A Pentesters Confluence Keyword Scanner
Project description
Conkeyscan
A Pentesters Confluence Keyword Scanner
Using the Confluence API search functionality and CQL queries to search for keywords.
Installation
- Install from PyPI
pip install conkeyscan
- Create a custom dictionary with search terms per line (recommended but optional).
- And then run it
conkeyscan -url 'https://example.atlassian.net' --username 'ex@amp.le' --password 'ATAT...' -p 'socks5://127.0.0.1:1337' -d ./dict.txt
- Ask for further help
conkeyscan -h
Get Up And Running Manually
-
Install dependencies
pip install -r requirements.txt
-
Update the
src/conkeyscan/config/dict.txt
file, containing keywords you want to search for. One per line. -
run it
python3 -m conkeyscan.conkeyscan --url http://192.168.1.2:8090/ --username someUsr --password somePassOrAPIkey
Authentication
It is possible to use a password or an API key.
To create an API key in the cloud go to: https://id.atlassian.com/manage-profile/security/api-tokens.
If testing against OnPrem instance you can create an API key in the user settings.
Dictionary
The default dict.txt
file was taken from from Conf-Thief.
Features
- Search for provided keywords
- Handle rate limiting by itself, as long as the returned status code equals
HTTP 429
, or specify max requests per second in CLI - The user agent is randomized
- Proxying is supported either via HTTP or socks. See cli help for examples
- Custom CQL
- SSL/TLS checks are disabled by default
Alternatives
- https://spark1.us/n0s1 actually great, supports Jira and others as well, has some drawbacks in on-prem engagements e.g disable TLS verification, missing Proxying, rate-limiting adaption?. Scans everything, nice for CI.
- https://github.com/BluBracket/confluence-risk-scanner
- https://github.com/antman1p/Conf-Thief
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for conkeyscan-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bfc2c2b9f5c7a2e38c223977851e037e5093a3421a84430816a1699b57497ba2 |
|
MD5 | e29d7c9ac0188262063556632c73a204 |
|
BLAKE2b-256 | c12aadfaa751dcbb584462ec2f00ed3f401f815e354c5c7e00f6cd90fccf2b3a |