From 576f1fcce0b3d6136e0e20e976df33b45b90666f Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sun, 25 Feb 2024 22:18:04 +0000
Subject: [PATCH] GITBOOK-578: change request with no subject merged in GitBook

---
 SUMMARY.md                                          |  2 +-
 .../abusing-github-actions/README.md                | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/SUMMARY.md b/SUMMARY.md
index 5d752c8daf..233b441061 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -43,7 +43,7 @@
 * [Ansible Tower / AWX / Automation controller Security](pentesting-ci-cd/ansible-tower-awx-automation-controller-security.md)
 * [TODO](pentesting-ci-cd/todo.md)
 
-## ⛈ Pentesting Cloud
+## ⛈️ Pentesting Cloud
 
 * [Pentesting Cloud Methodology](pentesting-cloud/pentesting-cloud-methodology.md)
 * [Kubernetes Pentesting](pentesting-cloud/kubernetes-security/README.md)
diff --git a/pentesting-ci-cd/github-security/abusing-github-actions/README.md b/pentesting-ci-cd/github-security/abusing-github-actions/README.md
index dcf1bd72f0..ffed241768 100644
--- a/pentesting-ci-cd/github-security/abusing-github-actions/README.md
+++ b/pentesting-ci-cd/github-security/abusing-github-actions/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>
@@ -514,7 +514,7 @@ The way to find which **Github Actions are being executed in non-github infrastr
 
 **Self-hosted** runners might have access to **extra sensitive information**, to other **network systems** (vulnerable endpoints in the network? metadata service?) or, even if it's isolated and destroyed, **more than one action might be run at the same time** and the malicious one could **steal the secrets** of the other one.
 
-In self-hosted runners it's also possible to obtain the **secrets from the **_**Runner.Listener**_** process** which will contain all the secrets of the workflows at any step by dumping its memory:
+In self-hosted runners it's also possible to obtain the **secrets from the \_Runner.Listener**\_\*\* process\*\* which will contain all the secrets of the workflows at any step by dumping its memory:
 
 {% code overflow="wrap" %}
 ```bash
@@ -592,6 +592,13 @@ An organization in GitHub is very proactive in reporting accounts to GitHub. All
 The only way for an organization to figure out they have been targeted is to check GitHub logs from SIEM since from GitHub UI the PR would be removed.
 {% endhint %}
 
+## Tools
+
+The following tools are useful to find Github Action workflows and even find vulnerable ones:
+
+* [https://github.com/CycodeLabs/raven](https://github.com/CycodeLabs/raven)
+* [https://github.com/carlospolop/PurplePanda](https://github.com/carlospolop/PurplePanda)
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
@@ -601,7 +608,7 @@ Other ways to support HackTricks:
 * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
 
 </details>