Skip to content
/ DevDumpOps Public

Open Source tool for the Information Dump of DevOps Platforms.

License

GPL-3.0 license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CSL-LABS/DevDumpOps

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
config
config
 
 
controller
controller
 
 
images
images
 
 
model
model
 
 
utils
utils
 
 
views
views
 
 
.gitignore
.gitignore
 
 
DevDumpOps.py
DevDumpOps.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_es.md
README_es.md
 
 

Repository files navigation

DevDumpOps

🛠️ In construction 🛠️

Open Source tool for the information dump of DevOps platforms, focused on the abuse of Tokens, APIS and exposed service accounts that allow us to consult these development tools; From a security perspective, it is very useful and convenient to be able to reconstruct the source code, extract configuration files, deployment data and as much information as possible from these platforms, for subsequent intrusion processes.

Installation 🔧

git clone https://github.com/CSL-LABS/DevDumpOps.git
cd DevDumpOps

Usage 🔧

python DevDumpOps.py --help

Target's

  • Sonarqube
  • otros en construccion

Actions

Enumeration 📋

Enumerates the SonarQube server configuration, as well as permissions, organizations, projects, and code components visible with or without credentials.

Dump

All visible code components are downloaded and stored:

  • all
    • The code of all projects
  • member
    • The code linked to the credentials (useful for SonarCloud.io)

Bruteforce

Perform a brute force attack on the Login system, using the following parameters:

  • User to attack.
  • Dictionary path.
  • Number of threads to use.

Backdoor

Select one of the following persistence modes, it is necessary to have previous privileges:

  1. Create new user.
  2. Generate a new token.
  3. Elevate privileges to a user.
  4. Change a user's password.

Usage examples

  • Enumeration without using credentials:
python DevDumpOps.py --sonarqube [target]
  • Download code for public projects:
python DevDumpOps.py --sonarqube --dump all [target]

SonarCloud-token

  • Enumeration using credentials:
python DevDumpOps.py --sonarqube -u admin -p admin [target]

SonarCloud-token

  • Download code for private projects:
python DevDumpOps.py --sonarqube -u admin -p admin --dump member [target]
  • Download code in SonarCloud projects:
python DevDumpOps.py --sonarqube -t [token] --dump member sonarcloud.io

SonarCloud-token

  • Brute Force Attack:
python DevDumpOps.py --sonarqube --bruteforce [target]

Username: administrator

SonarQube-BruteForce

  • Generate Persistence: Generate a new token It is important to remember that tokens do not expire, therefore, even if the user's password is changed, the token will continue to be valid.
python DevDumpOps.py --sonarqube --backdoor -u administrator -p P4$$w0rd [target]

Option: 2

SonarQube-BruteForce

📋 Results 📋

The results are stored by default in the /results/ folder or in the one defined under the --output option, and the following information is found:

  • Configuration SMTP, GITHUB, GITLAB Y SVN
  • Identified users
  • Visible projects
  • Downloaded code
  • Code components
  • Extracted WebHooks
  • User Tokens

References

About

Open Source tool for the Information Dump of DevOps Platforms.

Topics

sonarqube devops-tools hacking-tool security-tools sonarcloud sonarqube-bruteforce

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

DevDumpOps v1.0 Latest
Nov 12, 2020

Packages

 
 
 

Languages