I have issues with find all Jenkins instances in environment: I've tride to use nmap with http-title script to find all that answer with Dashboard[Jenkins] but some of them had more redirections than 4, eyewitness is not effective (65k hosts will take around 72h and so much space). I'm also thinking about filtering all nginx servers and then use eyewitness for more specific search. Did anyone had same/similar problem?
Asked
Active
Viewed 1,002 times
2 Answers
0
This is not necessarily possible. What if you have a machine hosting several virtual sites based on request domain?
Assuming all Jenkins instances are hosted on dedicated IPs and using sane port numbers then you could first of all port scan with NMAP to filter down to just machines listening on those ports.
You could then try the http-title script to filter these down only to Jenkins instances.
You mention repeated redirects. How do these end up resolving? If they point to other internal IPs you can ignore them seeing as you are already scanning those IPs separately.
Hector
- 101
- 2
-
Ok, so that was my first thing that i've tried - http-title for dedicated port oj dedicated machine but sometimes in http-title i got: * Dashboard [Jenkins] * 400 The plain HTTP request was sent to HTTPS port * Site doesn't have a title (text/html;charset=UTF-8). – Dec 14 '17 at 09:28
-
OK - so if the site supports HTTP then mark it as a definite. If you get the HTTPS response then mark it as a maybe. Then with all of the maybes run a check which performs the HTTPS request and checks the title. – Dec 14 '17 at 11:48
0
Ok, i've used some custom nmap script which search in response.rawheader for some informations that was characteristic for jenkins and then eyewitness for check. Also i've discovered that reverse proxy was nginx for all jenkins insteances so I've used http-server-header to filter all nginx and then use eyewitness to double check.