README
¶
SmokedMeat
CI/CD Red Team Framework
Like Metasploit, but for CI/CD pipelines.
From the makers of the poutine Build Pipeline SAST scanner at BoostSecurity Labs.
Warning: This tool is for authorized security testing only.
SmokedMeat exists because CI/CD pipeline threats are deeply underestimated. Traditional security training rarely covers supply chain attacks, leaving defenders unprepared for techniques that adversaries actively exploit in the wild.
We built this to give security teams the ability to learn, practice, and validate defenses against advanced CI/CD attack techniques through realistic red team exercises.
Only use against systems you own or have explicit written permission to test.
What is SmokedMeat?
SmokedMeat is a post-exploitation framework for CI/CD pipelines. Point it at a GitHub organization, let it find vulnerable workflows, deploy an implant to a compromised runner, then pivot through cloud providers, extract secrets, and map the blast radius - all from a terminal UI.
What it does:
- Analyze - Scan an org's GitHub Actions workflows for injection vulnerabilities, dangerous triggers, and unsafe checkout patterns (powered by poutine)
- Exploit - Deploy a stager via PR, issue, comment, or workflow dispatch. When the vulnerable workflow runs, it downloads and executes the implant on the CI runner.
- Post-exploit - Extract secrets from runner memory, enumerate GitHub token permissions, scan for private keys, and collect loot
- Pivot - Use captured credentials to move laterally: discover private repos, mint GitHub App tokens, exchange OIDC tokens for AWS/GCP/Azure access, probe SSH deploy keys
Philosophy: Bold and noisy. This isn't an EDR evasion tool. It's a demonstration framework that shows how deep a CI/CD compromise goes before anything triggers an alert.
Who is it for:
- Red teams validating CI/CD security posture in enterprise environments
- Pentesters demonstrating supply chain attack paths to stakeholders
- Security engineers testing detection and response for pipeline attacks
- Researchers developing new CI/CD exploitation techniques
- Bug bounty hunters exploring supply chain attack surface
Quick Start
To try SmokedMeat for the first time, install Docker and make. Go is not required.
git clone https://github.com/boostsecurityio/smokedmeat.git
cd smokedmeat
make quickstart
make quickstart is the recommended first run. It starts the stable release quickstart stack locally and launches the operator TUI (Counter) against the local C2 teamserver (Kitchen).
Recommended first run:
- Target:
whooli - Token: classic PAT with
public_repo
⚠ Prefer a classic PAT. Fine-grained PATs can be too restrictive and may block testing public targets in other orgs, including whooli.
whooli is SmokedMeat's deliberately vulnerable CI/CD attack playground. It is the recommended first target for the public path.
The setup wizard walks you through:
- GitHub PAT - Enter your token. For private repos, a classic PAT will usually need
repo. - Target - Enter
whoolior your own org/repo - Analysis - Scans workflows for vulnerabilities and presents exploitable findings
For the full challenge flow, see the whooli guide or go straight to the whooli GitHub org.
When you are done:
make quickstart-down # Stop containers
make quickstart-purge # Stop and delete all data
If you want to work from source instead, see Development.
Development
If you are contributing or iterating on the source tree locally, install Go 1.26+ and use the dev quickstart:
make dev-quickstart
make dev-quickstart builds the local smokedmeat-cloud-shell image, starts cloudflared, nats, and the C2 teamserver (Kitchen), then launches the operator TUI from source.
If you want the infrastructure first and the operator TUI later:
make dev-quickstart-up
make dev-quickstart-counter
When you are done:
make dev-quickstart-down # Stop containers
make dev-quickstart-purge # Stop and delete all data
More deployment modes and local development details are in docs/deployment.md.
Core Components
| Standard term | SmokedMeat name | Description |
|---|---|---|
| Operator TUI | Counter |
Terminal interface for analysis, payload delivery, and post-exploitation workflow. |
| C2 teamserver | Kitchen |
API and WebSocket server for operator sessions, stagers, callbacks, and graph state. |
| Implant | Brisket |
Agent delivered to compromised CI runners for beaconing, command execution, and pivoting. |
| Browser graph view | Browser View |
Live attack graph served by the C2 teamserver at /graph. |
Deployment Modes
| Mode | Use it when | Entry point |
|---|---|---|
| Quickstart | Fastest first run on the pinned release | make quickstart |
| Dev Quickstart | Working on the source tree locally | make dev-quickstart |
| Hosted Teamserver | Running a real engagement with a stable domain | docs/deployment.md |
Hosted Teamserver runs the C2 teamserver on a dedicated host and the operator TUI natively on each operator workstation.
