JumpServer Login Panel - Detect

What is the "JumpServer Login Panel - Detect?"

The "JumpServer Login Panel - Detect" module is designed to detect the presence of the JumpServer Open Source Bastion Host login panel. JumpServer is an open-source bastion host that provides secure access to remote servers. This module focuses on identifying the login panel of JumpServer, which can help in assessing the security posture of the system.

This module has an informative severity level, indicating that it provides valuable information but does not directly indicate a vulnerability or misconfiguration.

Author: lu4nx

Impact

The detection of the JumpServer login panel does not directly imply any impact or vulnerability. However, it can be an important step in identifying the presence of JumpServer and assessing the overall security of the system.

How does the module work?

The module works by sending an HTTP GET request to the "/core/auth/login/" path of the target system. It then applies two matching conditions to determine if the JumpServer login panel is present:

- The module checks the response body for a regex match with the following patterns: - (?i)<title>(\n.*)JumpServer Open Source Bastion Host(\n.*)</title> - (?i)<title>(\n.*)JumpServer 开源堡垒机(\n.*)</title> If either of these patterns is found, it indicates the presence of the JumpServer login panel. - The module also verifies that the response status code is 200, indicating a successful request.

By combining these matching conditions, the module determines if the JumpServer login panel is detected.

Example HTTP request:

GET /core/auth/login/ HTTP/1.1
Host: [target_host]

Matching conditions:

- Response body must match either of the specified regex patterns - Response status code must be 200

For more information about JumpServer, you can visit their official website: https://www.jumpserver.org/

Metadata:

- max-request: 1 - verified: true - shodan-query: http.title:'Jump'