gitlab-version-nse
Nmap script to guess* a GitLab version.
Usage
https://github.com/righel/gitlab-version-nse
cd gitlab-version-nse
nmap
--script ./gitlab_version.nse [--script-args="showcves"] --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
- use
--script-args="showcves"to get version CVEs via Vulners API.
sample output:
$ nmap REDACTED -p 443 --script ./gitlab_version.nse -script-args="showcves" --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-07 18:39 CET
Nmap scan report for REDACTED
Host is up (0.013s latency).
PORT STATE SERVICE
443/tcp open https
| gitlab_version:
| 14.0.5
| CVE-2021-22237 4.0 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22237
| CVE-2021-22238 3.5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22238
| CVE-2021-22239 4.0 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22239
| CVE-2021-22241 3.5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22241
| CVE-2021-22242 3.5 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22242
| CVE-2021-22243 4.0 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22243
...
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
How
Created a dictionary of the webpack static assets manifest hash -> gitlab version. This is not 100% accurate as sometimes different minor versions have the same hash, still gives a good estimate. The list of hashes is automagically updated every day via a github action.
769 Jan 03, 2023
18 Nov 15, 2021
14 Nov 19, 2021
12 Aug 19, 2022
5 Jan 18, 2022
13 Nov 25, 2022
9 Jun 08, 2022
6 Dec 08, 2022
0 Jun 21, 2022
223 Dec 24, 2022
3 Jul 05, 2022
20 Dec 20, 2022
3.5k Jan 05, 2023
5 Aug 31, 2022
7 Nov 02, 2022
3 Nov 25, 2022
2.6k Jan 09, 2023
25 Aug 30, 2022
33 Nov 24, 2022
1 Jul 25, 2022