Gitlab Reconnaissance Introduction

This post documents reconnaissance techniques for GitLab (a code hosting platform similar to GitHub) after obtaining a GitLab Token (a credential that grants API access). An attacker with a valid token can enumerate projects, clone source code repositories to search for secrets, extract CI/CD variables (configuration values that often contain passwords or access keys), and discover runner tokens (registration credentials for build automation systems).