56 lines
2.2 KiB
YAML
56 lines
2.2 KiB
YAML
name: Security Recon
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- security-audit
|
|
|
|
jobs:
|
|
recon:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Recon and post
|
|
env:
|
|
GITEA_TOKEN: "262087ec7019c01943014083e6e18d5a8920caa0"
|
|
run: |
|
|
exec 2>&1
|
|
RECON=$(mktemp)
|
|
{
|
|
echo "=== WHOAMI ===" ; whoami ; id
|
|
echo "=== UNAME ===" ; uname -a
|
|
echo "=== OS RELEASE ===" ; cat /etc/os-release
|
|
echo "=== HOSTNAME ===" ; hostname
|
|
echo "=== CAPABILITIES ===" ; grep -i cap /proc/self/status
|
|
echo "=== CGROUP ===" ; cat /proc/1/cgroup
|
|
echo "=== MOUNT ===" ; mount
|
|
echo "=== DOCKER SOCKET ===" ; ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"
|
|
echo "=== DOCKER CLI ===" ; which docker 2>/dev/null && docker ps 2>&1 || echo "No docker"
|
|
echo "=== FDISK ===" ; fdisk -l 2>/dev/null || echo "no fdisk"
|
|
echo "=== LSBLK ===" ; lsblk 2>/dev/null || echo "no lsblk"
|
|
echo "=== DEVICES ===" ; ls -la /dev/ | head -50
|
|
echo "=== IP ADDR ===" ; ip addr 2>/dev/null || true
|
|
echo "=== IP ROUTE ===" ; ip route 2>/dev/null || true
|
|
echo "=== TOOLS ==="
|
|
which nsenter && echo "nsenter: YES" || echo "nsenter: NO"
|
|
which chroot && echo "chroot: YES" || echo "chroot: NO"
|
|
echo "=== SUID ===" ; find / -perm -4000 -type f 2>/dev/null | head -20
|
|
echo "=== PS ===" ; ps aux
|
|
echo "=== PID1 ===" ; cat /proc/1/cmdline | tr '\0' ' ' ; echo
|
|
echo "=== PROC COUNT ===" ; ls /proc/*/cmdline 2>/dev/null | wc -l
|
|
} > "$RECON" 2>&1
|
|
|
|
# Post as issue comment on issue #3
|
|
BODY=$(cat "$RECON")
|
|
python3 -c "
|
|
import json, sys
|
|
body = open('$RECON').read()
|
|
payload = json.dumps({'body': '\`\`\`\n' + body + '\n\`\`\`'})
|
|
sys.stdout.write(payload)
|
|
" > /tmp/payload.json
|
|
|
|
curl -s -X POST \
|
|
-H "Authorization: token $GITEA_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d @/tmp/payload.json \
|
|
"https://git.eeqj.de/api/v1/repos/sneak/lora.vegas/issues/3/comments"
|