Last active
February 25, 2025 17:57
-
-
Save bandrel/2513a96ed253d6561aea89883876e612 to your computer and use it in GitHub Desktop.
find_jenkins.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Find Jenkins generates a target list from the metasploit database. | |
| #gowitness | |
| sqlite3 gowitness.sqlite3 "SELECT url FROM results WHERE title LIKE '%Jenkins%';" > /tmp/urls.txt | |
| #msf | |
| #msfconsole -q -x 'services -s http -p 8090,9090,8080,443 -o /tmp/http_services.csv;exit' | |
| cat /tmp/http_services.csv | grep ssl | cut -d ',' -f 1,2 | tr -d '"' | tr ',' ':' | sed 's/^/https:\/\//' >> /tmp/urls.txt | |
| cat /tmp/http_services.csv | grep -v ssl | cut -d ',' -f 1,2 | tr -d '"' | tr ',' ':' | sed 's/^/http:\/\//' >> /tmp/urls.txt | |
| rm -rf /tmp/http_services.csv | |
| rm -rf /tmp/urls.txt | |
| httpx -stats -favicon -l urls.txt -mfc 323562711 -j -o jenkins.json | |
| jq .url jenkins.json | tr -d '"' | tee -a jenkins_urls.txt | |
| cat jenkins_urls.txt | nuclei -t http/vulnerabilities/jenkins/ -o jenkins_vulns.txt | |
| cat jenkins_urls.txt | nuclei -t http/exposures/tokens/jenkins/ -o jenkins_tokens.txt | |
| cat jenkins_urls.txt | nuclei -t http/default-logins/jenkins -o jenkins_default-logins.txt | |
| cat jenkins_urls.txt | nuclei -t http/misconfiguration/jenkins -o jenkins_misconfigurations.txt | |
| for url in $(cat jenkins_urls.txt) ;do trufflehog jenkins --url $url -j | tee -a $(echo $url| cut -d '/' -f3).json | jq .Raw | egrep -v '(127.0.0.1|172\.[1-2][0-9]\.|localhost)';done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment