jaeles
โ View on GitHubAI Summary: Jaeles is a robust and extensible web application scanning framework developed in Go, designed to facilitate the creation of customized scanners for identifying vulnerabilities. Its primary use case is in the security assessment of web applications, featuring capabilities such as signature-based scanning, integration with Burp Suite, and extensive reporting options. Notable features include the ability to scan multiple URLs concurrently, customizable signature definitions, and Docker support for streamlined deployment.
README
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Installation
Download precompiled version here.
If you have a Go environment, make sure you have Go >= 1.17 with Go Modules enable and run the following command.
go install github.com/jaeles-project/jaeles@latest
Please visit the Official Documention for more details.
Note: Checkout Signatures Repo for install signature.
Usage
# Scan Usage example:
jaeles scan -s <signature> -u <url>
jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
jaeles scan -c 50 -s <signature> -U <list_urls>
jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
jaeles scan -s <signature> -s <another-selector> -u http://example.com
jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s <signature>
# Examples:
jaeles scan -s 'jira' -s 'ruby' -u target.com
jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com' -p 'root=[[.URL]]'
cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz/.*' -U list_of_urls.txt --proxy http://127.0.0.1:8080
jaeles server -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi
More usage can be found here
Run with Docker
docker pull j3ssie/jaeles
docker run j3ssie/jaeles scan -s '<selector>' -u http://example.com
Showcases
 Jenkins Gitlab XSS CVE-2020-2096 |  Grafana DoS Probing CVE-2020-13379 |
|---|---|
 SolarWindsOrion LFI CVE-2020-10148 |  Nginx Vhost XSS |
More showcase can be found here
HTML Report summary
Burp Integration
Plugin can be found here and Video Guide here
Mentions
My introduction slide about Jaeles
Planned Features
- Adding more signatures.
- Adding more input sources.
- Adding more APIs to get access to more properties of the request.
- Adding proxy plugins to directly receive input from browser of http client.
- Adding more action on Web UI.
- Integrate with many other tools.
Painless integrate Jaeles into your recon workflow?
This project was part of Osmedeus Engine. Check out how it was integrated at @OsmedeusEngine
Contribute
If you have some new idea about this project, issue, feedback or found some valuable tool feel free to open an issue for just DM me via @j3ssiejjj. Feel free to submit new signature to this repo.
Credits
Special thanks to chaitin team for sharing ideas to me for build the architecture.
React components is powered by Carbon and carbon-tutorial.
Awesomes artworks are powered by Freepik at flaticon.com.
In distributions
Contributors
Code Contributors
This project exists thanks to all the people who contribute. [Contribute].
Financial Contributors
Become a financial contributor and help us sustain our community. [Contribute]
Individuals
Organizations
Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]
License
Jaeles is made with โฅ by @j3ssiejjj and it is released under the MIT license.
Donation
