Skip to content
/ JIRAya Public

JIRA"YA is a vulnerability analyzer for JIRA instances. It runs active scans to identify vulnerabilities by interacting with the host and conducting tests.

anmolksachan.medium.com/jira-ya-jira-yet-another-vulnerability-analyzer-4caf540961f5

License

GPL-3.0 license
32 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anmolksachan/JIRAya

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
JIRAya.py
JIRAya.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

JIRA"YA - JIRA Yet Another vulnerability Analyzer by @FR13ND0x7f

image

What is JIRA?

JIRA is a popular project management and issue tracking software developed by Atlassian. It is widely used in software development teams to track and manage tasks, bugs, and issues throughout the software development process.

JIRA allows teams to create and track tasks or issues, assign them to team members, set priorities, and track progress. It also offers features such as workflows, custom fields, and reporting to help teams manage their projects effectively.

In addition to software development, JIRA can also be used for project management in other industries such as marketing, HR, and finance. It has become a popular tool due to its flexibility, ease of use, and ability to integrate with other software tools.

What this tool is designed for?

This script is designed to help security analysts check for vulnerabilities on JIRA instances by running a series of tests against it.

Note

This is an active scanner since it interacts with the host to check wheither is is running JIRA, then runs the test cases against it to identify the vulnerability.

Requirements

  • Python 3.6+
  • requests package

Usage

You can run the script by running the JIRAya.py file with the following command line options:

Check single JIRA instance

image

python JIRAya.py --single <url/domain>

This will test a single JIRA instance at the specified URL.

Check multiple JIRA instances via provided file

python JIRAya.py --list <file>

image

This will test multiple JIRA instances at the URLs specified in the <file>.

Check multiple JIRA instances via Way Back URLs

image

python JIRAya.py --TheTimeMachine <url/domain>

This module is inspired from my other tool "The Time Machine". This will test multiple JIRA instances at the URLs specified in the <url/target>.

Tests performed

The following tests are performed against the JIRA instance:

  • Check for unauthenticated access to JIRA dashboards
  • Check for unauthenticated access to JIRA project categories
  • Check for unauthenticated access to JIRA resolutions
  • Check for unauthenticated access to installed JIRA gadgets
  • Check for unauthenticated access to JIRA admin projects
  • Check for CVE-2020-14179: Information disclosure about custom fields and custom SLA
  • Check for CVE-2019-3403: Information disclosure of all existing users on the JIRA server
  • Next update will be released soon with more test cases

Author

License

This project is licensed under the MIT License - see the LICENSE file for details.

About

JIRA"YA is a vulnerability analyzer for JIRA instances. It runs active scans to identify vulnerabilities by interacting with the host and conducting tests.

anmolksachan.medium.com/jira-ya-jira-yet-another-vulnerability-analyzer-4caf540961f5

Topics

python cms security automation jira anime tool scanner hacking scan cve cyber cve-scanning naruto ethical waybackurl waybackurls jiraya

Resources

Readme

License

GPL-3.0 license
Activity

Stars

32 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages