Merge pull request #1200 from pikpikcu/patch-138

Create gitlab-infoleak
2021-04-05 23:46:11 +05:30 · 2021-04-05 23:46:11 +05:30 · a73d7f855c
parent 8c3326b63b a0d6838672
commit a73d7f855c
2 changed files with 54 additions and 0 deletions
--- a/misconfiguration/gitlab/gitlab-user-enumeration.yaml
+++ b/misconfiguration/gitlab/gitlab-user-enumeration.yaml
@ -0,0 +1,38 @@
+id: gitlab-user-enumeration
+
+info:
+  name: Gitlab User enumeration
+  author: pikpikcu
+  severity: info
+  tags: gitlab,enum
+
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/api/graphql"
+    headers:
+      Content-Type: application/json
+    body: |
+        {
+           "query":"{\nusers {\nedges {\n  node {\n    username\n    email\n    avatarUrl\n    }\n   }\n  }\n }"
+        }
+
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "application/json"
+        part: header
+
+      - type: word
+        words:
+          - avatarUrl
+          - username
+          - email
+        condition: and
+
+      - type: status
+        status:
+          - 200
--- a/workflows/gitlab-workflow.yaml
+++ b/workflows/gitlab-workflow.yaml
@ -0,0 +1,16 @@
+id: gitlab-workflow
+
+info:
+  name: GitLab Security Checks
+  author: pdteam
+  description: A simple workflow that runs all GitLab related nuclei templates on a given target.
+  tags: workflow
+
+workflows:
+
+  - template: exposed-panels/gitlab-detect.yaml
+    subtemplates:
+      - template: misconfiguration/gitlab/gitlab-public-repos.yaml
+      - template: misconfiguration/gitlab/gitlab-public-signup.yaml
+      - template: misconfiguration/gitlab/gitlab-public-snippets.yaml
+      - template: misconfiguration/gitlab/gitlab-user-enumeration.yaml