Sunday, November 13, 2022
HomeHackerSupply Code Administration Assault Toolkit

Supply Code Administration Assault Toolkit


[*]

Present the searchcode module and your search standards within the -o command-line change, together with any related authentication info and URL. It will output the URL to the matching code file, together with the road within the code that matched.

The GitHub code search is a “accommodates” search the place the string you enter it should seek for code that accommodates your search time period in any line.

SCMKit.exe -s github -m searchcode -c userName:password -u https://github.one thing.native -o "some search time period"

SCMKit.exe -s github -m searchcode -c apikey -u https://github.one thing.native -o "some search time period"

The GitLab code search is a “accommodates” search the place the string you enter it should seek for code that accommodates your search time period in any line.

SCMKit.exe -s gitlab -m searchcode -c userName:password -u https://gitlab.one thing.native -o "some search time period"

SCMKit.exe -s gitlab -m searchcode -c apikey -u https://gitlab.one thing.native -o "some search time period"

The Bitbucket code search is a “accommodates” search the place the string you enter it should seek for code that accommodates your search time period in any line.

SCMKit.exe -s bitbucket -m searchcode -c userName:password -u https://bitbucket.one thing.native -o "some search time period"

SCMKit.exe -s bitbucket -m searchcode -c apikey -u https://bitbucket.one thing.native -o "some search time period"

Search Information

Use Case

Seek for information in repositories containing a given key phrase within the file identify in a selected SCM system

Syntax

Present the searchfile module and your search standards within the -o command-line change, together with any related authentication info and URL. It will output the URL to the matching file in its respective repository.

GitHub Enterprise

The GitLab file search is a “accommodates” search the place the string you enter it should seek for information that accommodates your search time period within the file identify.

SCMKit.exe -s github -m searchfile -c userName:password -u https://github.one thing.native -o "some search time period"

SCMKit.exe -s github -m searchfile -c apikey -u https://github.one thing.native -o "some search time period"

GitLab Enterprise

The GitLab file search is a “accommodates” search the place the string you enter it should seek for information that accommodates your search time period within the file identify.

SCMKit.exe -s gitlab -m searchfile -c userName:password -u https://gitlab.one thing.native -o "some search time period"

SCMKit.exe -s gitlab -m searchfile -c apikey -u https://gitlab.one thing.native -o "some search time period"

Bitbucket Server

The Bitbucket file search is a “accommodates” search the place the string you enter it should seek for information that accommodates your search time period within the file identify.

SCMKit.exe -s bitbucket -m searchfile -c userName:password -u https://bitbucket.one thing.native -o "some search time period"

SCMKit.exe -s bitbucket -m searchfile -c apikey -u https://bitbucket.one thing.native -o "some search time period"

Instance Output


C:sourceSCMKitSCMKitbinRelease>SCMKit.exe -s bitbucket -m searchfile -c apikey -u http://bitbucket.hogwarts.native:7990 -o jenkinsfile

==================================================
Module: searchfile
System: bitbucket
Auth Sort: API Key
Choices: jenkinsfile
Goal URL: http://bitbucket.hogwarts.native:7990

Timestamp: 1/14/2022 10:17:59 PM
==================================================

[>] REPO: http://bitbucket.hogwarts.native:7990/scm/~HPOTTER/hpotter
[>] FILE: Jenkinsfile

[>] REPO: http://bitbucket.hogwarts.native:7990/scm/STUD/cred-decryption
[>] FILE: subDir/Jenkinsfile

Whole matching outcomes: 2

Listing Snippets

Use Case

Listing snippets owned by the present consumer in GitLab

Syntax

Present the listsnippet module, together with any related authentication info and URL.

GitLab Enterprise

SCMKit.exe -s gitlab -m listsnippet -c userName:password -u https://gitlab.one thing.native

SCMKit.exe -s gitlab -m listsnippet -c apikey -u https://gitlab.one thing.native

Instance Output


C:>SCMKit.exe -s gitlab -m listsnippet -c username:password -u https://gitlab.hogwarts.native

==================================================
Module: listsnippet
System: gitlab
Auth Sort: Username/Password
Choices:
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/14/2022 9:17:36 PM
==================================================

Title | Uncooked URL
---------------------------------------------------------------------------------------------
spell-script | https://gitlab.hogwarts.native/-/snippets/2/uncooked

Listing Runners

Use Case

Listing all GitLab runners obtainable to the present consumer in GitLab

Syntax

Present the listrunner module, together with any related authentication info and URL. If the consumer is an administrator, it is possible for you to to listing all runners inside the GitLab Enterprise occasion, which incorporates shared and group runners.

