeline:** A general technique of using CI/CD features for malicious persistence.