ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.

Last update: Nov 02, 2022

Overview

ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack. Read more about it here

Requirements

Python 3.6+ and pip
Go and it's binaries >= 1.13
GitHub token (for API queries)
- 💡 This token is used for read only purposes and does not require any permissions

Installation

pip install chainjacking

Using in CI Workflows

ChainJacking can be easily integrated into modern CI workflows to test new code contributions.

GitHub Actions

ci-example.mp4

Example configuration:

name: Pull Request

on:
  pull_request

jobs:

  build:
    name: Run Tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          python-version: '3.9'

      - name: ChainJacking tool test
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          python -m pip install -q chainjacking
          python -m chainjacking -gt $GITHUB_TOKEN

CLI

ChainJacking module can be run as a CLI tool simply as

python -m chainjacking

CLI Arguments

-gt - GitHub access token, to run queries on GitHub API (required)
-p - Path to scan. (default=current directory)
-v - Verbose output mode
-url - Scan one or more GitHub URLs
-f - Scan one or more GitHub URLs from a file separated by new-line

Example: Scan a Go project

navigate your shell into a Go project's directory, and run:

python -m chainjacking -gt $GH_TOKEN

cli-example.mp4

You might also like...

Automated GitHub profile content using the USGS API, Plotly and GitHub Actions.

Top 20 Largest Earthquakes in the Past 24 Hours Location Mag Date and Time (UTC) 92 km SW of Sechura, Peru 5.2 11-05-2021 23:19:50 113 km NNE of Lobuj

28 Oct 31, 2022

Dicionario-git-github - Dictionary created to help train new users of Git and GitHub applications

Dicionário 📕 Dicionário criado com o objetivo de auxiliar no treinamento de nov

1 Feb 7, 2022

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

SysWhispers2BOF Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs. Introduction This script was initially created to fix specific

101 Dec 20, 2022

Direct Multi-view Multi-person 3D Human Pose Estimation

Implementation of NeurIPS-2021 paper: Direct Multi-view Multi-person 3D Human Pose Estimation [paper] [video-YouTube, video-Bilibili] [slides] This is

253 Jan 5, 2023

APRS Track Direct is a collection of tools that can be used to run an APRS website

APRS Track Direct APRS Track Direct is a collection of tools that can be used to run an APRS website. You can use data from APRS-IS, CWOP-IS, OGN, HUB

42 Dec 29, 2022

Bootstraparse is a personal project started with a specific goal in mind: creating static html pages for direct display from a markdown-like file

1 Jun 15, 2022

Add your recently blog and douban states in your GitHub Profile

4 Dec 12, 2022

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel. This project is inspired by tox-travis.

19 Dec 26, 2022

Fetch PRs from GitHub and analyze which ones are unmergeable

Set up token Generate a personal access token on GitHub. Add repo permissions. export GH_TOKEN="abcdefg" Pull PR data make Usually, GitHub doesn't h

1 Nov 5, 2021

ChainJacking is a tool to find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.

Related tags

Overview

Requirements

Installation

Using in CI Workflows

GitHub Actions

CLI

CLI Arguments

Example: Scan a Go project

You might also like...

Automated GitHub profile content using the USGS API, Plotly and GitHub Actions.

Dicionario-git-github - Dictionary created to help train new users of Git and GitHub applications

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

Direct Multi-view Multi-person 3D Human Pose Estimation

APRS Track Direct is a collection of tools that can be used to run an APRS website

Bootstraparse is a personal project started with a specific goal in mind: creating static html pages for direct display from a markdown-like file

Add your recently blog and douban states in your GitHub Profile

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel

Fetch PRs from GitHub and analyze which ones are unmergeable

Releases(v1.1.2)

v1.1.2(Nov 16, 2021)

1.1.2 (2021-11-16)

Bug Fixes

v1.1.1(Nov 16, 2021)

1.1.1 (2021-11-16)

Bug Fixes

v1.1.0(Nov 16, 2021)

Owner

Checkmarx

An html wrapper for python

run-js Goal: The Easiest Way to Run JavaScript in Python

Software that extracts spreadsheets from various .pdf files to .csv

Suite of tools for retrieving USGS NWIS observations and evaluating National Water Model (NWM) data.

Semantic Data Management - Property Graphs 📈

Checkers Project Built Using Python

CDM Device Checker for python

Gerador de dafaces

The repository is about 100+ python programming exercise problem discussed, explained, and solved in different ways

CD for MachineLearnia

Arknights gacha simulation written in Python

Personal Chat Assistance

Customizable-menu-python - User customizable menu in Python

Python tools for experimenting with differentiable intonation cost measures

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

One-stop-shop for docs and test coverage of dbt projects.

Traits for Python3

This code extracts line width of phonons from specular energy density (SED) calculated with LAMMPS.

Linux GUI app to codon optimize many single-fasta files with coding sequences , using many taxonomy ids

Nextstrain build targeted to Omicron