PyPI - gitlabrat - Versions diffs - 1.0__tar.gz → 1.2__tar.gz - Mend

gitlabrat 1.0tar.gz → 1.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

gitlabrat-1.2/PKG-INFO ADDED Viewed

@@ -0,0 +1,91 @@
+Metadata-Version: 2.4
+Name: gitlabrat
+Version: 1.2
+Summary: LabRat: GitLab exploitation orchestrator
+Project-URL: Homepage, https://github.com/JChamblee99/LabRat
+Project-URL: Repository, https://github.com/JChamblee99/LabRat.git
+Project-URL: Issues, https://github.com/JChamblee99/LabRat/issues
+Author-email: John Chamblee <conway.py@proton.farm>
+License: GPL-3.0
+License-File: LICENSE
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Requires-Python: >=3.8
+Requires-Dist: beautifulsoup4>=4.9.0
+Requires-Dist: gitpython>=3.1.0
+Requires-Dist: python-gitlab>=3.0.0
+Requires-Dist: requests>=2.25.0
+Description-Content-Type: text/markdown
+<div align="center">
+# LabRat
+**GitLab exploitation orchestrator.**
+[![PyPI - Version](https://img.shields.io/pypi/v/gitlabrat)](https://pypi.org/project/gitlabrat/)
+[![PyPI - Downloads](https://img.shields.io/pypi/dm/gitlabrat)](https://pypi.org/project/gitlabrat/)
+[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
+[![GitHub last commit](https://img.shields.io/github/last-commit/JChamblee99/LabRat)](https://github.com/JChamblee99/LabRat/commits/main)
+</div>
+---
+## Overview
+LabRat automates common GitLab exploitation workflows: credential spraying, token creation, project enumeration, repository cloning, and bulk updates.
+## Features
+- **Authentication** — Spray credentials or combo lists across GitLab instances with optional LDAP support
+- **Agent management** — Track access tokens and push SSH keys across available agents
+- **Project operations** — Enumerate, clone, create access tokens, and perform procedural updates on repositories
+- **User enumeration** — List users with advanced filtering and create access tokens
+## Installation
+```bash
+pip install gitlabrat
+```
+> Requires **Python 3.8+**
+## Quick Start
+```bash
+# Authenticate to a GitLab instance
+labrat auth -t https://gitlab.example.com -u username -p password
+# List authenticated agents
+labrat agents ls
+```
+## Usage
+```
+labrat [-h] {agents,auth,projects,users} ...
+```
+## Dependencies
+| Package | Purpose |
+|---------|---------|
+| [python-gitlab](https://python-gitlab.readthedocs.io/) | GitLab API client |
+| [GitPython](https://gitpython.readthedocs.io/) | Git repository operations |
+| [BeautifulSoup4](https://www.crummy.com/software/BeautifulSoup/) | HTML parsing for session auth |
+| [Requests](https://docs.python-requests.org/) | HTTP session management |
+## Disclaimer
+This tool is intended for **authorized security testing and research only**. The author assumes no liability for misuse. Always obtain proper authorization before testing against any system you do not own.
+## License
+[GNU General Public License v3.0](LICENSE)

gitlabrat-1.2/README.md ADDED Viewed

@@ -0,0 +1,66 @@
+<div align="center">
+# LabRat
+**GitLab exploitation orchestrator.**
+[![PyPI - Version](https://img.shields.io/pypi/v/gitlabrat)](https://pypi.org/project/gitlabrat/)
+[![PyPI - Downloads](https://img.shields.io/pypi/dm/gitlabrat)](https://pypi.org/project/gitlabrat/)
+[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
+[![GitHub last commit](https://img.shields.io/github/last-commit/JChamblee99/LabRat)](https://github.com/JChamblee99/LabRat/commits/main)
+</div>
+---
+## Overview
+LabRat automates common GitLab exploitation workflows: credential spraying, token creation, project enumeration, repository cloning, and bulk updates.
+## Features
+- **Authentication** — Spray credentials or combo lists across GitLab instances with optional LDAP support
+- **Agent management** — Track access tokens and push SSH keys across available agents
+- **Project operations** — Enumerate, clone, create access tokens, and perform procedural updates on repositories
+- **User enumeration** — List users with advanced filtering and create access tokens
+## Installation
+```bash
+pip install gitlabrat
+```
+> Requires **Python 3.8+**
+## Quick Start
+```bash
+# Authenticate to a GitLab instance
+labrat auth -t https://gitlab.example.com -u username -p password
+# List authenticated agents
+labrat agents ls
+```
+## Usage
+```
+labrat [-h] {agents,auth,projects,users} ...
+```
+## Dependencies
+| Package | Purpose |
+|---------|---------|
+| [python-gitlab](https://python-gitlab.readthedocs.io/) | GitLab API client |
+| [GitPython](https://gitpython.readthedocs.io/) | Git repository operations |
+| [BeautifulSoup4](https://www.crummy.com/software/BeautifulSoup/) | HTML parsing for session auth |
+| [Requests](https://docs.python-requests.org/) | HTTP session management |
+## Disclaimer
+This tool is intended for **authorized security testing and research only**. The author assumes no liability for misuse. Always obtain proper authorization before testing against any system you do not own.
+## License
+[GNU General Public License v3.0](LICENSE)

