A Pentesters Confluence Keyword Scanner
Using the Confluence API search functionality and CQL queries to search for keywords.
- Install from PyPI
pip install conkeyscan
- Create a custom dictionary with search terms per line (recommended but optional).
- And then run it
conkeyscan -url 'https://example.atlassian.net' --username '[email protected]' --password 'ATAT...' -p 'socks5://127.0.0.1:1337' -d ./dict.txt
- Ask for further help
conkeyscan -h
-
Install dependencies
pip install -r requirements.txt
-
Update the
src/conkeyscan/config/dict.txt
file, containing keywords you want to search for. One per line. -
run it
python3 -m conkeyscan.conkeyscan --url http://192.168.1.2:8090/ --username someUsr --password somePassOrAPIkey
It is possible to use a password or an API key.
To create an API key in the cloud go to: https://id.atlassian.com/manage-profile/security/api-tokens.
If testing against OnPrem instance you can create an API key in the user settings (and use conkeyscan with the parameter -on-prem-pat
or -t
for certain versions).
The default dict.txt
file was taken from from Conf-Thief.
- Search for provided keywords
- Handle rate limiting by itself, as long as the returned status code equals
HTTP 429
, or specify max requests per second in CLI - The user agent is randomized
- Proxying is supported either via HTTP or socks. See cli help for examples
- Custom CQL
- SSL/TLS checks are disabled by default
- Supports cloud- and datacenter/server editions
- https://spark1.us/n0s1 actually great, supports Jira and others as well, has some drawbacks in on-prem engagements e.g disable TLS verification, missing Proxying, rate-limiting adaption?. Scans everything, nice for CI.
- https://github.com/BluBracket/confluence-risk-scanner
- https://github.com/antman1p/Conf-Thief