GitLab Enterprise

SCMKit.exe -s gitlab -m listrunner -c userName:password -u https://gitlab.one thing.native

SCMKit.exe -s gitlab -m listrunner -c apikey -u https://gitlab.one thing.native

Instance Output


C:>SCMKit.exe -s gitlab -m listrunner -c username:password -u https://gitlab.hogwarts.native

==================================================
Module: listrunner
System: gitlab
Auth Sort: Username/Password
Choices:
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/25/2022 11:40:08 AM
==================================================

ID | Title | Repo Assigned
---------------------------------------------------------------------------------
2 | gitlab-runner | https://gitlab.hogwarts.native/hpotter/spellbook.git
3 | gitlab-runner | https://gitlab.hogwarts.native/hpotter/maraudersmap.git

Listing Gists

Use Case

Listing gists owned by the present consumer in GitHub

Syntax

Present the listgist module, together with any related authentication info and URL.

GitHub Enterprise

SCMKit.exe -s github -m listgist -c userName:password -u https://github.one thing.native

SCMKit.exe -s github -m listgist -c apikey -u https://github.one thing.native

Instance Output


C:>SCMKit.exe -s github -m listgist -c username:password -u https://github-enterprise.hogwarts.native

==================================================
Module: listgist
System: github
Auth Sort: Username/Password
Choices:
Goal URL: https://github-enterprise.hogwarts.native

Timestamp: 1/14/2022 9:43:23 PM
==================================================

Description | Visibility | URL
----------------------------------------------------------------------------------------------------------
Shell Script to Decode Spell | public | https://github-enterprise.hogwarts.native/gist/c11c6bb3f47fe67183d5bc9f048412a1

Listing Orgs

Use Case

Listing all organizations the present consumer belongs to in GitHub

Syntax

Present the listorg module, together with any related authentication info and URL.

GitHub Enterprise

SCMKit.exe -s github -m listorg -c userName:password -u https://github.one thing.native

SCMKit.exe -s github -m listorg -c apiKey -u https://github.one thing.native

Instance Output


C:>SCMKit.exe -s github -m listorg -c username:password -u https://github-enterprise.hogwarts.native

==================================================
Module: listorg
System: github
Auth Sort: Username/Password
Choices:
Goal URL: https://github-enterprise.hogwarts.native

Timestamp: 1/14/2022 9:44:48 PM
==================================================

Title | URL
-----------------------------------------------------------------------------------
Hogwarts | https://github-enterprise.hogwarts.native/api/v3/orgs/Hogwarts/repos

Get Privileges of API Token

Use Case

Get the assigned privileges to an entry token being utilized in a selected SCM system

Syntax

Present the privs module, together with an API key and URL.

GitHub Enterprise

SCMKit.exe -s github -m privs -c apiKey -u https://github.one thing.native

GitLab Enterprise

SCMKit.exe -s gitlab -m privs -c apiKey -u https://gitlab.one thing.native

Instance Output


C:>SCMKit.exe -s gitlab -m privs -c apikey -u https://gitlab.hogwarts.native

==================================================
Module: privs
System: gitlab
Auth Sort: API Key
Choices:
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/14/2022 9:18:27 PM
==================================================

Token Title | Lively? | Privilege | Description
---------------------------------------------------------------------------------------------------------------------------------
hgranger-api-token | True | api | Learn-write for the whole API, together with all teams and initiatives, the Container Registry, and the Package deal Registry.
hgranger-api-token | True | read_user | Learn-only for endpoints underneath /customers. Primarily, entry to any of the GET requests within the Customers API.
hgranger-api-token | True | read_api | Learn-only for the whole API, together with all teams and initiatives, the Container Registry, and the Package deal Registry.
hgranger-api-token | True | read_repository | Learn-only (pull) for the repository by way of git clone.
hgranger-api-token | True | write_repository | Learn-write (pull, push) for the repository by way of git clone. Required for accessing Git repositories over HTTP when 2FA is enabled.

Add Admin

Use Case

Promote a traditional consumer to an administrative function in a selected SCM system

Syntax

Present the addadmin module, together with any related authentication info and URL. Moreover, present the goal consumer you wish to add an administrative function to.

GitHub Enterprise

SCMKit.exe -s github -m addadmin -c userName:password -u https://github.one thing.native -o targetUserName

SCMKit.exe -s github -m addadmin -c apikey -u https://github.one thing.native -o targetUserName

GitLab Enterprise

SCMKit.exe -s gitlab -m addadmin -c userName:password -u https://gitlab.one thing.native -o targetUserName

SCMKit.exe -s gitlab -m addadmin -c apikey -u https://gitlab.one thing.native -o targetUserName

Bitbucket Server

Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket.

