Autodiscovery

pipeleek gl renovate autodiscovery

Create a PoC for Renovate Autodiscovery misconfigurations exploitation

Synopsis

Create a project with a Renovate Bot configuration that will be picked up by an existing Renovate Bot user. The Renovate Bot will execute the malicious Gradle wrapper script during dependency updates, which you can customize in exploit.sh.

1	`pipeleek gl renovate autodiscovery [flags]`

Examples

# Create a project and invite the victim Renovate Bot user to it. Uses Gradle wrapper to execute arbitrary code during dependency updates.
pipeleek gl renovate autodiscovery --token glpat-xxxxxxxxxxx --gitlab https://gitlab.mydomain.com --repo-name my-exploit-repo --username renovate-bot-user

# Create a project with a CI/CD pipeline for local testing (requires setting RENOVATE_TOKEN as CI/CD variable)
pipeleek gl renovate autodiscovery --token glpat-xxxxxxxxxxx --gitlab https://gitlab.mydomain.com --repo-name my-exploit-repo --add-renovate-cicd-for-debugging

Options

      --add-renovate-cicd-for-debugging   Creates a .gitlab-ci.yml file in the repo that runs Renovate Bot for local testing
  -h, --help                              help for autodiscovery
  -r, --repo-name string                  The name for the created repository
  -u, --username string                   The username of the victim Renovate Bot user to invite

Options inherited from parent commands

      --color              Enable colored log output (auto-disabled when using --logfile) (default true)
  -g, --gitlab string      GitLab instance URL
      --ignore-proxy       Ignore HTTP_PROXY environment variable
      --json               Use JSON as log output format
      --log-level string   Set log level globally (debug, info, warn, error). Example: --log-level=warn
  -l, --logfile string     Log output to a file
  -t, --token string       GitLab API Token
  -v, --verbose            Enable debug logging (shortcut for --log-level=debug)