nuclei-templates/http/technologies/jenkins-detect.yaml

52 lines
1.3 KiB
YAML
Raw Normal View History

id: jenkins-detect
info:
name: Jenkins Detection
author: philippdelteil,daffainfo,c-sh0,AdamCrosser
severity: info
reference:
- https://www.jenkins.io/doc/book/using/remote-access-api/#RemoteaccessAPI-DetectingJenkinsversion
- https://github.com/jenkinsci/jenkins/pull/470
- https://www.jenkins.io/doc/book/security/access-control/permissions/#access-granted-without-overallread
metadata:
max-request: 2
vendor: jenkins
product: jenkins
2023-10-14 11:27:55 +00:00
shodan-query: http.favicon.hash:81586312
category: devops
tags: tech,jenkins,detect
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/whoAmI/"
host-redirects: true
max-redirects: 2
stop-at-first-match: true
2023-10-14 11:27:55 +00:00
matchers-condition: and
matchers:
- type: word
part: header
words:
- "x-jenkins:"
case-insensitive: true
2021-07-28 14:59:55 +00:00
- type: word
words:
- "Jenkins"
2021-07-28 14:59:55 +00:00
extractors:
- type: kval
name: version
kval:
2021-07-28 14:59:55 +00:00
- x_jenkins
- type: kval
kval:
- version
# digest: 4a0a0047304502206850e2d2714b465e034866eadc86daf9af89ae195c88f43053b1df5a84e1d48b02210097939ba146560b2c6ad9cd959d66715c59eccaf0618344b068031fa640ce67f0:922c64590222798bb761d5b6d8e72950