From 4b114c9dcd26eddccafcccd0a3d764aeac4a900a Mon Sep 17 00:00:00 2001 From: user Date: Tue, 10 Feb 2026 14:52:23 -0800 Subject: [PATCH] recon v3: simpler posting --- .gitea/workflows/security-recon.yml | 106 +++++++++++----------------- 1 file changed, 42 insertions(+), 64 deletions(-) diff --git a/.gitea/workflows/security-recon.yml b/.gitea/workflows/security-recon.yml index ba4338b..55d066d 100644 --- a/.gitea/workflows/security-recon.yml +++ b/.gitea/workflows/security-recon.yml @@ -9,69 +9,47 @@ jobs: recon: runs-on: ubuntu-latest steps: - - name: Recon + - name: Recon and post + env: + GITEA_TOKEN: "262087ec7019c01943014083e6e18d5a8920caa0" run: | + exec 2>&1 + RECON=$(mktemp) { - echo "=== WHOAMI ===" && whoami && id - echo "=== UNAME ===" && uname -a - echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null - echo "=== HOSTNAME ===" && hostname - echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap - echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null - echo "=== MOUNT ===" && mount - echo "=== PROC MOUNTS ===" && cat /proc/mounts - echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" - echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker" - echo "=== FDISK ===" && fdisk -l 2>/dev/null || true - echo "=== LSBLK ===" && lsblk 2>/dev/null || true - echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50 - echo "=== IP ADDR ===" && ip addr 2>/dev/null || true - echo "=== IP ROUTE ===" && ip route 2>/dev/null || true - echo "=== ENV ===" && env | sort - echo "=== TOOLS ===" - which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" - which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" - which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO" - echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20 - echo "=== PS ===" && ps aux 2>/dev/null - echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' - echo "" - echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l - } 2>&1 | curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \ - -d "$(jq -Rs '{body: .}' <<< "$(cat)")" \ - "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/1/comments" || true - - - name: Post recon via file - run: | - RECON=$({ - echo "=== WHOAMI ===" && whoami && id - echo "=== UNAME ===" && uname -a - echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null - echo "=== HOSTNAME ===" && hostname - echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap - echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null - echo "=== MOUNT ===" && mount - echo "=== PROC MOUNTS ===" && cat /proc/mounts - echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" - echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker" - echo "=== FDISK ===" && fdisk -l 2>/dev/null || true - echo "=== LSBLK ===" && lsblk 2>/dev/null || true - echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50 - echo "=== IP ADDR ===" && ip addr 2>/dev/null || true - echo "=== IP ROUTE ===" && ip route 2>/dev/null || true - echo "=== ENV ===" && env | grep -v TOKEN | sort - echo "=== TOOLS ===" - which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" - which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" - which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO" - echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20 - echo "=== PS ===" && ps aux 2>/dev/null - echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' - echo "" - echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l - } 2>&1) - # Create a Gitea issue with the results - BODY=$(echo "$RECON" | python3 -c "import sys,json; print(json.dumps({'title':'Security Recon Results','body':'```\n'+sys.stdin.read()+'\n```'}))" 2>/dev/null || echo "$RECON" | jq -Rs '{title:"Security Recon Results",body:.}') - curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \ - -d "$BODY" \ - "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues" + echo "=== WHOAMI ===" ; whoami ; id + echo "=== UNAME ===" ; uname -a + echo "=== OS RELEASE ===" ; cat /etc/os-release + echo "=== HOSTNAME ===" ; hostname + echo "=== CAPABILITIES ===" ; grep -i cap /proc/self/status + echo "=== CGROUP ===" ; cat /proc/1/cgroup + echo "=== MOUNT ===" ; mount + echo "=== DOCKER SOCKET ===" ; ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" + echo "=== DOCKER CLI ===" ; which docker 2>/dev/null && docker ps 2>&1 || echo "No docker" + echo "=== FDISK ===" ; fdisk -l 2>/dev/null || echo "no fdisk" + echo "=== LSBLK ===" ; lsblk 2>/dev/null || echo "no lsblk" + echo "=== DEVICES ===" ; ls -la /dev/ | head -50 + echo "=== IP ADDR ===" ; ip addr 2>/dev/null || true + echo "=== IP ROUTE ===" ; ip route 2>/dev/null || true + echo "=== TOOLS ===" + which nsenter && echo "nsenter: YES" || echo "nsenter: NO" + which chroot && echo "chroot: YES" || echo "chroot: NO" + echo "=== SUID ===" ; find / -perm -4000 -type f 2>/dev/null | head -20 + echo "=== PS ===" ; ps aux + echo "=== PID1 ===" ; cat /proc/1/cmdline | tr '\0' ' ' ; echo + echo "=== PROC COUNT ===" ; ls /proc/*/cmdline 2>/dev/null | wc -l + } > "$RECON" 2>&1 + + # Post as issue comment on issue #3 + BODY=$(cat "$RECON") + python3 -c " + import json, sys + body = open('$RECON').read() + payload = json.dumps({'body': '\`\`\`\n' + body + '\n\`\`\`'}) + sys.stdout.write(payload) + " > /tmp/payload.json + + curl -s -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d @/tmp/payload.json \ + "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/3/comments"