v2.1.9

What’s new

This release delivers a substantial expansion of Jiraffe’s exploit coverage, adding multiple high‑impact and low‑noise Jira vulnerabilities across disclosure, XSS, SSRF, and brute‑force classes. It also includes UX refinements and presentation improvements ahead of the upcoming LTS.

Exploit modules

Added a broad set of new Jira exploit checks spanning multiple severity levels:

• CVE-2017-9506: OAuth IconUriServlet SSRF leading to internal resource access
• CVE-2018-5230: Reflected XSS via Velocity templates
• CVE-2018-20824: Wallboard dashboard XSS
• CVE-2019-3396: Tinymce macro template path traversal (read‑only check)
• CVE-2019-3402: Labels gadget XSS
• CVE-2019-3403: Unauthenticated REST user picker enumeration
• CVE-2019-8442: Jira Maven pom.xml disclosure
• CVE-2019-8443: Alternate‑path Jira Maven pom.xml disclosure
• CVE-2019-8451: Pre‑authenticated SSRF via gadgets makeRequest
• CVE-2019-11581: Velocity template injection leading to RCE
• CVE-2020-14178: Unauthenticated project existence disclosure
• CVE-2020-14179: Unauthenticated QueryComponent metadata disclosure
• CVE-2020-14181: Unauthenticated user hover information disclosure
• CVE-2020-36287: Configurable gadget preferences brute‑force module
• CVE-2020-36289: QueryComponentRendererValue information disclosure

These modules emphasize safe detection, clear severity signaling, and recon‑first workflows, while introducing controlled intrusive behavior only where explicitly required.

CLI & UX

• Improved banner color stacking for clearer inline highlights
• Added optional no-reset flag to styling helpers for finer ANSI color control
• Refined inline output consistency across exploit modules

Documentation

• Updated README with the new demo
• Retired legacy branding assets
• Refined CVE exploit summaries for accuracy and consistency

Stability notes

• This release is intended as a stable baseline ahead of the upcoming LTS
• No breaking changes to existing recon or exploit interfaces
• All new exploit modules follow non‑destructive defaults unless explicitly noted

Changelog: v2.1.8...v2.1.9

v2.1.8

What’s new

This release significantly expands Jiraffe's recon-first surface area with new unauthenticated enumeration and misconfiguration checks, further improving early-stage visibility into exposed Jira instances.

Recon modules

Wrote multiple unauthenticated recon modules targeting common Jira information disclosure and misconfiguration patterns:

• Unauthenticated access to Project Categories API
• Unauthenticated access to Popular Filters endpoint
• Unauthenticated access to GroupUserPicker API
• Unauthenticated enumeration of Dashboard listings
• Unauthenticated access to Gadget configuration directories
• Unauthenticated Admin menu presence detection
• Service Desk signup misconfiguration check
• Unauthenticated JQL component field disclosure detection

These modules prioritize low-noise, high-signal discovery to support safe, scalable recon workflows.

Documentation & policy

• Wrote a Responsible Disclosure Policy
• Linked and enriched Wiki documentation for improved discoverability and contributor onboarding

Changelog: v2.1.7...v2.1.8

v2.1.7

This release focuses on correctness, testability, and CI maturity, strengthening Jiraffe’s foundation as it continues to scale recon-first capabilities.

CI & Coverage

• Introduced GitHub Actions workflow for automated testing and coverage reporting
• Optimized CI pipeline with dependency caching and stricter execution flow
• Integrated Codecov with branch and unit-test coverage
• Excluded exploits, recon modules, and CLI entrypoints from coverage to reflect realistic test scope

Testing

• Added comprehensive unit tests for shared helpers in common.py
• Tightened recon utility assertions for more reliable detection logic
• Fixed Jira instance detection test to use stable, representative endpoints
• Excluded interactive SSRF helpers from automated test paths

Fixes

• Fixed Jira detection edge cases uncovered during CI
• Resolved Python escape sequence warnings in banner rendering
• Improved test reliability across local and CI environments
• Minor CI and test refactors for long-term maintainability

Changelog: v2.1.6...v2.1.7

v2.1.6

What’s new

Features new recon-first modules, noise-reduction assessment tools and refined CLI usability.

Recon modules

• Unauthenticated User Registration
• Unauthenticated User Picker
• Unauthenticated Screens API
• Unauthenticated Resolutions API
• Unauthenticated Projects API

CLI feedback

• More visual banner rendering
• Severity-aware coloring for recon & exploits
• Cleaner module listing and interactive menu

Fixes & safety

• Fixed implicit CVE chaining in exploit checks
• Validated HTTP response status for exploits

Housekeeping

• Updated dependencies
• Internal refactors and documentation improvements

Changelog: v2.1.5...v2.1.6

v2.1.5

Scalable exploit framework & recon-first orchestration

This release introduces a first-class reconnaissance framework, improved target awareness, and safer execution defaults continuing Jiraffe’s evolution into a low-noise Jira security assessment framework.

