Skip to content

Commit 4d891ca

Browse files
Fix Pipeleak command syntax for GitLab methodology docs (#338)
add gl subcommand where necessary
1 parent 77ba5c8 commit 4d891ca

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

docs/methodology/gitlab.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ Make sure to verify manually as well.
4242
> To create a Personal Access Token visit https://leakycompany.com/-/user_settings/personal_access_tokens
4343
4444
```bash
45-
pipeleak vuln -g https://leakycompany.com -t glpat-[redacted]
45+
pipeleak gl vuln -g https://leakycompany.com -t glpat-[redacted]
4646
2024-11-14T14:29:05+01:00 INF GitLab version=17.5.1-ee
4747
2024-11-14T14:29:05+01:00 INF Fetching CVEs for this version version=17.5.1-ee
4848
```
@@ -55,13 +55,13 @@ If you already have access to projects and groups you can try to enumerate CI/CD
5555
Dump all CI/CD variables you have access to, to find more secrets.
5656
```bash
5757
# Dump variables defined in the projects settings
58-
pipeleak variables -g https://leakycompany.com -t glpat-[redacted]
58+
pipeleak gl variables -g https://leakycompany.com -t glpat-[redacted]
5959

6060
# Schedules can have separately defined variables
61-
pipeleak schedule -g https://leakycompany.com -t glpat-[redacted]
61+
pipeleak gl schedule -g https://leakycompany.com -t glpat-[redacted]
6262

6363
# Secure files are an alternative to variables and often times contain sensitive info
64-
pipeleak secureFiles --gitlab https://leakycompany.com --token glpat-[redacted]
64+
pipeleak gl secureFiles --gitlab https://leakycompany.com --token glpat-[redacted]
6565
2024-11-18T15:38:08Z INF Fetching project variables
6666
2024-11-18T15:38:09Z WRN Secure file content="this is a secure file!!" downloadUrl=https://leakycompany.com/api/v4/projects/60367314/secure_files/9149327/download
6767
2024-11-18T15:38:12Z INF Fetched all secure files
@@ -143,7 +143,7 @@ There are many reasons why credentials might be included in the job output. More
143143
[Pipeleak](https://github.com/CompassSecurity/pipeleak) can be used to scan for credentials in the job outputs.
144144

145145
```bash
146-
$ pipeleak scan --token glpat-[redacted] --gitlab https://gitlab.example.com -c [gitlab session cookie]] -v -a -j 5 --confidence high-verified,high
146+
$ pipeleak gl scan --token glpat-[redacted] --gitlab https://gitlab.example.com -c [gitlab session cookie]] -v -a -j 5 --confidence high-verified,high
147147
2024-09-26T13:47:09+02:00 DBG Verbose log output enabled
148148
2024-09-26T13:47:10+02:00 INF Gitlab Version Check revision=2e166256199 version=17.5.0-pre
149149
2024-09-26T13:47:10+02:00 DBG Setting up queue on disk
@@ -193,7 +193,7 @@ curl --request GET --header "PRIVATE-TOKEN: glpat-[redacted]" https://gitlab.com
193193
}
194194

195195
# Verify using Pipeleak
196-
pipeleak enum -g https://gitlab.com -t glpat-[redacted]
196+
pipeleak gl enum -g https://gitlab.com -t glpat-[redacted]
197197
2025-09-29T12:25:51Z INF Enumerating User
198198
2025-09-29T12:25:51Z WRN Current user admin=false bot=false email=test@example.com name="Pipe Leak" username=pipeleak_user
199199
2025-09-29T12:25:51Z INF Enumerating Access Token
@@ -219,7 +219,7 @@ Runners can be attached globally, on the group level or on individual projects.
219219

220220
Using pipeleak we can automate runner enumeration:
221221
```bash
222-
$ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v list
222+
$ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v list
223223
2024-09-26T14:26:54+02:00 INF group runner description=2-green.shared-gitlab-org.runners-manager.gitlab.com name=comp-test-ia paused=false runner=gitlab-runner tags=gitlab-org type=instance_type
224224
2024-09-26T14:26:55+02:00 INF group runner description=3-green.shared-gitlab-org.runners-manager.gitlab.com/dind name=comp-test-ia paused=false runner=gitlab-runner tags=gitlab-org-docker type=instance_type
225225
2024-09-26T14:26:55+02:00 INF group runner description=blue-3.saas-linux-large-amd64.runners-manager.gitlab.com/default name=comp-test-ia paused=false runner=gitlab-runner tags=saas-linux-large-amd64 type=instance_type
@@ -234,7 +234,7 @@ Pipeleak can generate a `.gitlab-ci.yml` or directly create a project and launch
234234

235235
```bash
236236
# Manual creation
237-
$ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell --dry
237+
$ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell --dry
238238
2024-09-26T14:32:26+02:00 DBG Verbose log output enabled
239239
2024-09-26T14:32:26+02:00 INF Generated .gitlab-ci.yml
240240
2024-09-26T14:32:26+02:00 INF ---
@@ -260,7 +260,7 @@ pipeleak-job-saas-linux-small-amd64:
260260
2024-09-26T14:32:26+02:00 INF Done, Bye Bye 🏳️‍🌈🔥
261261

262262
# Automated
263-
$ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell
263+
$ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell
264264
2024-09-26T14:33:48+02:00 DBG Verbose log output enabled
265265
2024-09-26T14:33:49+02:00 INF Created project name=pipeleak-runner-exploit url=https://gitlab.com/[redacted]/pipeleak-runner-exploit
266266
2024-09-26T14:33:50+02:00 INF Created .gitlab-ci.yml file=.gitlab-ci.yml
@@ -311,4 +311,4 @@ If the GitLab instance has a container registry enabled, check if you have acces
311311
Using [TruffleHog](https://github.com/trufflesecurity/trufflehog):
312312
```bash
313313
trufflehog docker --image registry.leakycompany.com/auser/arepo
314-
```
314+
```

0 commit comments

Comments
 (0)