hunt-cicd

Community

Hunt critical CI/CD pipeline vulnerabilities.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

CI/CD pipelines are high-value attack surfaces that are frequently overlooked during security assessments, leading to unpatched critical vulnerabilities that can result in full infrastructure or cloud account compromise.

Core Features & Use Cases

  • Multi-platform CI/CD vulnerability detection: Identifies critical flaws across GitHub Actions, GitLab CI, Jenkins, and Terraform deployments, including Pwnrequest injection, Jenkins script console RCE, self-hosted runner poisoning, OIDC trust policy abuse, runner token abuse, Terraform state leakage, and build artifact secret leaks.
  • Field-validated exploitation guidance: Provides proven, real-world exploitation payloads and validation methods for 18+ high-severity vulnerability classes sourced from HackerOne, GitHub Security Lab, and PortSwigger research.
  • Use Case: For penetration testers and red teamers assessing organizations with public GitHub/GitLab repositories, exposed CI dashboards, or publicly reachable build artifacts, this skill eliminates false positives with explicit validation gates and impact proof requirements.

Quick Start

Use the hunt-cicd skill to identify and validate critical CI/CD pipeline vulnerabilities in a target organization's public GitHub repositories and exposed Jenkins instances.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: hunt-cicd
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hunt-cicd

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.