Skip to content

RasterSec/jira-enum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

jira-enum

Tool for enumerating Jira token permissions and fetching users from service desk portals using session cookie authentication. Useful for password spraying and penetration testing. Brought to you by the Digilol security team 🙌

Installation

go install github.com/digilolnet/jira-enum@latest

Or build from source:

git clone https://github.com/digilolnet/jira-enum.git
cd jira-enum
go build .

Authentication

This tool uses the customer.account.session.token cookie for authentication.

Usage

# List all available permissions
jira-enum -list

# Query specific permissions
jira-enum -url https://company.atlassian.net -token YOUR_TOKEN -permissions CREATE_ISSUES,EDIT_ISSUES

# Query all permissions
jira-enum -url https://company.atlassian.net -token YOUR_TOKEN -permissions all

# Fetch all users from service desk portals
jira-enum -url https://company.atlassian.net -token YOUR_TOKEN -users

# Query both permissions and users
jira-enum -url https://company.atlassian.net -token YOUR_TOKEN -permissions CREATE_ISSUES -users

Run with -h to get a list of all command-line arguments.

Example Output

Query Permissions

$ jira-enum -url https://company.atlassian.net -token abc123 -permissions CREATE_ISSUES,EDIT_ISSUES

Permission                     Granted   
-----------------------------------------------------
CREATE_ISSUES                  ✓ YES     
EDIT_ISSUES                    ✗ NO

Query Users

$ jira-enum -url https://company.atlassian.net -token abc123 -users

Searching for users across service desk portals (1-100)...

Scan complete! Found 45 total users from 3 valid portals (42 unique users after deduplication)

Display Name                   Email Address                          
-------------------------------------------------------------------------------
John Smith                     john.smith@company.com                
Jane Doe                       jane.doe@company.com                  
Bob Johnson                    bob.johnson@company.com               

Total: 42 users
Note: Additional fields (ID, Account ID, Avatar) omitted from table output.
Use -format json -output filename.json to get complete user data.

JSON Output

{
  "permissions": {
    "permissions": {
      "CREATE_ISSUES": {
        "id": "10",
        "key": "CREATE_ISSUES",
        "name": "Create Issues",
        "type": "PROJECT",
        "description": "Ability to create issues.",
        "havePermission": true
      }
    }
  },
  "users": [
    {
      "id": "1234",
      "accountId": "557057:f58131cb-b67d-43c7-b30d-6b58d40bd077",
      "emailAddress": "john.smith@company.com",
      "displayName": "John Smith",
      "avatar": "https://avatar-management.services.provider.cloud/avatar/..."
    }
  ]
}

About

Tool for enumerating Atlassian Jira token permissions and instance users

www.digilol.net

Topics

jira osint enum enumeration penetration-testing pentest atlassian password-spraying

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages