Home

Awesome

Hacking Jenkins using Shodan API

Requirements:

  1. Works on any platform
  2. PHP
  3. Shodan API Key
  4. PHP Curl

Usage

I have created 2 scripts for hacking jenkins in much easier way.

Hacking jenkins involves 2 steps:

  1. Execute shodan.php to get the list of all vulnerable jenkins URLs and on which user the jenkins is running
  2. To execute shell commands on jenkins server, run jenkins-cli.php. This script will take care of the exploits. Just sit back and do whatever you want on shell

Note : To get the shell, jenkins has to be running on linux server

Screenrecording

asciicast

Screenshots

Script 1

Script 1

Script 2

Script 2