Land #18723, Improve Gitlab fingerprinting

A webpage exists that can be reached without authentication that contains a hash that can be used to determine the approximate version of gitlab running on the endpoint. This PR adds enhances our current GitLab fingerprinting capabilities to include the aforementioned technique.
rapid7 · Apr 24, 2024 · aea95c0 · aea95c0
2 parents e6fb178 + bc4a532
commit aea95c0
Show file tree

Hide file tree

Showing 3 changed files with 534 additions and 2 deletions.
diff --git a/lib/msf/core/exploit/remote/http/gitlab/rest/v4/version.rb b/lib/msf/core/exploit/remote/http/gitlab/rest/v4/version.rb
@@ -1,10 +1,10 @@
 # -*- coding: binary -*-
 
 module Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Version
-  # Extracts the Gitlab version information from various sources
+  # Extracts the Gitlab version information from the authenticated rest endpoint
   #
   # @return [String,nil] Gitlab version if found, nil otherwise
-  def gitlab_version
+  def gitlab_version_rest
     res = send_request_cgi({
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, '/api/v4/version'),