SCMKit.exe -s bitbucket -m addadmin -c userName:password -u https://bitbucket.one thing.native -o targetUserName

Instance Output


C:>SCMKit.exe -s gitlab -m addadmin -c apikey -u https://gitlab.hogwarts.native -o hgranger

==================================================
Module: addadmin
System: gitlab
Auth Sort: API Key
Choices: hgranger
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/14/2022 9:19:32 PM
==================================================

[+] SUCCESS: The hgranger consumer was efficiently added to the admin function.

Take away Admin

Use Case

Demote an administrative consumer to a traditional consumer function in a selected SCM system

Syntax

Present the removeadmin module, together with any related authentication info and URL. Moreover, present the goal consumer you wish to take away an administrative function from.

GitHub Enterprise

SCMKit.exe -s github -m removeadmin -c userName:password -u https://github.one thing.native -o targetUserName

SCMKit.exe -s github -m removeadmin -c apikey -u https://github.one thing.native -o targetUserName

GitLab Enterprise

SCMKit.exe -s gitlab -m removeadmin -c userName:password -u https://gitlab.one thing.native -o targetUserName

SCMKit.exe -s gitlab -m removeadmin -c apikey -u https://gitlab.one thing.native -o targetUserName

Bitbucket Server

Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket.

SCMKit.exe -s bitbucket -m removeadmin -c userName:password -u https://bitbucket.one thing.native -o targetUserName

Instance Output


C:>SCMKit.exe -s gitlab -m removeadmin -c username:password -u https://gitlab.hogwarts.native -o hgranger

==================================================
Module: removeadmin
System: gitlab
Auth Sort: Username/Password
Choices: hgranger
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/14/2022 9:20:12 PM
==================================================

[+] SUCCESS: The hgranger consumer was efficiently faraway from the admin function.

Create Entry Token

Use Case

Create an entry token for use in a selected SCM system

Syntax

Present the createpat module, together with any related authentication info and URL. Moreover, present the goal consumer you wish to create an entry token for.

GitLab Enterprise

This will solely be carried out as an administrator. You’ll present the username that you just wish to create a PAT for.

SCMKit.exe -s gitlab -m createpat -c userName:password -u https://gitlab.one thing.native -o targetUserName

SCMKit.exe -s gitlab -m createpat -c apikey -u https://gitlab.one thing.native -o targetUserName

Bitbucket Server

Creates PAT for the present consumer authenticating as. In Bitbucket you can’t create a PAT for an additional consumer, whilst an admin. Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket. Be aware of the PAT ID that’s proven after being created. You have to this when you’ll want to take away the PAT sooner or later.

SCMKit.exe -s bitbucket -m createpat -c userName:password -u https://bitbucket.one thing.native

Instance Output


C:>SCMKit.exe -s gitlab -m createpat -c username:password -u https://gitlab.hogwarts.native -o hgranger

==================================================
Module: createpat
System: gitlab
Auth Sort: Username/Password
Choices: hgranger
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/20/2022 1:51:23 PM
==================================================

ID | Title | Token
-----------------------------------------------------
59 | SCMKIT-AaCND | R3ySx_8HUn6UQ_6onETx

[+] SUCCESS: The hgranger consumer private entry token was efficiently added.

Listing Entry Tokens

Use Case

Listing entry tokens for a consumer on a selected SCM system

Syntax

Present the listpat module, together with any related authentication info and URL.

GitLab Enterprise

Solely requires admin if you wish to listing one other consumer’s PAT’s. A daily consumer can listing their very own PAT’s.

SCMKit.exe -s gitlab -m listpat -c userName:password -u https://gitlab.one thing.native -o targetUser

SCMKit.exe -s gitlab -m listpat -c apikey -u https://gitlab.one thing.native -o targetUser

Bitbucket Server

Listing entry tokens for present consumer. Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket.

SCMKit.exe -s bitbucket -m listpat -c userName:password -u https://bitbucket.one thing.native

Listing entry tokens for an additional consumer (requires admin). Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket.

SCMKit.exe -s bitbucket -m listpat -c userName:password -u https://bitbucket.one thing.native -o targetUser

Instance Output


C:>SCMKit.exe -s gitlab -m listpat -c username:password -u https://gitlab.hogwarts.native -o hgranger

==================================================
Module: listpat
System: gitlab
Auth Sort: Username/Password
Choices: hgranger
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/20/2022 1:54:41 PM
==================================================

ID | Title | Lively? | Scopes
----------------------------------------------------------------------------------------------
59 | SCMKIT-AaCND | True | api, read_repository, write_repository

Take away Entry Token

Use Case

Take away an entry token for a consumer in a selected SCM system

Syntax

Present the removepat module, together with any related authentication info and URL. Moreover, present the goal consumer PAT ID you wish to take away an entry token for.

GitLab Enterprise

Solely requires admin if you wish to take away one other consumer’s PAT. A daily consumer can take away their very own PAT. You need to present the PAT ID to take away. This ID was proven everytime you created the PAT and in addition while you listed the PAT.

SCMKit.exe -s gitlab -m removepat -c userName:password -u https://gitlab.one thing.native -o patID

SCMKit.exe -s gitlab -m removepat -c apikey -u https://gitlab.one thing.native -o patID

Bitbucket Server

Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket. You need to present the PAT ID to take away. This ID was proven everytime you created the PAT.

SCMKit.exe -s bitbucket -m removepat -c userName:password -u https://bitbucket.one thing.native -o patID

Instance Output


C:>SCMKit.exe -s gitlab -m removepat -c apikey -u https://gitlab.hogwarts.native -o 58

==================================================
Module: removepat
System: gitlab
Auth Sort: API Key
Choices: 59
Goal URL: https://gitlab.hogwarts.native

Timestamp: 1/20/2022 1:56:47 PM
==================================================

[*] INFO: Revoking private entry token of ID: 59

[+] SUCCESS: The private entry token of ID 59 was efficiently revoked.

Create SSH Key

Use Case

Create an SSH key for use in a selected SCM system

Syntax

Present the createsshkey module, together with any related authentication info and URL.

GitHub Enterprise

Creates SSH key for the present consumer authenticating as.

SCMKit.exe -s github -m createsshkey -c userName:password -u https://github.one thing.native -o "ssh public key"

SCMKit.exe -s github -m createsshkey -c apiToken -u https://github.one thing.native -o "ssh public key"

GitLab Enterprise

Creates SSH key for the present consumer authenticating as. Be aware of the SSH key ID that’s proven after being created. You have to this when you’ll want to take away the SSH key sooner or later.

SCMKit.exe -s gitlab -m createsshkey -c userName:password -u https://gitlab.one thing.native -o "ssh public key"

SCMKit.exe -s gitlab -m createsshkey -c apiToken -u https://gitlab.one thing.native -o "ssh public key"

Bitbucket Server

Creates SSH key for the present consumer authenticating as. Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket. Be aware of the SSH key ID that’s proven after being created. You have to this when you’ll want to take away the SSH key sooner or later.

SCMKit.exe -s bitbucket -m createsshkey -c userName:password -u https://bitbucket.one thing.native -o "ssh public key"

Instance Output

Listing SSH Keys

Use Case

Listing SSH keys for a consumer on a selected SCM system

Syntax

Present the listsshkey module, together with any related authentication info and URL.

GitHub Enterprise

Listing SSH keys for present consumer. It will embody SSH key ID’s, which is required while you would wish to take away an SSH key.

SCMKit.exe -s github -m listsshkey -c userName:password -u https://github.one thing.native

SCMKit.exe -s github -m listsshkey -c apiToken -u https://github.one thing.native

GitLab Enterprise

Listing SSH keys for present consumer.

SCMKit.exe -s gitlab -m listsshkey -c userName:password -u https://gitlab.one thing.native

SCMKit.exe -s gitlab -m listsshkey -c apiToken -u https://gitlab.one thing.native

Bitbucket Server

Listing SSH keys for present consumer. Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket.

SCMKit.exe -s bitbucket -m listsshkey -c userName:password -u https://bitbucket.one thing.native

Instance Output


C:>SCMKit.exe -s gitlab -m listsshkey -u http://gitlab.hogwarts.native -c apiToken

==================================================
Module: listsshkey
System: gitlab
Auth Sort: API Key
Choices:
Goal URL: https://gitlab.hogwarts.native

Timestamp: 2/7/2022 4:09:40 PM
==================================================

SSH Key ID | SSH Key Worth | Title
---------------------------------------------------------------
9 | .....p50edigBAF4lipVZkAM= | SCMKIT-RLzie
10 | .....vGJLPGHiTwIxW9i+xAs= | SCMKIT-muFGU

Take away SSH Key

Use Case

Take away an SSH key for a consumer in a selected SCM system

Syntax

Present the removesshkey module, together with any related authentication info and URL. Moreover, present the goal consumer SSH key ID to take away.

