Common Gotchas - carnal0wnage/J-PWN GitHub Wiki

  1. You might be manually testing a /rest/* query in your browser and get a 401

http 401

Just hit the home jira home page so it can set an anonymous cookie and try again

  1. I'm scanning domain.atlassian.net and getting weird results / false positives.

This is primarily a JIRA server scanning tool. (aka not *.atlassian.net hosted jira)

The cloud product as a separate and API /rest/api/3/* and just returns different results vs Server and the html body searches might not matach. I accept diffs :-)