Fast and customizable vulnerability scanner For JIRA written in Python

Related tags

Security related resourcessecurityjirascannerpython3bugbountyjira-rest-apivulnerability-scannerssecurity-tools
Overview


Fast and customizable vulnerability scanner For JIRA.

🤔 What is this?

Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management. This tool Performs 25+ Checks including CVE's and Multiple Disclosures on the Provided JIRA Instance.

🚀 Usage

Jira-Lens can be easily used from the command line

  • Clone this Repo Using git clone https://github.com/MayankPandey01/Jira-Lens.git
  • Complete the setup using python3 setup.py install
  • python3 Jira-Lens.py -u {URL}

render1636911439843

Additional Arguments can be passed to use tool in different way:

  • -u : To Provide a Single URL of JIRA Instance for Testing
  • -f : Path of File Containing List of URL's of JIRA Instance, properly Formatted and 1 url par Line
  • -o : To Provide a Custom Output Folder Location [ default= output/]

🔧 Installation

🔨 Using pip

$ pip install Jira-Lens

🔨 Using Git

  • git clone https://github.com/MayankPandey01/Jira-Lens.git
  • After Installation run the setup.py file to set up the tool.

🧪 Recommended Python Version:

  • This Tool Only Supports Python 3.
  • The recommended version for Python 3 is 3.8.x.

Dependencies:

The dependencies can be installed using the requirements file:

Installation on Windows:

  • python.exe -m pip3 install -r requirements.txt.

Installation on Linux:

  • sudo python3 pip3 install -r requirements.txt.

🐞 Bug Bounties

This tool is focused mainly on Bug Bounty Hunters and Security Professionals . You Can Use Jira-Lens to Scan JIRA Instance of the Target Company.

Why Use This

  • It Provides a Detailed output After the Scan is Completed With all the Findings.
  • Take Inputs From File To Scan Multiple Instance
  • Fast and Easy to Setup
  • Can Be Added Directly To Your Automation Scripts
  • Regularly Updated Scanning Database

🎯 Contribution PRs Welcome

We Love to Get Contribution from the Open Source Community 💙 . You are Welcome to Provide your Important Suggestions to make this tool more Awesome. Open a PR and we will See to it ASAP.

Ways to contribute

  • Suggest a feature
  • Adding CVE's and Disclosures Check
  • Report a bug
  • Fix something and open a pull request
  • Create a browser extension
  • Help me document the code
  • Spread the word

📚 DISCLAIMER

This project is a personal development. Please respect its philosophy and don't use it for evil purposes. By using Jira-Lens, you agree to the MIT license included in the repository. For more details at The MIT License — OpenSource.

Using Jira-Lens for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Happy Hacking

📃 Licensing

This project is licensed under the MIT license.

You might also like...
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Brayden Karnes 1 Dec 3, 2021
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits

null 1 Dec 16, 2021
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 9, 2022
Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
Simple Python 3 script to detect the
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

GoVanguard 8 Oct 20, 2022
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

Podalirius 48 Dec 3, 2022
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.
😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.

😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:

0p 25 Oct 14, 2022
Comments
  • Add --cookie option to set cookies during a scan

    Add --cookie option to set cookies during a scan

    While performing a penetration test on a Jira instance we used your tool to perform a preliminary scan. Since in our case, we needed a cookie from an SSO login we had to manually edit your code: here's the result. Maybe you want to include it in the official repository.

    Good job, thanks for making our job easier :smile:

    opened by 5amu 1
  • add Dockerfile

    add Dockerfile

    Hi @MayankPandey01,

    Thanks for sharing this tool! I added a Dockerfile to make it easier to install and use. Perhaps others can benefit from this as well.

    Cheers, 0xbad53c

    opened by 0xbad53c 0
  • Jira Lens Disabling SSL certificate verification option

    Jira Lens Disabling SSL certificate verification option

    The changes I made in "/Jira-Lens/Jira-Lens.py" is focused on adding ssl certificate verification option. With this update, users can use "-i" flag to disable ssl verification check and ssl errors. "-i" flag and explanation also added to main readme file.

    opened by Laronax 0
Releases(v1.0.2)
Owner
Mayank Pandey
QWx3YXlzIExlYXJuaW5nLi4=
Mayank Pandey
GitHub Repository
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
Remote Desktop Protocol in Twisted Python

RDPY Remote Desktop Protocol in twisted python. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client a

Sylvain Peyrefitte 1.6k Dec 30, 2022
Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

Marcus Vinícius Ribeiro Andrade 1 Nov 03, 2021
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains.

Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains. File Structure core/ colors.py db/ wordlist.txt REA

whoami security 4 Jul 02, 2022
Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

Michael Tsai 12 Nov 09, 2022
Flutter Reverse Engineering Framework

This framework helps reverse engineer Flutter apps using patched version of Flutter library which is already compiled and ready for app repacking. There are changes made to snapshot deserialization p

PT SWARM 910 Jan 01, 2023
A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022
Windows Stack Based Auto Buffer Overflow Exploiter

Autoflow - Windows Stack Based Auto Buffer Overflow Exploiter Autoflow is a tool that exploits windows stack based buffer overflow automatically.

Himanshu Shukla 19 Dec 22, 2022
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
A Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

Karim 3 Mar 24, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
Grafana-POC(CVE-2021-43798)

Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,

8 Jan 03, 2023
A terminal based web shell controller

shell-hack Tribute to Chinese ant sword; A Powerful terminal based webshell controller; Usage : Usage : python3 shell-hack.py --url [URL] --w

s1mple 10 Dec 28, 2021
OpenSource Poc && Vulnerable-Target Storage Box.

reapoc OpenSource Poc && Vulnerable-Target Storage Box. We are aming to collect different normalized poc and the vulerable target to verify it. Now re

cckuailong 560 Dec 23, 2022
cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点 分析可见: https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

xnianq 105 Nov 22, 2022
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
宝塔面板Windows版提权方法

宝塔面板Windows提权方法 本项目整理一些宝塔特性,可以在无漏洞的情况下利用这些特性来增加提权的机会。

298 Dec 14, 2022
Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

FireKing255 7 Dec 26, 2021
DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

8 Sep 02, 2022