Jupyter¶
Enumerate and exploit Jupyter Notebook server instances.
Overview¶
The jupyter module targets Jupyter Notebook servers, covering server metadata, kernel enumeration, notebook listing and reading, guarded code execution via the WebSocket kernel interface, and proof-of-concept actions for reverse shell capability and pip package installation. POST operations automatically acquire and send _xsrf tokens via cookie jar.
Subcommands¶
Read-Only (no --force-exploit required)¶
| Subcommand | Description |
|---|---|
enum |
Server metadata and status |
kernels |
List active kernels |
notebooks |
List notebook files; optional --mine-secrets fetches each notebook and scans cells for credentials |
read-notebook |
Read a notebook file by path |
Gated (requires --force-exploit)¶
| Subcommand | Description |
|---|---|
exec |
Execute code in a running kernel via WebSocket |
start-kernel |
Start a new kernel on the server |
reverse-shell-proof |
Prove outbound socket capability via a kernel (uses non-routable TEST-NET address) |
pip-proof |
Prove pip install capability via a kernel (dry-run only, nothing installed) |
Flags¶
| Flag | Required | Description |
|---|---|---|
--target |
Yes | Jupyter server URL (e.g., http://127.0.0.1:8888) |
--token |
No | Jupyter authentication token |
--header |
No | Custom HTTP headers. Repeatable. |
--path |
For read-notebook |
Notebook file path |
--mine-secrets |
For notebooks |
Fetch every listed notebook and emit findings for embedded secrets (extra API calls) |
--kernel |
For exec, reverse-shell-proof, pip-proof |
Kernel ID to execute in |
--code |
For exec |
Code string to execute |
Examples¶
# Enumerate server
./aipostex jupyter --target http://127.0.0.1:8888 --token demo enum
# List active kernels
./aipostex jupyter --target http://127.0.0.1:8888 --token demo kernels
# List notebooks
./aipostex jupyter --target http://127.0.0.1:8888 --token demo notebooks
# List notebooks and mine cells for API keys / connection strings
./aipostex jupyter --target http://127.0.0.1:8888 --token demo notebooks --mine-secrets
# Read a specific notebook
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
read-notebook --path notebooks/analysis.ipynb
# Execute code in a kernel (gated)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
exec --kernel kernel-1 --code "print('hi')" --force-exploit
# Start a new kernel (gated)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
start-kernel --force-exploit
# Prove reverse shell capability (gated, safe — uses TEST-NET)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
reverse-shell-proof --kernel kernel-1 --force-exploit
# Prove pip install capability (gated, dry-run only)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
pip-proof --kernel kernel-1 --force-exploit
Execution Details¶
The exec command connects to the kernel's WebSocket shell channel and sends an execute_request message. This uses the gorilla/websocket library and supports proxy routing via --proxy (including SOCKS5).
Workflow Progression¶
discover network (discovers Jupyter on :8888)
→ jupyter enum (server metadata)
→ jupyter kernels (list kernels)
→ jupyter notebooks (list notebook files; add --mine-secrets to scan all cells)
→ jupyter read-notebook --path <path> (read content)
→ jupyter start-kernel (create a kernel, gated)
→ jupyter exec --kernel <id> --code <code> (execute, gated)
→ jupyter reverse-shell-proof --kernel <id> (outbound socket proof, gated)
→ jupyter pip-proof --kernel <id> (pip install proof, gated)