Nmap script to guess* a GitLab version.

Related tags

General Utilitiesgitlabnmapnsenmap-scripts
Overview

gitlab-version-nse

Nmap script to guess* a GitLab version.

Usage

https://github.com/righel/gitlab-version-nse
cd gitlab-version-nse 
nmap 
   
     --script ./gitlab_version.nse [--script-args="showcves"] --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
  • use --script-args="showcves" to get version CVEs via Vulners API.

sample output:

$ nmap REDACTED -p 443 --script ./gitlab_version.nse -script-args="showcves" --script-args-file="/home/user/gitlab-version-nse/gitlab_versions_map.txt"
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-07 18:39 CET
Nmap scan report for REDACTED
Host is up (0.013s latency).

PORT    STATE SERVICE
443/tcp open  https
| gitlab_version: 
|   14.0.5
|     CVE-2021-22237            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22237
|     CVE-2021-22238            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22238
|     CVE-2021-22239            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22239
|     CVE-2021-22241            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22241
|     CVE-2021-22242            3.5             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22242
|     CVE-2021-22243            4.0             https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22243
...
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds

How

Created a dictionary of the webpack static assets manifest hash -> gitlab version. This is not 100% accurate as sometimes different minor versions have the same hash, still gives a good estimate. The list of hashes is automagically updated every day via a github action.

Owner
Luciano Righetti
Software Engineer
Luciano Righetti
GitHub Repository
cpp20.py is a Python script to compile C++20 code using modules.

cpp20.py is a Python script to compile C++20 code using modules. It browses the source files to determine their dependencies. Then, it compiles then in order using the correct flags.

Julien VERNAY 6 Aug 26, 2022
Python utility for discovering interesting CFPreferences values on iDevices

Description Simple utility to search for interesting preferences in iDevices. Installation python3 -m pip install -U --user cfprefsmon Example In this

12 Aug 19, 2022
A Python library for reading, writing and visualizing the OMEGA Format

A Python library for reading, writing and visualizing the OMEGA Format, targeted towards storing reference and perception data in the automotive context on an object list basis with a focus on an urb

Institut fรผr Kraftfahrzeuge, RWTH Aachen, ika 12 Sep 01, 2022
๐Ÿ’‰ ์ฝ”๋กœ๋‚˜ ์ž”์—ฌ๋ฐฑ์‹  ์˜ˆ์•ฝ ๋งคํฌ๋กœ ์ปค์Šคํ…€ ๋นŒ๋“œ (์†๋„ ํ–ฅ์ƒ ๋ฒ„์ „)

Korea-Covid-19-Vaccine-Reservation ์ฝ”๋กœ๋‚˜ ์ž”์—ฌ ๋ฐฑ์‹  ์˜ˆ์•ฝ ๋งคํฌ๋กœ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ํ•œ ์ปค์Šคํ…€ ๋นŒ๋“œ์ž…๋‹ˆ๋‹ค. ๋” ๋น ๋ฅธ ๋ฐฑ์‹  ์˜ˆ์•ฝ์„ ๋ชฉํ‘œ๋กœ ํ•˜๋ฉฐ, ์†๋„๋ฅผ ์šฐ์„ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์‚ฌ์šฉ์ž๋Š” ์ด์— ๋Œ€์ฒ˜๊ฐ€ ๊ฐ€๋Šฅํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ง€์ •ํ•œ ์ขŒํ‘œ ๋‚ด ๋Œ€๊ธฐ์ค‘์ธ ๋ณ‘์›์—์„œ ์ž”์—ฌ ๋ฐฑ์‹ 

Queue.ri 21 Aug 15, 2022
A simple package for handling variables in string.

A simple package for handling string variables. Welcome! This is a simple package for handling variables in string, You can add or remove variables wi

1 Dec 31, 2021
An awesome tool to save articles from RSS feed to Pocket automatically.

RSS2Pocket An awesome tool to save articles from RSS feed to Pocket automatically. About the Project I used to use IFTTT to save articles from RSS fee

Hank Liao 10 Nov 12, 2022
A repo for working with and building daos

DAO Mix DAO Mix About How to DAO No Code Tools Getting Started Prerequisites Installation Usage On-Chain Governance Example Off-Chain governance Examp

Brownie Mixes 86 Dec 19, 2022
A toolkit for writing and executing automation scripts for Final Fantasy XIV

XIV Scripter This is a tool for scripting out series of actions in FFXIV. It allows for custom actions to be defined in config.yaml as well as custom

Jacob Beel 1 Dec 09, 2021
Extract the download URL from OneDrive or SharePoint share link and push it to aria2

OneDriveShareLinkPushAria2 Extract the download URL from OneDrive or SharePoint share link and push it to aria2 ไปŽOneDriveๆˆ–SharePointๅ…ฑไบซ้“พๆŽฅๆๅ–ไธ‹่ฝฝURLๅนถๅฐ†ๅ…ถๆŽจ้€ๅˆฐa

้ซ˜็Žฉๆข 262 Jan 08, 2023
A set of Python scripts to surpass human limits in accomplishing simple tasks.

Human benchmark fooler Summary A set of Python scripts with Selenium designed to surpass human limits in accomplishing simple tasks available on https

Bohdan Dudchenko 3 Feb 10, 2022
pydsinternals - A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.

pydsinternals - Directory Services Internals Library A Python native library containing necessary classes, functions and structures to interact with W

Podalirius 36 Dec 14, 2022
Search, generate & deliver Msfvenom payloads in an quick and easy way

Goal Search, generate & deliver payloads in an quick and easy way Be as simple as possible BUT with all msfvenom payloads. Ever lost time searching th

2 Mar 03, 2022
Go through a random file in your favourite open source projects!

Random Source Codes Never be bored again! Staring at your screen and just scrolling the great world wide web? Would you rather read through some code

Mridul Seth 1 Nov 03, 2022
Every 2 minutes, check for visa slots at VFS website

vfs-visa-slot-germany Every 2 minutes, check for visa slots at VFS website. If there are any, send a call and a message of the format: Sent from your

12 Dec 15, 2022
Edit SRT files to delay subtitle time-stamps.

subtitle-delay A program written in Python that directly edits SRT file to delay the subtitles. Features: Will throw an error if delaying with negativ

8 Jul 17, 2022
A functional standard library for Python.

Toolz A set of utility functions for iterators, functions, and dictionaries. See the PyToolz documentation at https://toolz.readthedocs.io LICENSE New

4.1k Dec 30, 2022
API for obtaining results from the Beery-Bukenica test of the visomotor integration development (VMI) 4th edition.

VMI API API for obtaining results from the Beery-Bukenica test of the visomotor integration development (VMI) 4th edition. Install docker-compose up -

Victor Vargas Sandoval 1 Oct 26, 2021
A simple API that will return a key-value pair of randomly generated UUID

A simple API that will return a key-value pair of randomly generated UUID. Key will be a timestamp and value will be UUID. While the server is running, whenever the API is called, it should return al

Pius Lucky 2 Jan 18, 2022
A pythonic dependency injection library.

Pinject Pinject is a dependency injection library for python. The primary goal of Pinject is to help you assemble objects into graphs in an easy, main

Google 1.3k Dec 30, 2022
Helper script to bootstrap a Python environment with the tools required to build and install packages.

python-bootstrap Helper script to bootstrap a Python environment with the tools required to build and install packages. Usage $ python -m bootstrap.bu

Filipe Laรญns 7 Oct 06, 2022