Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Installation
go get -u github.com/jaeles-project/jaeles
USAGE
Modes;
– Scan Mode
– Fuzz Mode
Jaeles – The Swiss Army knife for automated Web Application Testing beta v0.1 by @j3ssiejjj
>>Usage:
jaeles [command]
>> Available Commands:
config Configuration CLI
help Help about any command
scan Do the Scan
server Run server
>> Flags:
-c, –concurrency int concurrency (default 20)
–config string config file (default is $HOME/.jaeles/config.yaml)
–debug Debug
-h, –help help for jaeles
–no-output Do not store raw output
-o, –output string output folder name (default “out”)
–proxy string proxy
–refresh int Refresh (default 10)
–retry int retry (default 3)
–rootDir string root Project (default “~/.jaeles/”)
–save-raw save raw request
–scanID string Scan ID
–signDir string signFolder (default “~/.jaeles/signatures-base/”)
–timeout int timeout (default 20)
-v, –verbose Verbose
>> Use “jaeles [command] –help” for more information about a command.
Also Read – NetAss2 : Network Assessment Assistance Framework (PenTest Toolkit)
Scan
Scan list of URLs based on signatures
Usage:
jaeles scan [flags]
Flags:
-h, –help help for scan
-s, –sign string Provide custom header seperate by ‘;’
–ssrf string Fill your BurpCollab
-u, –url string URL of target
-U, –urls string URLs file of target
Examples Command
#scan all signature for single url
jaeles scan -u http://example.com
#scan phpdebug.yaml signature for list of urls
jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt
#scan all signatures with “aem” prefix for list of urls
jaeles scan –retry 3 –verbose -s “signatures/cves/aem-*” -U /tmp/list_of_urls.txt
Fuzz
Start API Server
Usage:
jaeles server [flags]
Flags:
-h, –help help for server
–host string IP address to bind the server (default “127.0.0.1”)
-l, –level int16 Provide custom header seperate by ‘;’ (default 1)
–port string Port (default “5000”)
-s, –sign string Provide custom header seperate by ‘;’
Examples Command
#Scan API server on http://127.0.0.1:5000
jaeles server
#Scan API server on http://127.0.0.1:5000 with default signature sqli
jaeles –verbose server -s sqli
List Signature with list of Urls
Single Signature with list of Urls
Fuzzing mode with Burp