{gitlabrat-1.0 → gitlabrat-1.2}/labrat/cli/agents.py RENAMED Viewed

@@ -9,7 +9,7 @@ def build_parser(parsers):
     delete_parser = common.add_filtered_parser(subparsers, "delete", handle_delete_args, aliases=["rm"], help="Delete GitLab server from config")
-    add_key_parser = common.add_filtered_parser(subparsers, "add-key", handle_add_key_args, help="Add SSH key to the user account", filter_required=False)
+    add_key_parser = common.add_filtered_parser(subparsers, "add_key", handle_add_key_args, help="Add SSH key to the user account", filter_required=False)
     key_group = add_key_parser.add_mutually_exclusive_group(required=True)
     key_group.add_argument("-k", "--key", required=False, help="Public SSH key to add")
     key_group.add_argument("-K", "--key-file", required=False, help="Path to public SSH key file")

{gitlabrat-1.0 → gitlabrat-1.2}/labrat/cli/auth.py RENAMED Viewed

@@ -13,6 +13,7 @@ def build_parser(parsers):
     parser.add_argument("-r", "--re-auth", action="store_true", help="Re-authenticate with stored credentials")
     parser.add_argument("-n", "--token-name", required=False, help="Name for the access token", default="private token")
     parser.add_argument("-s", "--scopes", required=False, help="Comma-separated list of scopes for the access token", default="api,read_repository,write_repository")
+    parser.add_argument("-a", "--access-token", required=False, help="Access token for authentication")
     parser.set_defaults(func=handle_args, _parser=parser)
     parser.set_defaults(controller=Auth())
@@ -20,7 +21,7 @@ def build_parser(parsers):
 def handle_args(args):
     has_targets = args.target or args.target_file
-    has_credentials = (args.username and args.password) or args.combo_list
+    has_credentials = (args.username and args.password) or args.combo_list or args.access_token
     can_auth = has_targets and has_credentials
     if args.re_auth or can_auth:
@@ -53,7 +54,7 @@ def auth(args):
     scopes = args.scopes.split(",") if args.scopes else []
     # Iterate over each user and target
-    for agent, err in args.controller.reauth(token_name=args.token_name, token_scopes=scopes, targets=targets, users=[user[0] for user in users]) if args.re_auth else args.controller.auth(targets, users, token_name=args.token_name, token_scopes=scopes, use_ldap=args.use_ldap):
+    for agent, err in args.controller.reauth(token_name=args.token_name, token_scopes=scopes, targets=targets, users=[user[0] for user in users]) if args.re_auth else args.controller.auth(targets, users, token_name=args.token_name, token_scopes=scopes, private_token=args.access_token, use_ldap=args.use_ldap):
         if err:
             print(f"[-] Authentication failed for {agent.label}: {err}")
         else:

{gitlabrat-1.0 → gitlabrat-1.2}/labrat/controllers/agents.py RENAMED Viewed

@@ -41,7 +41,7 @@ class Agents:
                 continue
             try:
-                agent.add_ssh_key(title, key)
+                agent.gitlab.user.keys.create({'title': title, 'key': key})
                 yield agent, None
             except Exception as e:
                 yield agent, e

{gitlabrat-1.0 → gitlabrat-1.2}/labrat/controllers/auth.py RENAMED Viewed

@@ -6,7 +6,7 @@ class Auth:
     def __init__(self):
         self.config = Config()
-    def auth(self, targets, users, token_name, token_scopes, use_ldap=False):
+    def auth(self, targets, users, token_name, token_scopes, private_token, use_ldap=False):
         """Authenticate and create a PAT for each user on each target.
         Keyword arguments:
@@ -19,10 +19,14 @@ class Auth:
         for username, password in users:
             for target in targets:
-                agent = Agent(target, use_ldap, username, password)
                 try:
-                    agent.login()
-                    agent.auth(private_token=agent.create_pat(token_name, token_scopes))
+                    if private_token:
+                        agent = Agent(url=target, username=username, private_token=private_token)
+                    else:
+                        agent = Agent(url=target, username=username, password=password, use_ldap=use_ldap)
+                        agent.login()
+                        agent.auth(private_token=agent.create_pat(token_name, token_scopes))
                     self.config[agent.section] = agent.to_dict()
                     yield agent, None
                 except Exception as e:

