J-PWN is an unauthenticated Jira vulnerability scanner that identifies security issues and misconfigurations across Jira instances.
Jira Vulnerability Scanner
Security professionals and penetration testers use J-PWN to scan Jira servers for known vulnerabilities, misconfigurations, and unauthenticated access points without requiring credentials. It helps organizations identify and remediate security risks in their Jira deployments efficiently.
This tool performs unauthenticated scans and may produce false positives if HTTP 200 responses do not contain expected vulnerable content. Users should verify findings manually, especially for unauthenticated access issues. It supports scanning Jira instances hosted under non-root paths and handles SSL errors to maximize scan coverage.
python3 -m venv j-pwn
source j-pwn/bin/activate
pip3 install -r requirementspython3 j-pwn.py --single http://5.6.7.8:8080
Scan a single Jira host with all vulnerability checks.
python3 j-pwn.py --single https://1.2.3.4 -p /jira/
Scan a single Jira host with a custom Jira path using all checks.
python3 j-pwn.py --list ../jira-hosts.txt
Scan a list of Jira hosts with all vulnerability checks.
python3 j-pwn.py --single http://1.2.3.4:8080 --module check_open_jira_signup
Run a specific module (check_open_jira_signup) against a single Jira host.
python3 j-pwn.py --list ../jira_hosts.txt --module check_open_jira_signup
Run a specific module (check_open_jira_signup) against a list of Jira hosts.