id: gitlab-user-enum

info:
  name: GitLab - User Enumeration
  author: Suman_Kar
  severity: info
  reference:
    - https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/malenames-usa-top1000.txt
  metadata:
    max-request: 100
    shodan-query: http.title:"GitLab"
  tags: gitlab,enum,misconfig,fuzz

http:
  - raw:
      - |
        GET /users/{{user}}/exists HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
        Referer: {{BaseURL}}

    payloads:
      user: helpers/wordlists/user-list.txt
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "exists.*:true"

      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "application/json"
# digest: 490a004630440220562a9f8ba6edfa7b4aee0ee747db5bea2b7a92f48e4880e87f7c2c0e1f0e53350220284a8c20ed6356ee243fe41581351c7cdafc9037099d94a5f34a45813725f77f:922c64590222798bb761d5b6d8e72950