{gitlabrat-1.0 → gitlabrat-1.2}/labrat/core/agent.py RENAMED Viewed

@@ -85,9 +85,6 @@ class Agent:
                 return response_json.get("token")
         except ValueError:
             return None
-    def add_ssh_key(self, title, key):
-        self.gitlab.user.keys.create({'title': title, 'key': key})
     def to_dict(self):
         return {

{gitlabrat-1.0 → gitlabrat-1.2}/pyproject.toml RENAMED Viewed

@@ -4,18 +4,18 @@ build-backend = "hatchling.build"
 [project]
 name = "gitlabrat"
-version = "1.0"
+version = "1.2"
 description = "LabRat: GitLab exploitation orchestrator"
 readme = "README.md"
 requires-python = ">=3.8"
 authors = [
     {name = "John Chamblee", email = "conway.py@proton.farm"}
 ]
-license = {text = "MIT"}
+license = {text = "GPL-3.0"}
 classifiers = [
     "Development Status :: 3 - Alpha",
     "Intended Audience :: Developers",
-    "License :: OSI Approved :: MIT License",
+    "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
     "Programming Language :: Python :: 3",
     "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",

gitlabrat-1.0/PKG-INFO DELETED Viewed

@@ -1,72 +0,0 @@
-Metadata-Version: 2.4
-Name: gitlabrat
-Version: 1.0
-Summary: LabRat: GitLab exploitation orchestrator
-Project-URL: Homepage, https://github.com/JChamblee99/LabRat
-Project-URL: Repository, https://github.com/JChamblee99/LabRat.git
-Project-URL: Issues, https://github.com/JChamblee99/LabRat/issues
-Author-email: John Chamblee <conway.py@proton.farm>
-License: MIT
-License-File: LICENSE
-Classifier: Development Status :: 3 - Alpha
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Requires-Python: >=3.8
-Requires-Dist: beautifulsoup4>=4.9.0
-Requires-Dist: gitpython>=3.1.0
-Requires-Dist: python-gitlab>=3.0.0
-Requires-Dist: requests>=2.25.0
-Description-Content-Type: text/markdown
-# LabRat
-LabRat is a GitLab exploitation orchestrator designed for security researchers and penetration testers.
-## Features
-- **Authentication Management** - Authenticate to GitLab servers and manage access tokens
-- **Project Management** - List, clone, and manipulate GitLab projects
-- **User Management** - Enumerate and create access tokens for GitLab users
-- **Agent Management** - Manage multiple GitLab agents and credentials
-## Installation
-Install LabRat from PyPI:
-```bash
-pip install gitlabrat
-```
-## Usage
-```bash
-labrat --help
-```
-### Commands
-- `labrat auth` - Authenticate to GitLab server(s)
-- `labrat agents` - Manage GitLab agents
-- `labrat projects` - Manage GitLab projects
-- `labrat users` - Manage GitLab users
-## Requirements
-- Python 3.8+
-- python-gitlab
-- GitPython
-- beautifulsoup4
-- requests
-## License
-MIT
-## Author
-John Chamblee

gitlabrat-1.0/README.md DELETED Viewed

@@ -1,47 +0,0 @@
-# LabRat
-LabRat is a GitLab exploitation orchestrator designed for security researchers and penetration testers.
-## Features
-- **Authentication Management** - Authenticate to GitLab servers and manage access tokens
-- **Project Management** - List, clone, and manipulate GitLab projects
-- **User Management** - Enumerate and create access tokens for GitLab users
-- **Agent Management** - Manage multiple GitLab agents and credentials
-## Installation
-Install LabRat from PyPI:
-```bash
-pip install gitlabrat
-```
-## Usage
-```bash
-labrat --help
-```
-### Commands
-- `labrat auth` - Authenticate to GitLab server(s)
-- `labrat agents` - Manage GitLab agents
-- `labrat projects` - Manage GitLab projects
-- `labrat users` - Manage GitLab users
-## Requirements
-- Python 3.8+
-- python-gitlab
-- GitPython
-- beautifulsoup4
-- requests
-## License
-MIT
-## Author
-John Chamblee