GitGoat
sish
GitGoat | sish | |
---|---|---|
9 | 33 | |
162 | 3,778 | |
0.0% | - | |
0.0 | 6.4 | |
4 months ago | 10 days ago | |
Python | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GitGoat
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
Doron Guttman and Roei Ben-Harush @ [arnica], April 2023
- GitGoat v2 is released β fake commits with real vulnerable code
- GitGoat v2 is released: multiple vulnerable projects with amended commit history
- Show HN: GitGoat v2 is released β fake commits with real vulnerable code
-
Personal + Work accounts or one account for both?
The downside is that developers can choose to avoid using one of the controls above, such as enabling MFA. In that case, the developers will likely prefer to create a new account and the use git config user.email [personal_email] to add the stats to their accounts. It will require the company to work harder on mapping the author (from the git config) to the pusher of the code (arnica.io correlates this data in the GitHub user inventory, so it is possible to solve with some engineering work).
-
Try to take permissions from devsβ¦
This meme was created by arnica.io, which solves it. The nice thing about it is that the continuous analysis of excessive permissions is free forever for unlimited users.
-
Tell HN: GitHub Apps bug created tokens with elevated privileges
You can assess all GitHub app permissions on https://arnica.io. The excessive permissions are presented at the end of the data ingestion process. This is part of the freemium.
- GitGoat - deliberately misconfigured GitHub org
-
GotGoat - deliberately misconfigured GitHub organization
Pretty cool way to generate dummy data on GitHub, such as invite members, add them to Teams, commit code and secrets, raise & review PRs, and configure different branch protection policies (such as CODEOWNERS). Link: https://github.com/arnica-ext/GitGoat
sish
-
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
sish - Open source ngrok/serveo alternative. SSH-based but uses a custom server written in Go. Supports WebSocket tunneling.
-
Tunnelmole, an ngrok alternative (open source)
sish uses ssh tunneling that you can read about in their docs: https://ssi.sh/
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
Tunneling services can be considered as a solution in some cases. Services like ngrok, frp, localtunnel and sish create a public endpoint that tunnels communication to your local endpoint via a tunnel client.
-
Tunnelmole β Connect to local servers from anywhere
My favourite one is https://github.com/antoniomika/sish
It uses SSH as the method of opening the remote tunnel to the public server.
-
My newbie setup. Any recommended tweaks or suggestions?
Why not forget about Cloudflare and a VPN but get a 3 euro Hetzner server and install https://github.com/antoniomika/sish for dynamic DNS through SSH + Traefik with a DNS resolver and have yourself a wildcard certificate. This way you can host any service from home as long as you run a port forwarding service through SSH with a one liner on Ubuntu. Better yet make an alpine docker image with a command to route traffic to your local service for even more isolation. π
-
SirTunnel, a Personal Ngrok Alternative
Personally Iβve been using sish[1] recently, lots of ngrok alternatives out there now, especially as the pricing went a bit weird
[1] https://github.com/antoniomika/sish
- Self hosting tunnel to localhost using only SSH
-
Show HN: Quick tunnels to localhost with one command and no binary download
i used to use a similar tool called inlets but they removed the open licensing. i now self host a sish server (https://github.com/antoniomika/sish) which also uses ssh for the reverse tunnel client. so much simpler!
-
Ask HN: What services/apps are you self-hosting?
- Sish : Because I don't want to pay for ngrok anymore (https://github.com/antoniomika/sish)
-
[S1 E6] : Etunes malware, technical question
They could create a tunneled connection. Take a look at ngrok.io or ssi.sh
What are some alternatives?
WebGoat - WebGoat is a deliberately insecure application
awesome-tunneling - List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
smee.io - βοΈπ¦ Webhook payload delivery service
rathole - A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
smee-client - π΄ Receives payloads then sends them to your local server
inlets - Get public TCP LoadBalancers for local Kubernetes clusters
git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
traefik - The Cloud Native Application Proxy
node-config - Node.js Application Configuration
chisel - A fast TCP/UDP tunnel over HTTP