How to install Nord Stream on Windows?

Use pipx with 'pipx install git+https://github.com/synacktiv/nord-stream', but first install git from git-scm.com and ensure it's in your PATH, as per the README. Note that some features like GPG signing may require additional setup.

Nord Stream vs TruffleHog for secret scanning?

Nord Stream actively exploits CI/CD pipelines to extract secrets by deploying malicious workflows, while TruffleHog passively scans git history for credentials. Use Nord Stream for offensive security testing and TruffleHog for defensive code audits.

How to bypass GitHub branch protections with Nord Stream?

Use the '--disable-protections' option with admin privileges to temporarily remove branch rules, extract secrets, and restore protections automatically. Alternatively, '--force' can bypass checks if protections are permissive.

Can Nord Stream extract secrets from private Azure DevOps projects?

Yes, if you have a valid personal access token with sufficient permissions. Nord Stream uses the token to access projects, list secrets, and deploy pipelines, as demonstrated in the usage examples for Azure DevOps.

Is Nord Stream legal for penetration testing?

Nord Stream is designed for authorized security assessments, such as red team exercises. Always obtain explicit permission before using it on any CI/CD system to avoid legal repercussions and ethical violations.

How to clean up logs after using Nord Stream on GitLab?

Nord Stream attempts automatic log cleanup, but the README warns that for GitLab, some traces cannot be deleted. Use '--no-clean' to preserve logs for analysis, but this increases the risk of detection.

What permissions are needed for Nord Stream to work on GitHub?

You need a GitHub personal token with write or admin access to repositories. For features like disabling protections, admin rights are required, as noted in the '--disable-protections' section.

Nord Stream — CI/CD Secrets Extraction Tool

Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.

Nord Stream

What is Nord Stream?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions