jenkins-exploit

This code fragment is high-confidence malicious exploit PoC tooling for Jenkins: it weaponizes Jenkins CLI remoting to read arbitrary server files and exfiltrates the contents to stdout, and it includes additional mechanisms for blind Groovy code execution and authenticated-session CLI control via WebSocket Origin bypass. It is not suitable for inclusion as a dependency and should be treated as a security-critical threat artifact.

该技能是明确的AI代理攻击/渗透利用技能，聚焦Jenkins高危漏洞、凭据读取和RCE，具备直接入侵真实系统的能力。不存在明显第三方安装链问题，但其能力范围与数据目标高度敏感，应判定为高风险且可疑；更接近攻击工具而非正常开发技能。

This code fragment is highly indicative of malicious/offensive intent targeting Jenkins. It provides ready-to-use Script Console/Groovy RCE payloads (including command execution, reverse shell, sensitive file reads, SSH key persistence, and Jenkins credential enumeration) and includes a Python tool that actively probes for weak/unauthorized access and CVE applicability. In a software supply-chain review, this should be treated as an attack/exploit payload toolkit and not as safe dependency code.