0x48piraj / jiraffe Goto Github PK

View Code? Open in Web Editor NEW

183.0 5.0 31.0 6.98 MB

One stop place for exploiting Jira instances in your proximity

Home Page: https://pypi.org/project/jiraffe/

License: MIT License

Python 100.00%

jira-instances jira exploitation security-tool python3 python-library security pentesting infosec redteam

jiraffe's Introduction

Jiraffe

Jiraffe - One stop place for exploiting all Jira instances in your proximity

Installation | Usage | Demo | Documentation

Features

Jiraffe is a semi-automatic security tool written for exploiting Jira instances.

What's included?

Interactive shell
Modular core
Pre-built exploits (see the table below)
Intelligent payload generator
Jira instance, Amazon AWS platform detection and banner grabbing
Pre-configured AWS Credentials & User Data Extraction

Installation

Use pip to install Jiraffe. This is the recommended way of running Jiraffe.

$ pip install jiraffe

or, installing from the source by running

# clone the repo
$ git clone https://github.com/0x48piraj/jiraffe.git

# change the working directory to jiraffe
$ cd jiraffe

# install the jiraffe python package
$ python3 setup.py install

Usage

$ python3 -m jiraffe
usage: jiraffe [-h] [-t https://example-jira-instance.com]


                                                                           /)/)
                                                                          ( ..\
      ___  __      _______        __       _______   _______   _______    /'-._)
     |"  ||" \    /"      \      /""\     /"     "| /"     "| /"     "|  /#/
     ||  |||  |  |:        |    /    \   (: ______)(: ______)(: ______) /#/  @0x48piraj
     |:  ||:  |  |_____/   )   /' /\  \   \/    |   \/    |   \/    |
  ___|  / |.  |   //      /   //  __'  \  // ___)   // ___)   // ___)_
 /  :|_/ )/\  |\ |:  __   \  /   /  \\  \(:  (     (:  (     (:      "|
(_______/(__\_|_)|__|  \___)(___/    \___)\__/      \__/      \_______)


Options:
  -t https://example-jira-instance.com, --target https://example-jira-instance.com
                        Target Jira Instance URL
  -v, --verbose         Verbose output
  -a, --auto            Automatic mode

Exploits

CVE	Impact	Description	Version Affected	Details
CVE-2017-9506	HIGH	The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).	Jira < 7.3.5	CVE-2017-9506
CVE-2019-8449	LOW	The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.	2.1 - 8.3.4	CVE-2019-8449
CVE-2019-11581	CRITICAL	Atlassian JIRA Template injection vulnerability RCE	Jira < 7.6.14	CVE-2019-11581
CVE-2019-8451	HIGH	Pre-authentication server side request forgery (SSRF) vulnerability found in the /plugins/servlet/gadgets/makeRequest resource.	Jira == 7.6.0 && Jira.7.6.0 < 7.13.9, 8.4.0	CVE-2019-8451

Majority of the bugs stated above poses Server-Side Request Forgery (SSRF) vulnerability, where attacker can abuse a specific functionality on the server to read or update internal resources. The attacker can supply or a modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases or perform post requests towards internal services which are not intended to be exposed.

Currently, some of the common Amazon AWS credentials leak attacks are present with an additional Custom Payload Option for sending crafted payloads for any cloud platform (Amazon AWS, Google Cloud, etc.). For sending custom payloads, take help from PayloadsAllTheThings — SSRF URL for Cloud Instances. Feel free to implement more post exploitation modules for vendor specifc deployments. For looking under the hood, read wiki.

Demonstration

Tests

The tests are next to the package i.e. tests are not part of the package, only of the repository. The reason is simply to keep the package small.

Running the unit tests

$ python3 -m unittest --verbose # Python 3 and up

DISCLAMER

This project is a personal development. Please respect it's philosophy and don't use it for evil purposes. By using Jiraffe, you agree to the MIT license included in the repository. For more details at The MIT License — OpenSource.

Using Jiraffe for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Licensing

This project is licensed under the MIT license.

jiraffe's People

Contributors

Stargazers

Watchers

jiraffe's Issues

No required 'packaging' module installed

Installed Jiraffe using pip:
pip install jiraffe
Tried to run and got import exception:
C:\Python37\Scripts>jiraffe Traceback (most recent call last): File "c:\python37\lib\runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "c:\python37\lib\runpy.py", line 85, in _run_code exec(code, run_globals) File "C:\Python37\Scripts\jiraffe.exe\__main__.py", line 4, in <module> File "c:\python37\lib\site-packages\jiraffe\__main__.py", line 5, in <module> from .recon import request, isjira, getversion File "c:\python37\lib\site-packages\jiraffe\recon.py", line 8, in <module> from packaging import version ModuleNotFoundError: No module named 'packaging'

I think something in pip manifest should me changed to install packaging module

not working

pip install jiraffe

tried to run jiraffe -t but says no command found

Detecting the hosting platform

For targeted payloads on specific vendors. (AWS, gcloud, ...)

References —

Jiraffe - "TypeError: str object is not callable"

I'm getting an old error "str object is not callable " while running "Jiraffe" on Mac. Please suggest how to resolve the issue. Thanks!

Implementing CVE-2019-11581

References

jas502n/CVE-2019-11581: Atlassian JIRA Template injection vulnerability RCE: https://github.com/jas502n/CVE-2019-11581
sry309/CVE-2019-11581: Atlassian JIRA Template injection vulnerability RCE: https://github.com/sry309/CVE-2019-11581

cannot run

root@wmfb-xps:/usr/local/bin# ./jiraffe
Traceback (most recent call last):
File "./jiraffe", line 11, in
load_entry_point('jiraffe==2.0.1', 'console_scripts', 'jiraffe')()
File "/usr/local/lib/python3.8/dist-packages/jiraffe-2.0.1-py3.8.egg/jiraffe/main.py", line 48, in main
TypeError: 'str' object is not callable

not running the tool

i give the error after installing and running the tool this cmd python -m jiraffe

error:-

Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 163, in _run_module_as_main
mod_name, _Error)
File "/usr/lib/python2.7/runpy.py", line 114, in _get_module_details
return _get_module_details(pkg_main_name)
File "/usr/lib/python2.7/runpy.py", line 119, in _get_module_details
code = loader.get_code(mod_name)
File "/usr/local/lib/python2.7/dist-packages/jiraffe-2.0.3-py2.7.egg/jiraffe/main.py", line 75
print(style.GREEN("[+] Jira instance detected") + style.RESET(''), style.YELLOW("[*] Enumerating the version ...") + style.RESET(''), sep="\n")
^
SyntaxError: invalid syntax

please kindly solve my issue

str object not callable

Encounter the following error:

jiraffe -h
Traceback (most recent call last):
  File "/usr/local/bin/jiraffe", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.7/dist-packages/jiraffe/__main__.py", line 48, in main
    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter, description=style.GREEN(banner) + style.RESET(''), usage=style.GREEN("jiraffe ") + style.YELLOW("[-h] [-t {}]").format(style.UNDERLINE("https://example-jira-instance.com") + style.RESET('') + style.YELLOW('')) + style.RESET(''))
TypeError: 'str' object is not callable

Quickfix on Line 8:
if sys.platform.lower() == "win32" or "linux":

Somehow something with the color setup is going worse...

Improving CVE-2019-8449 exploit

Links