CVE-2024-23897.py

from enum import verify
import requests
import argparse
import urllib3
import re
from shodan import Shodan
urllib3.disable_warnings()

api = Shodan('API-KEY') # Here foes your Shodan API Key

parser = argparse.ArgumentParser()
parser.add_argument("-c", "--country", required=True,help="Country to scan with Shodan")
args = parser.parse_args()

query = "http.favicon.hash:81586312 country:"+args.country # Jenkins Server Murmurhash 3

def check_jenkins_version(protocol, url):
    try:
        jenkins_vulnerable_versions = [r'^2\.(\d{1,2}|[1-3]\d{2}|42[0-9]|440|441(?:\.0*)?)$']
        response = requests.get(protocol+url, verify=False, timeout=10)
        version = response.headers["X-Jenkins"] # DETECTION METHOD
        matches = [pattern for pattern in jenkins_vulnerable_versions if re.match(pattern, version) or version != "2.426.3"]
        if matches:
            print("[+]", url, "Vulnerable version: ", version)
        else:
            print("[-]", url, "Not vulnerable!", version)
    except:
        print("[!]", url, "Connection error")

def search_exposed_servers(query):
    results = api.search(query)
    total = results['total']
    print("Jenkins servers found:", total)
    print("==================================================")
    for ip in results['matches']:
        ip_san=str(ip['ip_str']).replace("\n", "")
        port=str(ip['port'])
        url=ip_san+":"+port
        if port == "443":
                check_jenkins_version("https://", url)
        else:
                check_jenkins_version("http://", url)

search_exposed_servers(query)