Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Installation
go get -u github.com/jaeles-project/jaeles
USAGE
Modes;
– Scan Mode
– Fuzz Mode
Jaeles – The Swiss Army knife for automated Web Application Testing beta v0.1 by @j3ssiejjj
>>Usage:
jaeles [command]
>> Available Commands:
config Configuration CLI
help Help about any command
scan Do the Scan
server Run server
>> Flags:
-c, –concurrency int concurrency (default 20)
–config string config file (default is $HOME/.jaeles/config.yaml)
–debug Debug
-h, –help help for jaeles
–no-output Do not store raw output
-o, –output string output folder name (default “out”)
–proxy string proxy
–refresh int Refresh (default 10)
–retry int retry (default 3)
–rootDir string root Project (default “~/.jaeles/”)
–save-raw save raw request
–scanID string Scan ID
–signDir string signFolder (default “~/.jaeles/signatures-base/”)
–timeout int timeout (default 20)
-v, –verbose Verbose
>> Use “jaeles [command] –help” for more information about a command.
Also Read – NetAss2 : Network Assessment Assistance Framework (PenTest Toolkit)
Scan
Scan list of URLs based on signatures
Usage:
jaeles scan [flags]
Flags:
-h, –help help for scan
-s, –sign string Provide custom header seperate by ‘;’
–ssrf string Fill your BurpCollab
-u, –url string URL of target
-U, –urls string URLs file of target
Examples Command
#scan all signature for single url
jaeles scan -u http://example.com
#scan phpdebug.yaml signature for list of urls
jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt
#scan all signatures with “aem” prefix for list of urls
jaeles scan –retry 3 –verbose -s “signatures/cves/aem-*” -U /tmp/list_of_urls.txt
Fuzz
Start API Server
Usage:
jaeles server [flags]
Flags:
-h, –help help for server
–host string IP address to bind the server (default “127.0.0.1”)
-l, –level int16 Provide custom header seperate by ‘;’ (default 1)
–port string Port (default “5000”)
-s, –sign string Provide custom header seperate by ‘;’
Examples Command
#Scan API server on http://127.0.0.1:5000
jaeles server
#Scan API server on http://127.0.0.1:5000 with default signature sqli
jaeles –verbose server -s sqli
List Signature with list of Urls
Single Signature with list of Urls
Fuzzing mode with Burp
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…