Architecture
At a high level, the operator TUI (Counter) talks to the C2 teamserver (Kitchen), which manages implants (Brisket) running on compromised CI runners and serves the live attack graph.
┌──────────────┐
│ SSH AGENT │
│ (Auth) │
└──────┬───────┘
│
▼
┌──────────────┐ ┌──────────────┐
│ THE COUNTER │ ───────────────▶│ THE KITCHEN │
│ (Operator) │ WebSocket │ (Teamserver) │
│ Bubbletea │◀─────────────── │ │
│ TUI │ Events/Graph │ ┌──────────┐ │
└──────────────┘ │ │ Database │ │
│ └──────────┘ │
┌──────────────┐ │ │
│ BROWSER │ ───────────────▶│ │
│ Graph View │ WebSocket │ │
│ Visualizer │◀─────────────── │ │
└──────────────┘ Live Updates └──────────────┘
│ ▲
│ │
Creates PR │ │ Stager fetches implant binary
│ │ Implant HTTP Beacon/Commands
▼ │
┌────────────────────────────────────────────┴──────────────────────────────────┐
│ GITHUB.COM │
│ │
│ ┌─────────────────────┐ ┌─────────────────────────────────────────┐ │
│ │ Malicious PR │ triggers │ GitHub Actions Runner │ │
│ │ (Vulnerable │─────────▶│ │ │
│ │ Workflow) │ │ ┌────────────┐ ┌────────────────┐ │ │
│ └─────────────────────┘ │ │ Stager │─────▶│ THE BRISKET │ │ │
│ │ │ │ │ (Implant) │ │ │
│ │ └────────────┘ └────────────────┘ │ │
│ └─────────────────────────────────────────┘ │
└───────────────────────────────────────────────────────────────────────────────┘
Features
Full details in docs/FEATURES.md.
| Category | Capabilities |
|---|---|
| Reconnaissance | Auto-detect 6 CI platforms (GitHub Actions, GitLab CI, Azure DevOps, CircleCI, Jenkins, Bitbucket). Classify secrets, probe OIDC availability, gather runner metadata. |
| Secret Extraction | Scan Runner.Worker process memory via /proc to recover unmasked secrets.*, vars.*, and GITHUB_TOKEN permission maps that GitHub hides from logs. |
| Vulnerability Analysis | Embedded poutine SAST for injection vulnerabilities, dangerous triggers, and workflow if: gate classification. Gitleaks deep scan for private keys and PATs in git history. |
| Delivery | 5 automated methods: PR, issue, comment, LOTP, workflow dispatch - plus copy-only and manual. Draft PR support, auto-close on callback, server-side dispatch preflight. |
| Injection Payloads | Context-aware payload generation for 8 injection vectors (branch name, PR title/body, commit message, issue title/body, github-script, bash run) with constraint-aware techniques. |
| LOTP | Living Off The Pipeline catalog: 15 build tools (npm, pip, cargo, make, docker, gradle, maven, and more) with config-file payloads for code execution during install/build/test. |
| Cache Poisoning | Writer/victim classification, exact cache key prediction, archive staging via the Actions Cache API. Wizard-driven flow with implant arming. |
| Token Enumeration | Probe GitHub tokens against API endpoints to enumerate 10 permission scopes, identify token type, and list accessible repos and orgs. |
| Cloud Pivots | OIDC token exchange for AWS (sts:AssumeRoleWithWebIdentity), GCP (Workload Identity Federation), Azure (AAD), and Kubernetes. Post-pivot resource enumeration. |
| Cloud Shell | Durable local sessions with cloud shell (pre-configured gcloud/aws/az), cloud export, and provider quick checks. |
| SSH Pivoting | Probe repos for SSH deploy key access (read/write), ssh shell with temporary agent, confirmed access persisted to graph. |
| GitHub Pivoting | pivot github for repo discovery, pivot app for GitHub App PEM-to-installation-token exchange. Discovered repos auto-queued for analysis. |
| Attack Graph | Persistent directed graph (BBolt) with org/repo/workflow/job/vuln/token/cloud nodes. Live Cytoscape.js browser visualization at /graph. |
| Operator TUI | Phase-aware workflow, 7-step setup wizard, attack tree navigation, exploit wizard, loot stash, omnibox search, tab completion, OSC 8 hyperlinks. |
