Nmap script to guess* a GitLab version.

Related tags

General Utilitiesgitlabnmapnsenmap-scripts
Overview

gitlab-version-nse

Nmap script to guess* a GitLab version.

Usage

https://github.com/righel/gitlab-version-nse
cd gitlab-version-nse 
nmap 
   
     --script ./gitlab_version.nse [--script-args="showcves"] --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
  • use --script-args="showcves" to get version CVEs via Vulners API.

sample output:

$ nmap REDACTED -p 443 --script ./gitlab_version.nse -script-args="showcves" --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-07 18:39 CET
Nmap scan report for REDACTED
Host is up (0.013s latency).

PORT    STATE SERVICE
443/tcp open  https
| gitlab_version: 
|   14.0.5
|     CVE-2021-22237            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22237
|     CVE-2021-22238            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22238
|     CVE-2021-22239            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22239
|     CVE-2021-22241            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22241
|     CVE-2021-22242            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22242
|     CVE-2021-22243            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22243
...
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

How

Created a dictionary of the webpack static assets manifest hash -> gitlab version. This is not 100% accurate as sometimes different minor versions have the same hash, still gives a good estimate. The list of hashes is automagically updated every day via a github action.

Owner
Luciano Righetti
Software Engineer
Luciano Righetti
GitHub Repository
Customized python validations.

A customized python validations.

Wilfred V. Pine 2 Apr 20, 2022
Parse URLs for DOIs, PubMed identifiers, PMC identifiers, arXiv identifiers, etc.

citation-url Parse URLs for DOIs, PubMed identifiers, PMC identifiers, arXiv identifiers, etc. This module has a single parse() function that takes in

Charles Tapley Hoyt 2 Feb 12, 2022
Toolkit for collecting and applying templates of prompting instances

PromptSource Toolkit for collecting and applying templates of prompting instances. WIP Setup Download the repo Navigate to root directory of the repo

BigScience Workshop 1k Jan 05, 2023
jfc is an utility to make reviewing ArXiv papers for your Journal Club easier.

jfc is an utility to make reviewing ArXiv papers for your Journal Club easier.

Miguel M. 3 Dec 20, 2021
A morse code encoder and decoder utility.

morsedecode A morse code encoder and decoder utility. Installation Install it via pip: pip install morsedecode Alternatively, you can use pipx to run

Tushar Sadhwani 2 Dec 25, 2021
A time table app to notify the user about their class timings

kivyTimeTable A time table app to notify the user about their class timings Features This project incorporates some features i wanted to see in a time

2 Dec 15, 2021
A fast Python implementation of Ac Auto Mechine

A fast Python implementation of Ac Auto Mechine

Jin Zitian 1 Dec 07, 2021
A simulator for xkcd 2529's weirdly concrete problem

What is this? This is a quick hack implementation of a simulator for xkcd 2529's weirdly concrete problem. This is barely tested and I suck at computa

Reuben Steenekamp 6 Oct 27, 2021
A utility tool to create .env files

A utility tool to create .env files dump-env takes an .env.template file and some optional environmental variables to create a new .env file from thes

wemake.services 89 Dec 08, 2022
Basic loader is a small tool that will help you generating Cloudflare cookies

Basic Loader Cloudflare cookies loader This tool may help some people getting valide cloudflare cookies Installation πŸ”Œ : pip install -r requirements.

IHateTomLrge 8 Mar 30, 2022
Auto-generate /etc/hosts for HackTheBox machines

Auto-generate /etc/hosts for HackTheBox machines Save yourself some tedium on getting started on a new machine by having your /etc/hosts ready to go.

3 Feb 16, 2022
A small python library that helps you to generate localization strings for your mobile projects.

LocalizationUtiltiy A small python library that helps you to generate localization strings for your mobile projects. This small script aims to help yo

1 Nov 12, 2021
The producer-consumer problem implemented with threads in Python

This was developed using a Python virtual environment, I would strongly recommend to do the same if you want to clone this repository. How to run this

Omar Beltran 1 Oct 30, 2021
Python script to launch burp scans automatically

SimpleAutoBurp Python script that takes a config.json file as config and uses Burp Suite Pro to scan a list of websites.

Adan Álvarez 26 Jul 18, 2022
SmarTool - Smart Util Tool for Python

A set of tools that keep Python sweeter.

Liu Tao 9 Sep 30, 2022
Python library to decorate and beautify strings

outputformat Python library to decorate and beautify your standard output πŸ’– Ins

Felipe Delestro Matos 259 Dec 13, 2022
ecowater-softner is a Python library for collecting information from Ecowater water softeners.

Ecowater Softner ecowater-softner is a Python library for collecting information from Ecowater water softeners. Installation Use the package manager p

6 Dec 08, 2022
Group imports from Windows binaries

importsort This is a tool that I use to group imports from Windows binaries. Sometimes, you have a gigantic folder full of executables, and you want t

γ€β˜† ゆう β˜† 】 15 Aug 27, 2022
Analyze metadata of your Python project.

Analyze metadata of your Python projects Setup: Clone repo py-m venv venv (venv) pip install -r requirements.txt specify the folders which you want to

Pedro Monteiro de Carvalho e Silva Prado 1 Nov 10, 2021
A random cats photos python module

A random cats photos python module

Fayas Noushad 6 Dec 01, 2021