The idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features ("foot guns"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.
We welcome contributions submitted as Pull Requests
with new tool contributions or simply Issues
for new ideas.
Released under AGPL-3.0 by @boostsecurityio.
Prior art
This project is largely inspired from previous projects such as https://gtfobins.github.io/ and https://lolbas-project.github.io/.