GIT Scan

GITLAB Projects

List gitlab projects

curl -s http://gitlabserver/explore/projects | grep 'class="project" href'
<a class="project" href="/global/secretproject1"> [...]

Scan Project

Search for sensitive informations such as RSA keys

trufflehog http://gitlabserver/global/secretproject1

Test RSA

You can try an RSA key on git server, it will return associated user

ssh -T git@gitlabserver -i /tmp/git_id_rsa
Welcome to GitLab, @userlambda!