Highlights

• Reconnaissance is now a first-class citizen (2dde94c)
• Scalable exploit framework with dynamic module discovery (bb4be33)
• Cleaner CLI orchestration and UX improvements
• Safer defaults and hardened input handling

Reconnaissance framework

• Introduced a dedicated recon module system with dynamic discovery (same as exploits)

• Recon modules are loaded and executed independently from exploits

• Supports:

  • Unauthenticated access checks
  • Information disclosure
  • Misconfiguration detection

• Preserves strict separation between reconnaissance and exploitation

• Contributors can add new recon checks without touching core logic

CLI orchestration & UX

• Unified orchestration of RECON and EXPLOIT modules

• Interactive module selection with:

  • Module type (RECON / EXPLOIT)
  • Severity-aware color output

• Auto mode executes recon and exploits sequentially without interaction

• Cleaner, more readable output with consistent severity formatting

Pre-execution target analysis

• Added pre-execution hooks for:

  • Jira deployment type detection (Cloud / Server / Data Center)
  • IP resolution and reverse DNS lookup

• Improves signal quality and reduces wasted requests in the longer run

Hosting & environment detection

• Hardened AWS detection heuristics:

  • Transport-aware checks
  • ALB/ELB header detection
  • Improved typing and fallback handling

• Consolidated host and recon helpers into a shared common module

Safety & correctness

• Hardened command validation against unsafe characters
• Improved REST handling correctness
• Severity handling normalized across recon and exploit modules
• Added explicit INFO severity support
• Introduced 256-color orange for exploit output with safe terminal fallback

Internal refactors

• Dynamic exploit discovery via runtime reflection

  • No registries
  • No decorators
  • No central lists

• Contributors can add new CVEs by dropping a file into jiraffe/exploits/

• Hardened Jira detection using multi-signal heuristics

New recon modules

• Jira development mode misconfiguration check

Notes

This release continues Jiraffe’s shift toward:

• Recon-first, exploit-second workflows
• Low-noise, high-signal assessments
• Deployment-aware correctness, especially for Jira Cloud

As always, only assess systems you own or are authorized to test.

Changelog: v2.1.0...v2.1.5

v2.1.0

Major CLI & Architecture Upgrade

This release is a significant modernization of Jiraffe, focusing on clean architecture, power-user features, and long-term maintainability, while preserving legacy exploit behavior.

Highlights

• Fully overhauled CLI with advanced filtering, automation support, and safer execution modes
• Modular exploit architecture replacing the legacy monolithic design
• Improved reconnaissance accuracy and HTTP handling
• Cleaner internals with no behavioral regressions
• Packaging and distribution improvements for PyPI

CLI

• Configurable User-Agent header for advanced users
• Dry-run / check-only mode for safe reconnaissance
• Severity-based filtering and exploit listing
• JSON output for automation and pipelines
• Improved interrupt handling and validation
• Retained interactive exploit selection workflow

Core

• Shared utilities, enums, and constants
• Introduced severity classification for exploits
• Jira version compatibility helpers
• Centralized terminal styling and constants

Exploit System Refactor

• Replaced monolithic exploits.py with modular CVE classes

• Introduced a common Exploit base class

• Clear separation of:

  • vulnerability detection
  • exploitation logic

• Added exploit metadata and severity classification

• Legacy exploit behavior preserved

Recon & HTTP Client

• Rewritten Jira version detection with semantic normalization
• Improved Jira instance detection heuristics
• Replaced brittle AWS detection with best-effort logic
• Introduced an HttpClient abstraction
• Removed legacy request/uparse helpers
• Improved resilience to DNS and network errors

Cleanup

• Removed dead and unreachable code paths
• Simplified exploit dispatch and execution flow
• Unified styling and removed platform-specific ANSI hacks
• Centralized exploit registry and execution order
• Improved readability and safety without changing behavior
• Modernized unit tests for recon helpers

Packaging & Distribution

• Improved PyPI packaging metadata
• Added MANIFEST.in and setup.cfg
• Cleaned up distribution artifacts
• Ensured Python 3.6+ compatibility

Notes

• No breaking changes intended
• Existing workflows and exploit semantics remain intact
• Users are encouraged to try the new CLI flags and JSON output

2.0.6

• Generated code coverage metrics
• Added and excluded local build-scripts via .gitignore
• Formatted recon info/error messages
• Improved the target URL parser
• Refined isaws() function

2.0.5

• Fixed uparse() inadequate url-parsing
• Fine-tuned isjira() for greater precision
• Documentation and Wiki
• Wrote tests using unittest
• Deployed Jiraffe with a new logo

2.0.4

• listed the dependencies using install_requires