Jaeles : The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.

Installation

Download precompiled version here.

If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command.

GO111MODULE=on go get github.com/jaeles-project/jaeles

Please visit the Official Documention for more details.

Note: Checkout Signatures Repo for install signature.

Usage

#Scan Usage example:
jaeles scan -s -u
jaeles scan -c 50 -s -U -L
jaeles scan -c 50 -s -U
jaeles scan -c 50 -s -U -p ‘dest=xxx.burpcollaborator.net’
jaeles scan -c 50 -s -U -f ‘noti_slack “{{.vulnInfo}}”‘
jaeles scan -v -c 50 -s -U list_target.txt -o /tmp/output
jaeles scan -s -s -u http://example.com
jaeles scan -G -s -s -x -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s

#Examples:
jaeles scan -s ‘jira’ -s ‘ruby’ -u target.com
jaeles scan -c 50 -s ‘java’ -x ‘tomcat’ -U list_of_urls.txt
jaeles scan -G -c 50 -s ‘/tmp/custom-signature/.‘ -U list_of_urls.txt jaeles scan -v -s ‘~/my-signatures/products/wordpress/.‘ -u ‘https://wp.example.com’ -p ‘root=[[.URL]]’
cat urls.txt | grep ‘interesting’ | jaeles scan -L 5 -c 50 -s ‘fuzz/.*’ -U list_of_urls.txt –proxy http://127.0.0.1:8080

Also Read – Evilreg : Reverse Shell Using Windows Registry Files (.reg)

Showcases

Apache Server Status
Tableau DOM XSS CVE-2019-19719
RabbitMQ Default Credentials
Jenkins XSS CVE-2020-2096

HTML Report Summary

Burp Integration

Planned Features

  • Adding more signatures.
  • Adding more input sources.
  • Adding more APIs to get access to more properties of the request.
  • Adding proxy plugins to directly receive input from browser of http client.
  • Adding passive signature for passive checking each request.
  • Adding more action on Web UI.
  • Integrate with many other tools.
R K

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

1 day ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

1 day ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

1 day ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

1 day ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

1 day ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago