Skip to content

Add shared GitLab user enumeration for gl users enum and gluna users enum#629

Draft
Copilot wants to merge 4 commits into
mainfrom
copilot/add-gitlab-users-enum-command
Draft

Add shared GitLab user enumeration for gl users enum and gluna users enum#629
Copilot wants to merge 4 commits into
mainfrom
copilot/add-gitlab-users-enum-command

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 13, 2026
edited
Loading

Adds GitLab user enumeration to both authenticated and unauthenticated command trees. The new commands iterate all users exposed by the GitLab API and emit one structured zerolog entry per user, reusing a shared implementation.

  • New command surface

    • Adds gl users enum
    • Adds gluna users enum
    • Wires a new users command group into both GitLab roots

  • Shared enumeration logic

    • Introduces a shared GitLab users enumerator under pkg/gitlab/users
    • Walks /api/v4/users with pagination until exhaustion
    • Supports both token-backed and anonymous access through the same code path

  • Logging behavior

    • Emits one structured log line per discovered user
    • Includes useful user context such as:
      • id
      • username
      • name
      • publicEmail
      • profile
      • state
      • bot
      • admin
      • external
      • privateProfile

  • Command/config handling

    • Uses the standard config binding path for --gitlab / --token
    • Requires only the GitLab URL for enumeration
    • Keeps token validation conditional so gluna users enum remains tokenless

Example:

pipeleek gl users enum --gitlab https://gitlab.example.com --token glpat-xxxx
pipeleek gluna users enum --gitlab https://gitlab.example.com

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • gitlab.com
    • Triggering command: /tmp/go-build4180218215/b2288/engine.test /tmp/go-build4180218215/b2288/engine.test -test.testlogfile=/tmp/go-build4180218215/b2288/testlog.txt -test.paniconexit0 -test.timeout=10m0s -test.v=true -dwarf=false -goversion go1.26.0 -c=4 -race -nolocalimports -importcfg -ato�� -bool t ux-amd64/pkg/tool/linux_amd64/vet -errorsas -ifaceassert t ux-amd64/pkg/too-importcfg (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue May 13, 2026 that may be closed by this pull request
GitLab users enum #628
Open
Copilot AI and others added 3 commits May 13, 2026 09:05
@frjcomp
Add GitLab users enum commands
5295278 
Agent-Logs-Url: https://github.com/CompassSecurity/pipeleek/sessions/1c0daa5a-30ad-4c4c-a4df-03b95c0ab3b0

Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>
@frjcomp
Refine GitLab users enum logging
bf9f2f0 
Agent-Logs-Url: https://github.com/CompassSecurity/pipeleek/sessions/1c0daa5a-30ad-4c4c-a4df-03b95c0ab3b0

Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>
@frjcomp
Use int64 paging for GitLab users enum
a25bd63 
Agent-Logs-Url: https://github.com/CompassSecurity/pipeleek/sessions/1c0daa5a-30ad-4c4c-a4df-03b95c0ab3b0

Co-authored-by: frjcomp <107982661+frjcomp@users.noreply.github.com>
Copilot AI changed the title [WIP] Add GitLab users enum command for gl and gluna Add shared GitLab user enumeration for gl users enum and gluna users enum May 13, 2026
Copilot AI requested a review from frjcomp May 13, 2026 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frjcomp frjcomp Awaiting requested review from frjcomp

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

@frjcomp frjcomp

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GitLab users enum

2 participants

@frjcomp