Skip to content

Jupyter

Enumerate and exploit Jupyter Notebook server instances.

Overview

The jupyter module targets Jupyter Notebook servers, covering server metadata, kernel enumeration, notebook listing and reading, guarded code execution via the WebSocket kernel interface, and proof-of-concept actions for reverse shell capability and pip package installation. POST operations automatically acquire and send _xsrf tokens via cookie jar.

Subcommands

Read-Only (no --force-exploit required)

Subcommand Description
enum Server metadata and status
kernels List active kernels
notebooks List notebook files; optional --mine-secrets fetches each notebook and scans cells for credentials
read-notebook Read a notebook file by path

Gated (requires --force-exploit)

Subcommand Description
exec Execute code in a running kernel via WebSocket
start-kernel Start a new kernel on the server
reverse-shell-proof Prove outbound socket capability via a kernel (uses non-routable TEST-NET address)
pip-proof Prove pip install capability via a kernel (dry-run only, nothing installed)

Flags

Flag Required Description
--target Yes Jupyter server URL (e.g., http://127.0.0.1:8888)
--token No Jupyter authentication token
--header No Custom HTTP headers. Repeatable.
--path For read-notebook Notebook file path
--mine-secrets For notebooks Fetch every listed notebook and emit findings for embedded secrets (extra API calls)
--kernel For exec, reverse-shell-proof, pip-proof Kernel ID to execute in
--code For exec Code string to execute

Examples

# Enumerate server
./aipostex jupyter --target http://127.0.0.1:8888 --token demo enum

# List active kernels
./aipostex jupyter --target http://127.0.0.1:8888 --token demo kernels

# List notebooks
./aipostex jupyter --target http://127.0.0.1:8888 --token demo notebooks

# List notebooks and mine cells for API keys / connection strings
./aipostex jupyter --target http://127.0.0.1:8888 --token demo notebooks --mine-secrets

# Read a specific notebook
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
  read-notebook --path notebooks/analysis.ipynb

# Execute code in a kernel (gated)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
  exec --kernel kernel-1 --code "print('hi')" --force-exploit

# Start a new kernel (gated)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
  start-kernel --force-exploit

# Prove reverse shell capability (gated, safe — uses TEST-NET)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
  reverse-shell-proof --kernel kernel-1 --force-exploit

# Prove pip install capability (gated, dry-run only)
./aipostex jupyter --target http://127.0.0.1:8888 --token demo \
  pip-proof --kernel kernel-1 --force-exploit

Execution Details

The exec command connects to the kernel's WebSocket shell channel and sends an execute_request message. This uses the gorilla/websocket library and supports proxy routing via --proxy (including SOCKS5).

Workflow Progression

discover network (discovers Jupyter on :8888)
  → jupyter enum (server metadata)
    → jupyter kernels (list kernels)
    → jupyter notebooks (list notebook files; add --mine-secrets to scan all cells)
      → jupyter read-notebook --path <path> (read content)
        → jupyter start-kernel (create a kernel, gated)
        → jupyter exec --kernel <id> --code <code> (execute, gated)
          → jupyter reverse-shell-proof --kernel <id> (outbound socket proof, gated)
          → jupyter pip-proof --kernel <id> (pip install proof, gated)