JIRA”YA — JIRA Yet Another vulnerability Analyzer

As software development teams use JIRA to track and manage tasks, it has become a popular project management tool. However, with increased usage comes an increased risk of security vulnerabilities. That’s where JIRA”YA comes in. Developed by me from scratch, this tool is designed to help security analysts check for vulnerabilities on JIRA instances by running a series of tests against it.

This tool is inspired from Jiraiya who was an exceptionally powerful shinobi, hailed as one of the greatest ninja of his generation and that Konoha ever produced.

JIRA”YA is an active scanner as it interacts with the host to check if it is running JIRA, and then runs the test cases against it to identify the vulnerability. The tool performs several tests against the JIRA instance, including checking for unauthenticated access to JIRA dashboards, JIRA project categories, JIRA resolutions, installed JIRA gadgets, JIRA admin projects, CVE-2020–14179, and CVE-2019–3403. In addition, I'm planning to release an update with more test cases soon, currently its in beta phase.

The tool requires Python 3.6+ and the requests package. You can run the script by running the JIRAya.py file with the following command line options:

Check single JIRA instance: python JIRAya.py --single <url/domain>.

Check multiple JIRA instances via a provided file: python JIRAya.py --list <file>.

Check multiple JIRA instances via Way Back URLs: python JIRAya.py --TheTimeMachine <url/domain>.

As cybersecurity threats continue to evolve, it’s important to regularly assess the security of tools like JIRA to ensure that vulnerabilities are identified and addressed. JIRA”YA is a great tool for security analysts looking to check for vulnerabilities in JIRA instances.

If you want to know more about the tool or use it, you can check out the GitHub repository: anmolksachan/JIRAya (github.com)