Cacheract

active

A GitHub Actions cache poisoning tool for security research and red team engagements.

View on GitHub
January 2024
github-actions security cache-poisoning red-team

Overview

Cacheract is a tool designed for security researchers and red teamers to demonstrate cache poisoning vulnerabilities in GitHub Actions workflows. It exploits the shared cache mechanism between workflow runs to inject malicious payloads.

Why Cacheract?

GitHub Actions caches are shared across workflow runs within the same repository. This creates an attack surface where a malicious actor with the ability to trigger workflows (e.g., through a pull request) can poison the cache with malicious content that gets consumed by subsequent privileged workflow runs.

Features

  • Automated cache key discovery and enumeration
  • Payload injection into various cache types (npm, pip, gradle, etc.)
  • Support for multi-stage cache poisoning attacks
  • Detailed logging for security assessments

Use Cases

  • Security assessments of CI/CD pipelines
  • Red team engagements targeting developer infrastructure
  • Demonstrating supply chain attack vectors
  • Training and awareness for DevSecOps teams

Responsible Use

This tool is intended for authorized security testing only. Always obtain proper authorization before testing against any systems you don’t own.