Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

JumpServer Login Panel - Detect

By kannthu

Vidoc logoVidoc Module

What is the "JumpServer Login Panel - Detect?"

The "JumpServer Login Panel - Detect" module is designed to detect the presence of the JumpServer Open Source Bastion Host login panel. JumpServer is an open-source bastion host that provides secure access to remote servers. This module focuses on identifying the login panel of JumpServer, which can help in assessing the security posture of the system.

This module has an informative severity level, indicating that it provides valuable information but does not directly indicate a vulnerability or misconfiguration.

Author: lu4nx


The detection of the JumpServer login panel does not directly imply any impact or vulnerability. However, it can be an important step in identifying the presence of JumpServer and assessing the overall security of the system.

How does the module work?

The module works by sending an HTTP GET request to the "/core/auth/login/" path of the target system. It then applies two matching conditions to determine if the JumpServer login panel is present:

    - The module checks the response body for a regex match with the following patterns: - (?i)<title>(\n.*)JumpServer Open Source Bastion Host(\n.*)</title> - (?i)<title>(\n.*)JumpServer 开源堡垒机(\n.*)</title> If either of these patterns is found, it indicates the presence of the JumpServer login panel. - The module also verifies that the response status code is 200, indicating a successful request.

By combining these matching conditions, the module determines if the JumpServer login panel is detected.

Example HTTP request:

GET /core/auth/login/ HTTP/1.1
Host: [target_host]

Matching conditions:

- Response body must match either of the specified regex patterns - Response status code must be 200

For more information about JumpServer, you can visit their official website:


- max-request: 1 - verified: true - shodan-query: http.title:'Jump'

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: (?i)<title>( .*)JumpServer Open Source B...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability