Jaeles : The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.

Installation

go get -u github.com/jaeles-project/jaeles

USAGE

Modes;
– Scan Mode
– Fuzz Mode

Jaeles – The Swiss Army knife for automated Web Application Testing beta v0.1 by @j3ssiejjj

>>Usage:
jaeles [command]

>> Available Commands:
config Configuration CLI
help Help about any command
scan Do the Scan
server Run server

>> Flags:
-c, –concurrency int concurrency (default 20)
–config string config file (default is $HOME/.jaeles/config.yaml)
–debug Debug
-h, –help help for jaeles
–no-output Do not store raw output
-o, –output string output folder name (default “out”)
–proxy string proxy
–refresh int Refresh (default 10)
–retry int retry (default 3)
–rootDir string root Project (default “~/.jaeles/”)
–save-raw save raw request
–scanID string Scan ID
–signDir string signFolder (default “~/.jaeles/signatures-base/”)
–timeout int timeout (default 20)
-v, –verbose Verbose

>> Use “jaeles [command] –help” for more information about a command.

Also Read – NetAss2 : Network Assessment Assistance Framework (PenTest Toolkit)

Scan

Scan list of URLs based on signatures

Usage:
jaeles scan [flags]

Flags:
-h, –help help for scan
-s, –sign string Provide custom header seperate by ‘;’
–ssrf string Fill your BurpCollab
-u, –url string URL of target
-U, –urls string URLs file of target

Examples Command

#scan all signature for single url
jaeles scan -u http://example.com

#scan phpdebug.yaml signature for list of urls
jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt

#scan all signatures with “aem” prefix for list of urls
jaeles scan –retry 3 –verbose -s “signatures/cves/aem-*” -U /tmp/list_of_urls.txt

Fuzz

Start API Server

Usage:
jaeles server [flags]

Flags:
-h, –help help for server
–host string IP address to bind the server (default “127.0.0.1”)
-l, –level int16 Provide custom header seperate by ‘;’ (default 1)
–port string Port (default “5000”)
-s, –sign string Provide custom header seperate by ‘;’

Examples Command

#Scan API server on http://127.0.0.1:5000
jaeles server

#Scan API server on http://127.0.0.1:5000 with default signature sqli
jaeles –verbose server -s sqli

Showcases

List Signature with list of Urls

Single Signature with list of Urls

Fuzzing mode with Burp

R K

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

2 weeks ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

2 weeks ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

2 weeks ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

2 weeks ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

2 weeks ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago