Jaeles : The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.

Installation

go get -u github.com/jaeles-project/jaeles

USAGE

Modes;
– Scan Mode
– Fuzz Mode

Jaeles – The Swiss Army knife for automated Web Application Testing beta v0.1 by @j3ssiejjj

>>Usage:
jaeles [command]

>> Available Commands:
config Configuration CLI
help Help about any command
scan Do the Scan
server Run server

>> Flags:
-c, –concurrency int concurrency (default 20)
–config string config file (default is $HOME/.jaeles/config.yaml)
–debug Debug
-h, –help help for jaeles
–no-output Do not store raw output
-o, –output string output folder name (default “out”)
–proxy string proxy
–refresh int Refresh (default 10)
–retry int retry (default 3)
–rootDir string root Project (default “~/.jaeles/”)
–save-raw save raw request
–scanID string Scan ID
–signDir string signFolder (default “~/.jaeles/signatures-base/”)
–timeout int timeout (default 20)
-v, –verbose Verbose

>> Use “jaeles [command] –help” for more information about a command.

Also Read – NetAss2 : Network Assessment Assistance Framework (PenTest Toolkit)

Scan

Scan list of URLs based on signatures

Usage:
jaeles scan [flags]

Flags:
-h, –help help for scan
-s, –sign string Provide custom header seperate by ‘;’
–ssrf string Fill your BurpCollab
-u, –url string URL of target
-U, –urls string URLs file of target

Examples Command

#scan all signature for single url
jaeles scan -u http://example.com

#scan phpdebug.yaml signature for list of urls
jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt

#scan all signatures with “aem” prefix for list of urls
jaeles scan –retry 3 –verbose -s “signatures/cves/aem-*” -U /tmp/list_of_urls.txt

Fuzz

Start API Server

Usage:
jaeles server [flags]

Flags:
-h, –help help for server
–host string IP address to bind the server (default “127.0.0.1”)
-l, –level int16 Provide custom header seperate by ‘;’ (default 1)
–port string Port (default “5000”)
-s, –sign string Provide custom header seperate by ‘;’

Examples Command

#Scan API server on http://127.0.0.1:5000
jaeles server

#Scan API server on http://127.0.0.1:5000 with default signature sqli
jaeles –verbose server -s sqli

Showcases

List Signature with list of Urls

Single Signature with list of Urls

Fuzzing mode with Burp

R K

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

2 hours ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

11 hours ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

11 hours ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

11 hours ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

11 hours ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

12 hours ago