| Teamserver | SSH or token auth, NATS JetStream message bus, GitHub API proxy (tokens stay server-side), auto-TLS via Caddy, operation history. |
Technology Stack
| Layer | Technology |
|---|---|
| Language | Go 1.26+ |
| TUI Framework | Bubbletea v2 + Lipgloss v2 |
| TUI Layout | Ultraviolet layout + ANSI-safe screen compositing |
| Message Bus | NATS JetStream |
| Attack Graph | hmdsefi/gograph |
| Graph Visualization | Cytoscape.js |
| Database | BBolt |
| CI/CD Scanner | poutine (embedded) |
| Secret Scanner | gitleaks (embedded, custom rules) |
| Runner Secret Extraction | gump (embedded, /proc memory scanning) |
| Cloud SDKs | AWS SDK v2, Google Cloud, Azure SDK for Go |
| Reverse Proxy | Caddy (auto-TLS) |
Testing
make test # Unit tests
make lint # Linter
make e2e-smoke # Fast public exploit smoke path
make e2e-goat # Full goat chain to the cloud flag
Prior Art
SmokedMeat builds on research from:
- poutine - Build Pipeline SAST scanner
- LOTP - Living Off The Pipeline techniques
- Gato-X - GitHub Actions enumeration
- Nord-Stream - CI/CD secret extraction
- Sliver - Go C2 architecture patterns
- Mythic - Collaborative workflow design
License
GNU Affero General Public License v3.0 - see LICENSE for details.
Built for defenders who want to understand attacker techniques.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
brisket
command
Package main implements the Brisket implant/agent.
|
Package main implements the Brisket implant/agent. |
|
counter
command
Package main implements the Counter CLI/TUI operator interface.
|
Package main implements the Counter CLI/TUI operator interface. |
|
kitchen
command
Package main implements the Kitchen C2 server.
|
Package main implements the Kitchen C2 server. |
|
internal
|
|
|
brisket
Package brisket implements the implant/agent that runs on target systems.
|
Package brisket implements the implant/agent that runs on target systems. |
|
counter
Package counter implements the Counter TUI operator interface.
|
Package counter implements the Counter TUI operator interface. |
|
counter/tui
Package tui implements the Bubbletea-based TUI for the Counter.
|
Package tui implements the Bubbletea-based TUI for the Counter. |
|
gump/cmd/gump
command
|
|
|
kitchen
Package kitchen implements the C2 server (HTTP-to-NATS bridge).
|
Package kitchen implements the C2 server (HTTP-to-NATS bridge). |
|
kitchen/auth
Package auth provides SSH challenge-response authentication for Kitchen operators.
|
Package auth provides SSH challenge-response authentication for Kitchen operators. |
|
kitchen/db
Package db provides BBolt persistence for Kitchen state.
|
Package db provides BBolt persistence for Kitchen state. |
|
lotp
Package lotp provides "Living Off The Pipeline" technique detection and payload generation.
|
Package lotp provides "Living Off The Pipeline" technique detection and payload generation. |
|
models
Package models contains domain models for SmokedMeat communication.
|
Package models contains domain models for SmokedMeat communication. |
|
pantry
Package pantry implements attack surface graph storage.
|
Package pantry implements attack surface graph storage. |
|
pass
Package pass provides NATS JetStream abstractions for SmokedMeat.
|
Package pass provides NATS JetStream abstractions for SmokedMeat. |
|
poutine
Package poutine provides shared poutine CI/CD security analysis functionality.
|
Package poutine provides shared poutine CI/CD security analysis functionality. |
|
rye
Package rye provides "Light Rye Bread" - injection payload generation for CI/CD pipelines.
|
Package rye provides "Light Rye Bread" - injection payload generation for CI/CD pipelines. |