diff --git a/modules/auxiliary/scanner/http/gitlab_login.rb b/modules/auxiliary/scanner/http/gitlab_login.rb index 89019d1a93..6217518937 100644 --- a/modules/auxiliary/scanner/http/gitlab_login.rb +++ b/modules/auxiliary/scanner/http/gitlab_login.rb @@ -15,10 +15,14 @@ class Metasploit3 < Msf::Auxiliary def initialize super( - 'Name' => 'GitLab Login Utility', - 'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.', - 'Author' => [ 'Ben Campbell' ], - 'License' => MSF_LICENSE + 'Name' => 'GitLab Login Utility', + 'Description' => 'This module attempts to login to a GitLab instance using a specific user/pass.', + 'Author' => [ 'Ben Campbell' ], + 'License' => MSF_LICENSE, + 'References' => + [ + ['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/'] + ] ) register_options( diff --git a/modules/auxiliary/scanner/http/gitlab_user_enum.rb b/modules/auxiliary/scanner/http/gitlab_user_enum.rb index 7690cdcd60..e090a1e07c 100644 --- a/modules/auxiliary/scanner/http/gitlab_user_enum.rb +++ b/modules/auxiliary/scanner/http/gitlab_user_enum.rb @@ -15,17 +15,21 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info( info, - 'Name' => 'GitLab User Enumeration', - 'Description' => " + 'Name' => 'GitLab User Enumeration', + 'Description' => " The GitLab 'internal' API is exposed unauthenticated on GitLab. This allows the username for each SSH Key ID number to be retrieved. Users who do not have an SSH Key cannot be enumerated in this fashion. LDAP users, e.g. Active Directory users will also be returned. This issue was fixed in GitLab v7.5.0 and is present from GitLab v5.0.0. ", - 'Author' => 'Ben Campbell', - 'License' => MSF_LICENSE, - 'DisclosureDate' => 'Nov 21 2014' + 'Author' => 'Ben Campbell', + 'License' => MSF_LICENSE, + 'DisclosureDate' => 'Nov 21 2014', + 'References' => + [ + ['URL', 'https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/'] + ] )) register_options(