Gitlab search through the Gitlab Search API #694
Conversation
|
Token rotation should already work if the user provides multiple secrets in the provider configuration file. |
|
I mean, without having to run subfinder again, just like the GitHub source does, detecting a rate limit reached response and asking to the token manager for a new one. I don't know if this is even neccesary due to the random api key mechanism, thoughs? |
This is what I meant, but yeah ... if someone will need it, we can also add a token manager later on I guess. |
|
Looks like sonar is down, this is why the checks are failing |
./subfinder -d hackerone.com -s gitlab -t 250
__ _____ __
_______ __/ /_ / __(_)___ ____/ /__ _____
/ ___/ / / / __ \/ /_/ / __ \/ __ / _ \/ ___/
(__ ) /_/ / /_/ / __/ / / / / /_/ / __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/ v2.5.5
projectdiscovery.io
Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
By using subfinder, you also agree to the terms of the APIs used.
[INF] Loading provider config from '/Users/tarun/.config/subfinder/provider-config.yaml'
[INF] Enumerating subdomains for 'hackerone.com'
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x10 pc=0x1049d72fc]
goroutine 9 [running]:
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140003cc207?, {0x105243448, 0x1400012c420},
{0x140003cc207, 0x56}, 0x14000420000?, 0x140000bfce8?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:87 +0x51c
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x14000182207?, {0x105243448, 0x1400012c420},
{0x14000182207, 0x56}, 0x1400046e1e0?, 0x140000c0048?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140003cc547?, {0x105243448, 0x1400012c420},
{0x140003cc547, 0x55}, 0x14000190d20?, 0x140000c03a8?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x14000428207?, {0x105243448, 0x1400012c420},
{0x14000428207, 0x55}, 0x14000190700?, 0x140000c0708?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140001823a7?, {0x105243448, 0x1400012c420},
{0x140001823a7, 0x55}, 0x140002d4340?, 0x140000c0a68?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140004283a7?, {0x105243448, 0x1400012c420},
{0x140004283a7, 0x55}, 0x140001902a0?, 0x140000c0dc8?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140003cc067?, {0x105243448, 0x1400012c420},
{0x140003cc067, 0x55}, 0x140000c8000?, 0x140000c1128?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x14000428067?, {0x105243448, 0x1400012c420},
{0x14000428067, 0x55}, 0x14000524380?, 0x140004fb488?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x14000428547?, {0x105243448, 0x1400012c420},
{0x14000428547, 0x55}, 0x140000a03c0?, 0x140004fb7e8?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140001f4002?, {0x105243448, 0x1400012c420},
{0x140001f4002, 0x55}, 0x140002120d0?, 0x1400046a930?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate(0x140000a93a0?, {0x105243448, 0x1400012c420},
{0x1400017a000, 0x4e}, 0x0?, 0x0?, 0x0?, 0x0?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:112 +0x350
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).Run.func1()
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:44 +0x1a8
created by github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).Run
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:33 +0x120
|
|
It seems like we can speedup this source . Gitlab ratelimit = 2000 req/ min seaching we can probably speed it up by
|
|
Hey @tarunKoyalwar, thank you for your review, Regarding your proposal:
|
|
It looks like my proposal was not clear pls find the details below Current Methodology
The easiest way to speed it up would be instead of fetching each item and run regex in serial we can do that in parallel My Proposal
If possible you can furthur improve it |
|
This idea currently has 1 limitation . i.e rate limit is global and not for each source as you mentioned in The easiest solution is to implement #718 Any suggestions @ehsandeep @Mzack9999 @vzamanillo feel free to share if you have a better solution for this. |
Concurrent item processing Hardcoded delay before parsing every 100 item block
|
@tarunKoyalwar, check the latest commit please, it is a concept and some thing has to be fixed (the hardcoded delay), but with acceptable results
take |
|
@vzamanillo , It fails when multiple subdomains are passed ....
[INF] Found 20 subdomains for 'hackerone.com' in 3 minutes 17 seconds
[INF] Enumerating subdomains for 'inspectiv.com'
panic: send on closed channel
goroutine 44993 [running]:
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).proccesItems(0x0?, {0x10167f748, 0x1400007e480}, {0x14000256000?, 0x31, 0x140005d2e50?}, 0x0?, 0x100ad1094?, 0x14000927200?, 0x140003b3290?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:106 +0x274
created by github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:75 +0x2d4
panic: send on closed channel
goroutine 43767 [running]:
github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).proccesItems(0x1400063c420?, {0x10167f748, 0x1400007e480}, {0x140006da000?, 0x63, 0x14000657e50?}, 0x0?, 0x100ad1094?, 0x140000010e0?, 0x140006bd290?)
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:106 +0x274
created by github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/gitlab.(*Source).enumerate
/Users/tarun/reviews/subfinder/v2/pkg/subscraping/sources/gitlab/gitlab.go:75 +0x2d4
exit status 2
|
* digitorus source * Sorted AllSources * Fixed TestSourceFiltering after merging dev branch
|
gitlab has rate limit of 2000 req/min . and gitlab source does on an average > 90 req/min . |
The API traffic will be limited to 2,000 requests per minute for a given user, I think this should be enough for a single recon. A token rotation policy could be implemented in the future.