Fast and customizable vulnerability scanner For JIRA written in Python

Overview


Fast and customizable vulnerability scanner For JIRA.

πŸ€” What is this?

Jira-Lens πŸ” is a Python Based vulnerability Scanner for JIRA. Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management. This tool Performs 25+ Checks including CVE's and Multiple Disclosures on the Provided JIRA Instance.

πŸš€ Usage

Jira-Lens can be easily used from the command line

  • Clone this Repo Using git clone https://github.com/MayankPandey01/Jira-Lens.git
  • Complete the setup using python3 setup.py install
  • python3 Jira-Lens.py -u {URL}

render1636911439843

Additional Arguments can be passed to use tool in different way:

  • -u : To Provide a Single URL of JIRA Instance for Testing
  • -f : Path of File Containing List of URL's of JIRA Instance, properly Formatted and 1 url par Line
  • -o : To Provide a Custom Output Folder Location [ default= output/]

πŸ”§ Installation

πŸ”¨ Using pip

$ pip install Jira-Lens

πŸ”¨ Using Git

  • git clone https://github.com/MayankPandey01/Jira-Lens.git
  • After Installation run the setup.py file to set up the tool.

πŸ§ͺ Recommended Python Version:

  • This Tool Only Supports Python 3.
  • The recommended version for Python 3 is 3.8.x.

β›³ Dependencies:

The dependencies can be installed using the requirements file:

Installation on Windows:

  • python.exe -m pip3 install -r requirements.txt.

Installation on Linux:

  • sudo python3 pip3 install -r requirements.txt.

🐞 Bug Bounties

This tool is focused mainly on Bug Bounty Hunters and Security Professionals . You Can Use Jira-Lens to Scan JIRA Instance of the Target Company.

Why Use This ❓

  • It Provides a Detailed output After the Scan is Completed With all the Findings.
  • Take Inputs From File To Scan Multiple Instance
  • Fast and Easy to Setup ⚑
  • Can Be Added Directly To Your Automation Scripts
  • Regularly Updated Scanning Database

🎯 Contribution PRs Welcome

We Love to Get Contribution from the Open Source Community πŸ’™ . You are Welcome to Provide your Important Suggestions to make this tool more Awesome. Open a PR and we will See to it ASAP.

Ways to contribute

  • Suggest a feature
  • Adding CVE's and Disclosures Check
  • Report a bug
  • Fix something and open a pull request
  • Create a browser extension
  • Help me document the code
  • Spread the word

πŸ“š DISCLAIMER

This project is a personal development. Please respect its philosophy and don't use it for evil purposes. By using Jira-Lens, you agree to the MIT license included in the repository. For more details at The MIT License β€” OpenSource.

Using Jira-Lens for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Happy Hacking ✨ ✨

πŸ“ƒ Licensing

This project is licensed under the MIT license.

You might also like...
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits

open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

 Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

Comments
  • Add --cookie option to set cookies during a scan

    Add --cookie option to set cookies during a scan

    While performing a penetration test on a Jira instance we used your tool to perform a preliminary scan. Since in our case, we needed a cookie from an SSO login we had to manually edit your code: here's the result. Maybe you want to include it in the official repository.

    Good job, thanks for making our job easier :smile:

    opened by 5amu 1
  • add Dockerfile

    add Dockerfile

    Hi @MayankPandey01,

    Thanks for sharing this tool! I added a Dockerfile to make it easier to install and use. Perhaps others can benefit from this as well.

    Cheers, 0xbad53c

    opened by 0xbad53c 0
  • Jira Lens Disabling SSL certificate verification option

    Jira Lens Disabling SSL certificate verification option

    The changes I made in "/Jira-Lens/Jira-Lens.py" is focused on adding ssl certificate verification option. With this update, users can use "-i" flag to disable ssl verification check and ssl errors. "-i" flag and explanation also added to main readme file.

    opened by Laronax 0
Releases(v1.0.2)
Owner
Mayank Pandey
QWx3YXlzIExlYXJuaW5nLi4=
Mayank Pandey
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3, It Fuzzes All URLs of target website & then scan them for EAR

Pushpender Singh 9 Dec 12, 2022
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
Python bindings to LibreSSL library

LibreSSL bindings for Python using CFFI Python3 bindings to LibreSSL using CFFI. It aims to provide interface to the most important bits of LibreSSL o

Alexander Kiselyov 1 Aug 02, 2022
Password list generator for password spraying - prebaked with goodies

Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, "Password", and even Iterable Keyspaces of a specified size.

Casey Erdmann 65 Dec 22, 2022
A simple subdomain scanner in python

Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! πŸ’β€β™€οΈ How to use first download the scanner.p

Portgas D Ace 2 Jan 07, 2022
python driver for fingerprint machine (ZKTeco biometrics)

fpmachine python driver for fingerprint machine (ZKTeco biometrics) support until now 2 model supported and tested ZMM100_TFT and ZMM220_TFT install p

Samy Sultan 4 Oct 06, 2022
A script to extract SNESticle from Fight Night Round 2

fn22snesticle.py A script for producing a SNESticle ISO from a Fight Night Round 2 ISO and any SNES ROM. Background Fight Night Round 2 is a boxing ga

Johannes Holmberg 57 Nov 22, 2022
Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

Ivan Ε incek 165 Dec 28, 2022
List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

Nag 291 Dec 28, 2022
Python implementation for PrintNightmare using standard Impacket.

PrintNightmare Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket. Installtion $ pip3 install impacket

ollypwn 141 Dec 31, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 09, 2022
RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

RapiDAST RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API. Its core engine is OWASP Z

Red Hat Product Security 17 Nov 11, 2022
A security system to warn you when people enter your room πŸŽ₯

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

Acc-Data-Gen Allows you to generate a password, e-mail & token for your Minecraft Account How to use the generator: Move all the files in a single dir

KarmaBait 2 May 16, 2022
Discord Region Swapping Exploit (VC Overload)

Discord-VC-Exploit Discord Region Swapping Exploit (VC Overload) aka VC Crasher How does this work? Discord has multiple servers that lets people arou

Rainn 11 Sep 10, 2022
Multi Brute Force Facebook - Crack Facebook With Login - Free For Now

✭ SAKERA CRACK Made With ❀️ By Denventa, Araya, Dapunta Author: - Denventa - Araya Dev - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Cookies ⇨ Ins

Dapunta ID 26 Jan 01, 2023