commit
a73d7f855c
|
@ -0,0 +1,38 @@
|
|||
id: gitlab-user-enumeration
|
||||
|
||||
info:
|
||||
name: Gitlab User enumeration
|
||||
author: pikpikcu
|
||||
severity: info
|
||||
tags: gitlab,enum
|
||||
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/api/graphql"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
body: |
|
||||
{
|
||||
"query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n }\n }\n }\n }"
|
||||
}
|
||||
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "application/json"
|
||||
part: header
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- avatarUrl
|
||||
- username
|
||||
- email
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,16 @@
|
|||
id: gitlab-workflow
|
||||
|
||||
info:
|
||||
name: GitLab Security Checks
|
||||
author: pdteam
|
||||
description: A simple workflow that runs all GitLab related nuclei templates on a given target.
|
||||
tags: workflow
|
||||
|
||||
workflows:
|
||||
|
||||
- template: exposed-panels/gitlab-detect.yaml
|
||||
subtemplates:
|
||||
- template: misconfiguration/gitlab/gitlab-public-repos.yaml
|
||||
- template: misconfiguration/gitlab/gitlab-public-signup.yaml
|
||||
- template: misconfiguration/gitlab/gitlab-public-snippets.yaml
|
||||
- template: misconfiguration/gitlab/gitlab-user-enumeration.yaml
|
Loading…
Reference in New Issue