pwn_jenkins
DogWalk-rce-poc
Our great sponsors
pwn_jenkins | DogWalk-rce-poc | |
---|---|---|
2 | 2 | |
1,890 | 81 | |
- | - | |
5.7 | 0.0 | |
18 days ago | over 1 year ago | |
Python | Perl | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pwn_jenkins
-
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
I did add it to the list though.
-
JAF is an internally developed, red team-oriented tool from Accenture for interacting with Jenkins build servers.
I'm maintaining a list of scripts and exploits for Jenkins here: https://github.com/gquere/pwn_jenkins
DogWalk-rce-poc
What are some alternatives?
jenkins-job-wrecker - convert Jenkins job XML to JJB YAML
PoC-CVE-2022-30190 - POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina
RomBuster - RomBuster is a router exploitation tool that allows to disclosure network router admin password.
fuelcms-rce - Fuel CMS 1.4 - Remote Code Execution
CVE-2021-41773 - Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773
CVE-2022-26134 - CVE-2022-26134 - Atlassian Confluence unauthenticated OGNL injection vulnerability (RCE).
jklint - A Jenkinsfile linter CLI saving time linting Jenkinsfiles by only typing 1 argument in the command line.
Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
jenkins-update-center - Jenkins mirror update center generator
log4j2-rce-poc - A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).
altwalker-jenkins-example - An example of a simple Jenkins Pipeline for AltWalker.
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.