Jenkins API Panel - Detect

What is the "Jenkins API Panel - Detect" module?

The "Jenkins API Panel - Detect" module is designed to detect the presence of the Jenkins API panel. Jenkins is an open-source automation server that is widely used for continuous integration and delivery. This module focuses on identifying the API panel, which provides programmatic access to Jenkins functionality.

This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: righettod

Impact

The detection of the Jenkins API panel does not directly imply any impact. However, it can be an important piece of information for security professionals and administrators, as it reveals the presence of a powerful tool that can be leveraged for automation and integration purposes.

How does the module work?

The "Jenkins API Panel - Detect" module operates by sending an HTTP GET request to the "/api/xml" endpoint of the target Jenkins instance. It then applies two matching conditions to determine if the API panel is present:

- The first condition checks if the response contains the string "hudson.model.Hudson". - The second condition verifies that the response status code is 200.

If both conditions are met, the module reports the detection of the Jenkins API panel.

Example HTTP request:

GET /api/xml

Matching conditions:

- Condition 1: The response must contain the string "hudson.model.Hudson". - Condition 2: The response status code must be 200.

Note: The module has a maximum request limit of 1.