No project description provided
Project description
Conkeyscan
Scan Confluence Wikis for keywords.
The approach is using the search functionality and CQL queries to search for keywords in Confluence.
PyPI
Soon
Run It
-
Download the latest release here.
-
Create a dictionary with search terms per line or copy the default
dict.txt
from this repository. -
and then run it
./conkeyscan -url 'https://example.atlassian.net' --username 'ex@amp.le' --password 'ATAT...' -p 'socks5://127.0.0.1:1337' -d ./dict.txt
Get Up And Running Manually
-
Install dependencies
pip install -r requirements.txt
-
Update the
dict.txt
file, containing keywords you want to search for. One per line. -
run it
python3 conkeyscan.py --url http://192.168.1.2:8090/ --username someUsr --password somePassOrAPIkey
-
Profit 🍾 check the generated logfile or stdout
-
Further Help
python3 conkeyscan.py -h
Authentication
It is possible to use a password or an API key.
To create an API key in the cloud go to: https://id.atlassian.com/manage-profile/security/api-tokens If testing against OnPrem instance you can create an API key in the user settings.
Dictionary
The default dict.txt
file was taken from from Conf-Thief
Features
- Search for provided keywords
- Handle rate limiting by itself, as long as the returned status code equals
HTTP 429
, or specify max requests per second in CLI - The user agent is randomized
- Proxying is supported either via HTTP or socks. See cli help for examples
- Custom CQL
- SSL/TLS checks are disabled by default
Alternatives
- https://spark1.us/n0s1 actually great, supports Jira and others as well, has some drawbacks in on-prem engagements e.g disable TLS verification, missing Proxying, rate-limiting adaption?. Scans everything, nice for CI.
- https://github.com/BluBracket/confluence-risk-scanner
- https://github.com/antman1p/Conf-Thief
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for conkeyscan-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f3b15d5f4f9811f01de5eb168ecd09c0f19d218dd54af20734e9be10928d8b08 |
|
MD5 | 4618ccfe201c141478a3b3f2efad427e |
|
BLAKE2b-256 | 2c3f8c9a16739e371b57f62a543bcf3b1c91e4d010a3d9fec8806efaa034b042 |