GitHub Enterprise

You need to present the SSH key ID to take away. This ID was proven everytime you listing SSH keys.

SCMKit.exe -s github -m removesshkey -c userName:password -u https://github.one thing.native -o sshKeyID

SCMKit.exe -s github -m removesshkey -c apiToken -u https://github.one thing.native -o sshKeyID

GitLab Enterprise

You need to present the SSH key ID to take away. This ID was proven everytime you created the SSH key and can also be proven when itemizing SSH keys.

SCMKit.exe -s gitlab -m removesshkey -c userName:password -u https://gitlab.one thing.native -o sshKeyID

SCMKit.exe -s gitlab -m removesshkey -c apiToken -u https://gitlab.one thing.native -o sshKeyID

Bitbucket Server

Solely username/password auth is supported to carry out actions not associated to repos or initiatives in Bitbucket. You need to present the SSH key ID to take away. This ID was proven everytime you created the SSH key and can also be proven when itemizing SSH keys.

SCMKit.exe -s bitbucket -m removesshkey -c userName:password -u https://bitbucket.one thing.native -o sshKeyID

Instance Output


C:>SCMKit.exe -s bitbucket -m removesshkey -u http://bitbucket.hogwarts.native:7990 -c username:password -o 16

==================================================
Module: removesshkey
System: bitbucket
Auth Sort: Username/Password
Choices: 16
Goal URL: http://bitbucket.hogwarts.native:7990

Timestamp: 2/7/2022 1:48:03 PM
==================================================

[+] SUCCESS: The SSH key of ID 16 was efficiently revoked.

Listing Admin Stats

Use Case

Listing admin stats in GitHub Enterprise

Syntax

Present the adminstats module, together with any related authentication info and URL. Website admin entry in GitHub Enterprise is required to make use of this module

GitHub Enterprise

SCMKit.exe -s github -m adminstats -c userName:password -u https://github.one thing.native

SCMKit.exe -s github -m adminstats -c apikey -u https://github.one thing.native

Instance Output


C:>SCMKit.exe -s github -m adminstats -c username:password -u https://github-enterprise.hogwarts.native

==================================================
Module: adminstats
System: github
Auth Sort: Username/Password
Choices:
Goal URL: https://github-enterprise.hogwarts.native

Timestamp: 1/14/2022 9:45:50 PM
==================================================

Admin Customers | Suspended Customers | Whole Customers
------------------------------------------------------
1 | 0 | 5

Whole Repos | Whole Wikis
-----------------------------------
4 | 0

Whole Orgs | Whole Staff Members | Whole Groups
----------------------------------------------------------
1 | 0 | 0

Personal Gis ts | Public Gists
-----------------------------------
0 | 1

Listing Department Safety

Use Case

Listing department protections in GitHub Enterprise

Syntax

Present the safety module, together with any related authentication info and URL. Optionally, provide a string within the choices parameter to return matching outcomes contained in repo names

GitHub Enterprise

SCMKit.exe -s github -m safety -c userName:password -u https://github.one thing.native

SCMKit.exe -s github -m safety -c apikey -u https://github.one thing.native

SCMKit.exe -s github -m safety -c apikey -u https://github.one thing.native -o reponame

Instance Output

C:>.SCMKit.exe -u http://github.hogwarts.native -s github -c apiToken -m safety -o public-r

==================================================
Module: safety
System: github
Auth Sort: API Key
Choices: public-r
Goal URL: http://github.hogwarts.native

Timestamp: 8/29/2022 2:02:42 PM
==================================================

Repo | Department | Safety
----------------------------------------------------------------------------------------------------------
public-repo | dev | Protected: True
Standing checks should cross earlier than merge:
Department should be up-to-date earlier than merge: True
Proprietor evaluation required earlier than merge: True
Approvals required earlier than merge: 2
Protections apply to repo admins: True
public-repo | primary | Protected: False

Detection

Beneath are static signatures for the precise utilization of this software in its default state:

  • Undertaking GUID – {266C644A-69B1-426B-A47C-1CF32B211F80}
  • Person Agent String – SCMKIT-5dc493ada400c79dd318abbe770dac7c
  • Entry Token & SSH Key Names – Entry tokens and SSH keys which are created utilizing the software are prepended with SCMKIT- for the identify.

For detection steering of the methods utilized by the software, see the X-Pressure Pink weblog put up.

References

  • Bitbucket API Documentation
  • Octokit Documentation
  • GitHub API Documentation
  • GitLab API Documentation
  • GitLabApiClient Nuget Package deal Documentation


[*]

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments