Fast and customizable vulnerability scanner For JIRA written in Python

Overview


Fast and customizable vulnerability scanner For JIRA.

🤔 What is this?

Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management. This tool Performs 25+ Checks including CVE's and Multiple Disclosures on the Provided JIRA Instance.

🚀 Usage

Jira-Lens can be easily used from the command line

  • Clone this Repo Using git clone https://github.com/MayankPandey01/Jira-Lens.git
  • Complete the setup using python3 setup.py install
  • python3 Jira-Lens.py -u {URL}

render1636911439843

Additional Arguments can be passed to use tool in different way:

  • -u : To Provide a Single URL of JIRA Instance for Testing
  • -f : Path of File Containing List of URL's of JIRA Instance, properly Formatted and 1 url par Line
  • -o : To Provide a Custom Output Folder Location [ default= output/]

🔧 Installation

🔨 Using pip

$ pip install Jira-Lens

🔨 Using Git

  • git clone https://github.com/MayankPandey01/Jira-Lens.git
  • After Installation run the setup.py file to set up the tool.

🧪 Recommended Python Version:

  • This Tool Only Supports Python 3.
  • The recommended version for Python 3 is 3.8.x.

Dependencies:

The dependencies can be installed using the requirements file:

Installation on Windows:

  • python.exe -m pip3 install -r requirements.txt.

Installation on Linux:

  • sudo python3 pip3 install -r requirements.txt.

🐞 Bug Bounties

This tool is focused mainly on Bug Bounty Hunters and Security Professionals . You Can Use Jira-Lens to Scan JIRA Instance of the Target Company.

Why Use This

  • It Provides a Detailed output After the Scan is Completed With all the Findings.
  • Take Inputs From File To Scan Multiple Instance
  • Fast and Easy to Setup
  • Can Be Added Directly To Your Automation Scripts
  • Regularly Updated Scanning Database

🎯 Contribution PRs Welcome

We Love to Get Contribution from the Open Source Community 💙 . You are Welcome to Provide your Important Suggestions to make this tool more Awesome. Open a PR and we will See to it ASAP.

Ways to contribute

  • Suggest a feature
  • Adding CVE's and Disclosures Check
  • Report a bug
  • Fix something and open a pull request
  • Create a browser extension
  • Help me document the code
  • Spread the word

📚 DISCLAIMER

This project is a personal development. Please respect its philosophy and don't use it for evil purposes. By using Jira-Lens, you agree to the MIT license included in the repository. For more details at The MIT License — OpenSource.

Using Jira-Lens for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Happy Hacking

📃 Licensing

This project is licensed under the MIT license.

You might also like...
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits

open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

 Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

Comments
  • Add --cookie option to set cookies during a scan

    Add --cookie option to set cookies during a scan

    While performing a penetration test on a Jira instance we used your tool to perform a preliminary scan. Since in our case, we needed a cookie from an SSO login we had to manually edit your code: here's the result. Maybe you want to include it in the official repository.

    Good job, thanks for making our job easier :smile:

    opened by 5amu 1
  • add Dockerfile

    add Dockerfile

    Hi @MayankPandey01,

    Thanks for sharing this tool! I added a Dockerfile to make it easier to install and use. Perhaps others can benefit from this as well.

    Cheers, 0xbad53c

    opened by 0xbad53c 0
  • Jira Lens Disabling SSL certificate verification option

    Jira Lens Disabling SSL certificate verification option

    The changes I made in "/Jira-Lens/Jira-Lens.py" is focused on adding ssl certificate verification option. With this update, users can use "-i" flag to disable ssl verification check and ssl errors. "-i" flag and explanation also added to main readme file.

    opened by Laronax 0
Releases(v1.0.2)
Owner
Mayank Pandey
QWx3YXlzIExlYXJuaW5nLi4=
Mayank Pandey
Credit Card And SK Checker Written In Python

💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳

Rimuru Tempest 53 Dec 31, 2022
S2-061 的payload,以及对应简单的PoC/Exp

S2-061 脚本皆根据vulhub的struts2-059/061漏洞测试环境来写的,不具普遍性,还望大佬多多指教 struts2-061-poc.py(可执行简单系统命令) 用法:python struts2-061-poc.py http://ip:port command 例子:python

dreamer 46 Oct 20, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

Николай Борщёв 2 Oct 05, 2022
Early days of an Asset Discovery tool.

Please star this project! Written in Python Report Bug . Request Feature DISCLAIMER This project is in its early days, everything you see here is almo

grag1337 3 Dec 20, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
Scout Suite - an open source multi-cloud security-auditing tool,

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

NCC Group Plc 5k Jan 05, 2023
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

Enox 6 Oct 10, 2022
Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features - Create a hidden service - Generate non-staged payload (python/meterpreter_rev

calfcrusher 80 Dec 21, 2022
Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

Webrecorder 10 Jul 28, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
A tool for making python source difficult to read.

obscurepy Description A tool for obscuring, or making python source code difficult to read. Table of Contents Installation Limitations Usage Disclaime

Andrew Christiansen 10 Jul 31, 2022
Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

21 Sep 24, 2022
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

r0cky 92 Jul 20, 2022
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all

Google 4.9k Jan 08, 2023
A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

Surya Das N 1 Oct 30, 2021
Log4j2 intranet scan

Log4j2-intranet-scan ⚠️ 免责声明 本项目仅面向合法授权的企业安全建设行为,在使用本项目进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权 如您在使用本项目的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任 在使用本项目前,请您务

k3rwin 16 Dec 19, 2022
Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains.

Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains. File Structure core/ colors.py db/ wordlist.txt REA

whoami security 4 Jul 02, 2022
Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

ru55o 2 Oct 31, 2022