pipeleek/pipeleek.example.yaml at main · CompassSecurity/pipeleek · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
# Pipeleek Configuration File (YAML)
#
# This file provides a comprehensive template for configuring Pipeleek.
# Configuration values can be provided via:
#   1. CLI flags (highest priority)
#   2. Configuration file (this file)
#   3. Environment variables (PIPELEEK_* prefix, e.g., PIPELEEK_GITLAB_TOKEN)
#   4. Defaults (lowest priority)
#
# Schema: <platform>.<subcommand>.<flag_name>
#   - Flag names with dashes are converted to underscores (e.g., --max-artifact-size -> max_artifact_size)
#   - Platform-level settings (url, token) can be shared across subcommands
#   - Command-specific settings override platform defaults
#
# Copy this file to one of these locations:
#   - ~/.config/pipeleek/pipeleek.yaml (recommended)
#   - ~/pipeleek.yaml
#   - ./pipeleek.yaml (current directory)
# Or specify explicitly: pipeleek --config /path/to/config.yaml

# Common settings applied across all platforms (primarily for scan commands)
common:
  threads: 10 # Number of concurrent threads for scanning
  trufflehog_verification: true # Enable TruffleHog secret verification
  max_artifact_size: 104857600 # Maximum artifact size in bytes (100MB)
  confidence_filter: "medium" # Filter secrets by confidence: low, medium, high, high-verified
  hit_timeout: 5 # Timeout for secret hits in seconds

#------------------------------------------------------------------------------
# GitLab Platform Configuration
#------------------------------------------------------------------------------
gitlab:
  # Platform-wide settings (shared across all GitLab commands)
  url: https://gitlab.example.com
  token: glpat-REPLACE_ME
  cookie: "" # Optional: _gitlab_session cookie for dotenv artifacts

  # enum - Enumerate token access rights
  enum:
    level: "full" # Enumeration level: minimal, full

  # cicd yaml - Dump CI/CD YAML configuration
  cicd:
    yaml:
      project: "group/project" # Target project path

  # schedule - Enumerate scheduled pipelines
  schedule: {} # Inherits gitlab.url and gitlab.token

  # secureFiles - Print CI/CD secure files
  secureFiles: {} # Inherits gitlab.url and gitlab.token

  # variables - Print CI/CD variables
  variables: {} # Inherits gitlab.url and gitlab.token

  # jobToken exploit - Validate job token and attempt repo write
  jobToken:
    exploit:
      project: "group/project" # Target project path

  # vuln - Check GitLab version vulnerabilities
  vuln: {} # Inherits gitlab.url and gitlab.token

  # runners list - List available runners
  runners:
    list: {} # Inherits gitlab.url and gitlab.token

    # runners exploit - Create exploit project for runners
    exploit:
      tags: [] # Runner tags to target (empty = all)
      dry: false # Dry run (don't create project)
      shell: "bash" # Shell type: bash, powershell, pwsh
      age_public_key: "" # Age public key for encryption
      repo_name: "" # Custom repository name

  # renovate enum - Enumerate Renovate bot configurations
  renovate:
    enum:
      owned: true # Include owned projects
      member: true # Include member projects
      repo: false # Fetch repo config
      namespace: false # Include namespace configs
      search: "" # Search query
      fast: false # Fast mode (skip version checks)
      dump: false # Dump full configs
      page: 1 # Starting page
      order_by: "last_activity_at" # Sort order
      extend_renovate_config_service: false # Extend renovate config service

    bots:
      term: "renovate" # Search term for identifying potential renovate bot users

  # register - Register new user account
  register:
    username: "newuser"
    password: "securepassword"
    email: "newuser@example.com"

  # shodan - Query Shodan for GitLab instances
  shodan:
    json: "shodan_data.json" # Path to Shodan JSON export

  # scan - Scan CI/CD artifacts for secrets
  scan:
    # Inherits common.* settings, can override per-command
    threads: 15 # Override common.threads for GitLab scans
    max_artifact_size: 52428800 # 50MB for GitLab artifacts

  # tf - Discover and scan Terraform/OpenTofu state files
  tf:
    output_dir: ./terraform-states # Directory to save downloaded state files
    threads: 4 # Override common.threads for Terraform state scans
    # Note: artifacts, max_artifact_size, and owned do not apply to gl tf.

#------------------------------------------------------------------------------
# GitHub Platform Configuration
#------------------------------------------------------------------------------
github:
  url: https://api.github.com
  token: ghp_REPLACE_ME

  # ghtoken exploit - Validate GitHub Actions token and attempt repo clone
  ghtoken:
    exploit:
      repo: "owner/repo" # Target repository in format owner/repo

  # scan - Scan GitHub Actions artifacts for secrets
  scan:
    owner: "example-org" # Repository owner
    repo: "example-repo" # Repository name
    # Inherits common.* settings

#------------------------------------------------------------------------------
# BitBucket Platform Configuration
#------------------------------------------------------------------------------
bitbucket:
  url: https://bitbucket.org
  email: user@example.com # BitBucket account email
  token: ATATTxxxxxx # BitBucket app token (create at https://id.atlassian.com/manage-profile/security/api-tokens)
  cookie: "" # Optional: cloud.session.token cookie value from bitbucket.org for artifact scanning

  # scan - Scan BitBucket Pipelines artifacts
  scan:
    workspace: "example-workspace" # Workspace slug
    repo_slug: "example-repo" # Repository slug
    # Inherits common.* settings

#------------------------------------------------------------------------------
# Azure DevOps Configuration
#------------------------------------------------------------------------------
azure_devops:
  url: https://dev.azure.com/example-org
  token: ado_pat_REPLACE_ME

  # scan - Scan Azure Pipelines artifacts
  scan:
    project: "example-project" # Project name
    # Inherits common.* settings

#------------------------------------------------------------------------------
# Gitea Platform Configuration
#------------------------------------------------------------------------------
gitea:
  url: https://gitea.example.com
  token: gitea_pat_REPLACE_ME

  # enum - Enumerate token access rights
  enum: {} # Inherits gitea.url and gitea.token

  # variables - Print repository/organization variables
  variables:
    owner: "example-org" # Repository owner
    repo: "example-repo" # Repository name

  # secrets - Print repository/organization secrets
  secrets:
    owner: "example-org"
    repo: "example-repo"

  # vuln - Check Gitea version vulnerabilities
  vuln: {} # Inherits gitea.url and gitea.token

  # scan - Scan Gitea Actions artifacts
  scan:
    owner: "example-org"
    repo: "example-repo"
    # Inherits common.* settings

#------------------------------------------------------------------------------
# Jenkins Platform Configuration
#------------------------------------------------------------------------------
jenkins:
  url: https://jenkins.example.com
  username: admin
  token: jenkins_api_token_REPLACE_ME

  # scan - Scan Jenkins jobs, build logs, env vars, and optional artifacts
  scan:
    folder: "team-a" # Optional: scan all jobs recursively in this folder
    job: "team-a/service-a" # Optional: scan a single job path
    max_builds: 25 # Maximum builds to scan per job (0 = all)
    # Inherits common.* settings

#------------------------------------------------------------------------------
# CircleCI Platform Configuration
#------------------------------------------------------------------------------
circle:
  url: https://circleci.com
  token: circleci_token_REPLACE_ME

  # scan - Scan CircleCI pipelines, logs, test results and optional artifacts
  scan:
    project: ["example-org/example-repo"] # Optional project selector(s): org/repo or vcs/org/repo
    vcs: "github" # Default VCS used when project entries omit prefix
    org: "example-org" # Optional org filter; supports my-org, github/my-org, or app.circleci.com/pipelines URLs
    # Org-wide discovery requires token visibility to that org. If discovery fails, use explicit --project entries.
    branch: "main" # Optional branch filter
    status: ["success", "failed"] # Optional pipeline/workflow/job status filter
    workflow: ["build", "deploy"] # Optional workflow name filter
    job: ["unit-tests", "release"] # Optional job name filter
    since: "2026-01-01T00:00:00Z" # Optional RFC3339 start timestamp
    until: "2026-01-31T23:59:59Z" # Optional RFC3339 end timestamp
    max_pipelines: 0 # Maximum number of pipelines to scan per project (0 = no limit)
    tests: true # Scan job test results
    insights: true # Scan workflow insights endpoints
    # Inherits common.* settings