random-robbie/Jira-Scan random-robbie/Jira-Scan

  • Stars
    star
    185
  • Rank 207,238 (Top 5 %)
  • Language
    Python
  • License
    The Unlicense
  • Created over 6 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
random-robbie/Jira-Scan
github

random-robbie

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CVE-2017-9506 - SSRF

Jira-Scan

ONLY TESTED WITH PYTHON 3

Provide a list of websites to test with out the http or https and this will test each one for the SSRF vun.

Alt text

Use a VPS from DO

DigitalOcean Referral Badge

CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

According to the Atlassian Jira the following versions are vulnerable:

  • Jira < 7.3.5

Overview of SSRF

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or a modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests towards internal services which are not intended to be exposed.

Description

The target application may have functionality for importing data from a URL, publishing data to a URL or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.).

When the manipulated request goes to the server, the server-side code picks up the manipulated URL and tries to read data to the manipulated URL. By selecting target URLs the attacker may be able to read data from services that are not directly exposed on the internet:

Cloud server meta-data - Cloud services such as AWS provide a REST interface on http://169.254.169.254/latest/meta-data/ where important configuration and sometimes even authentication keys can be extracted

Database HTTP interfaces - NoSQL database such as MongoDB provide REST interfaces on HTTP ports. Docker and Kubetnetes - if the local ports are exposed internally an attacker can create / delete pods & containers and retrive other secrets.

If the database is expected to only be available to internally, authentication may be disabled and the attacker can extract data Internal REST interfaces

Files - The attacker may be able to read files using file:// URIs The attacker may also use this functionality to import untrusted data into code that expects to only read data from trusted sources, and as such circumvent input validation.

Fun SSRF Payloads to try....

AWS - IAM role will leak AWS key

http://169.254.169.254/latest/meta-data/

Alibaba

http://100.100.100.200/latest/meta-data/

Docker - List Containers

http://127.0.0.1:2375/v1.24/containers/json

Kubernetes ETCD - Can contain API keys and internal ip and ports

http://127.0.0.1:2379/v2/keys/?recursive=true

More Repositories

1

bruteforce-lists

Some files for bruteforcing certain things.
1,083
star
2

My-Shodan-Scripts

Collection of Scripts for shodan searching stuff.
Python
973
star
3

keywords

349
star
4

bugbounty-scans

aquatone results for sites with bug bountys
292
star
5

cve-2020-0688

cve-2020-0688
Python
162
star
6

ssrf-finder

Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.
Go
108
star
7

AWS-Scanner

Scans a list of websites for Cloudfront or S3 Buckets
Go
104
star
8

bugbountydork

Bug Bounty Dork
Python
66
star
9

mass-s3-bucket-tester

This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable
Python
50
star
10

cloud-cidr

AWS,AZURE,GOOGLE CLOUD IP CIDRS
Shell
47
star
11

open-redirect

Open Redirect Finder.
Python
44
star
12

kube-scan

Kubernetes Scanner
Shell
42
star
13

metadata-one-liners

retrive metadata endpoint data with these one liners.
37
star
14

RPI-Control

Automated 433Mhz Control for Status Power Sockets using a Raspberry Pi
PHP
24
star
15

liferay-pwn

Vuln Liferay scanner & Exploit
Python
21
star
16

wheres-my-git

Wheres My Git - Find /.git/config files based on dirs found in home url
Shell
21
star
17

InfiniteWP-exploit

InfiniteWP Client < 1.9.4.5 - Authentication Bypass
Python
20
star
18

frida-docker

Dockerised Version of Frida
JavaScript
20
star
19

consul-pwn

Make a Consul Agent Grab Metadata endpoints
Python
19
star
20

grayhatwarfare-docs-finder

Finds Documents On Cloud Assets Using grayhatwarfare API for short urls
Python
17
star
21

S3-Listable

S3 Buckets that will let you list all files inside them
15
star
22

s3-tko

AWS S3 Bucket Finder.
Go
15
star
23

mini-php-shells

Multiple Shells of the same code with different extentions.
PHP
15
star
24

aquatone-docker

Docker Version of Aquatone
15
star
25

wpa-cracking

Command List for Hashcat and default keyspaces.
14
star
26

All-in-One-WP-Migration-Backup-Finder

All-in-One WP Migration-Backup-Finder
Python
14
star
27

bash-hacks

little scripts of bash stuff that i've found handy.
Shell
14
star
28

rb-recon

13
star
29

hamachi-pi

Install hamachi on your raspberry pi
Shell
13
star
30

wayback-saver

Saves pages to Wayback machine
Go
13
star
31

Hikvision-Brute-Force

Brute Force Hikvision Devices that only allow PIN passwords
Python
12
star
32

yahoo-bug-bounty

List of hosts from yahoo.com
12
star
33

wpa-masshandshakeextract

Needed a way to filter all my pwnagotchi handshakes.
Shell
11
star
34

firebaseio-checker-go

Firebase url checker in go
Go
11
star
35

cve-2019-6715

Go
11
star
36

redirector

Redirects any request with which ever http status code you want to a location of your choice
Python
10
star
37

jamf-log4j

Python
10
star
38

sms-command-server

Send a SMS to Control Your Linux Box
PHP
9
star
39

firebaseio-checker

Checks a list of firebaseio to confirm they are working and have dev access to them
Python
9
star
40

extract-m3u

Extract username and passwords from IPTV urls
Python
9
star
41

docker-massscan-webui

Masscan web gui
PHP
8
star
42

M3U-Generator

Add Stream links and generate a playlist.
PHP
8
star
43

twando

Twitter Multi Account
PHP
8
star
44

docker-dump

dumping random docker projects here
CSS
8
star
45

cve-2022-23131-exp

Zabbix SSO Bypass
Python
8
star
46

wifite2-docker

Docker of Wifite2
Dockerfile
8
star
47

What-Security

What-Security Home Page
CSS
8
star
48

Aircrack-NG_RaspberryPI

Installer for Aircrack-NG / Airoscript For Raspberry Pi
Shell
7
star
49

google-dork

This will grab a random dork and then save the output to a text file
Python
7
star
50

selenium-abuser

Abuse Open Selenium Gird or Node to get access to metadata endpoint.
Python
7
star
51

SMS-PI

SMS PI - Send a SMS via Your Raspberry PI UK SMS ONLY!
6
star
52

CVE-2019-7616

POC for CVE-2019-7616 / ESA-2019-09
Python
6
star
53

wordlist-extractor

Extracts unique file and folder names from a list of urls.
Python
6
star
54

g-suite-check

Checks if the domains MX records point at G-suite
Python
6
star
55

csp-report-buckets

Grabs Storage Bucket Urls from CSP headers
Go
6
star
56

urlscan-search

urlscan.io search for domains
Go
6
star
57

salesforce-ssrf

Python
5
star
58

CVE-2019-5418

Go
5
star
59

CVE-2019-18935

CVE-2019-18935
5
star
60

My-Binary-Edge

Tools i've made to help with working with data from https://www.binaryedge.io
Python
5
star
61

XSS-image

XSS via images
Python
5
star
62

xupnpd-raspberry-armhf

Deb of xupnpd for raspberry pi
4
star
63

js-source-mapper

Take JS files in and get .map versions if possible.
Go
4
star
64

clippy-finalurl

Go
4
star
65

githack

Python
4
star
66

Dropbox-Mysql-Upload

Backup Mysql to Dropbox
4
star
67

bulk_ssl_expire

Check a text file of domains for any expired SSL Certificates
Shell
4
star
68

squid-anon-docker

Squid Proxy that is classed as anon
Dockerfile
4
star
69

github-about-me

Enter a Github Key and tell me about you
HTML
3
star
70

iptv-buster

Some horrible code i made a while back
Go
3
star
71

screenshot-heroki

JavaScript
3
star
72

mot-checker

UK MOT/TAX checker for UK registered Vehicles
Python
3
star
73

gcr-finder

Find Google GCR Repo's
Shell
3
star
74

PiCam-image-requester

Send a SMS and Your Raspberry Pi cam and it will send a MMS or Email or Tweet of the pic for you
PHP
3
star
75

popplugin

WordPress Plugin for Use in Testing for PHP Object Injection
Ruby
3
star
76

rubbish-links

Junk or gold
2
star
77

UniFi-Network-ipad-blocker

Script to block childs ipads from the internet using UniFi Network setup.
Python
2
star
78

Netgear-DGN1000---DGN2200---Remote-Password-Finder

PHP to get admin username and password of DGN1000 to DGN2000
PHP
2
star
79

tko-random-robbie

Serverless page for my subdomain takeovers.
HTML
2
star
80

elastic-tko

Elasticbean Stalk TKO
Python
2
star
81

serverless-whatismyip

Go
2
star
82

pir-bullet

Raspberry Pi PIR Intruder Alerts Via Push Bullet
Python
2
star
83

host-scanner

Go
2
star
84

django-splitter

ignore for now
Go
2
star
85

csp-report-extractor

Extracts CSP reports
Go
2
star
86

RTMP_NGINX_SHOW

View Streams From Your Nginx Server
CSS
2
star
87

xsstrike-docker

XSStrike in Docker
Dockerfile
2
star
88

Python-Tweet-Dump

Dumping My Twitter Python Scripts
Python
2
star
89

yahoo-bugbountyscans

aquatone-scans of yahoo
HTML
2
star
90

netk8t

container to deploy for attacking k8s
Dockerfile
2
star
91

spoofssid-docker

Docker container to spoof popular SSID's
2
star
92

wpscan-help

Output of WPSCAN --hh
2
star
93

selenium-metadata-grabber

Selenium Metadata Endpoint Grabber
Python
2
star
94

censysio-ip-search

Provides a list of IP's for your search.
Go
2
star
95

wp-engine

WP-Engine Disclosure
Python
2
star
96

beerfarmers-bot

Python
1
star
97

phonegap_smspi

SMSPI Phone Gap App
JavaScript
1
star
98

Pir-tweet

Tweet's when motion detected
Python
1
star
99

Flask-Ask-Docker

Flask-Ask Docker container with sample app that will automatically connect ngrok for use as an alexa skill
Python
1
star
100

docker-http-auth

A HTTP Auth Docker Honeypot using python
1
star