jaeles

command module

v1.0.1 Latest Latest Go to latest Published: Oct 30, 2022 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hktalent/jaeles

Links

Open Source Insights

README ¶

Jaeles

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.

Architecture

Painless integrate Jaeles into your recon workflow?

This project was part of Osmedeus Engine. Check out how it was integrated at @OsmedeusEngine

Installation

Download precompiled version here.

If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command.

GO111MODULE=on go get github.com/hktalent/jaeles

In case of "go get" failure, try the below method.

GO111MODULE=on go install github.com/hktalent/jaeles@latest

Please visit the Official Documention for more details.

Note: Checkout Signatures Repo for install signature.

Usage

# Scan Usage example:
  jaeles scan -s <signature> -u <url>
  jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
  jaeles scan -c 50 -s <signature> -U <list_urls>
  jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
  jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
  jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
  jaeles scan -s <signature> -s <another-selector> -u http://example.com
  jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
  cat list_target.txt | jaeles scan -c 100 -s <signature>


# Examples:
  jaeles scan -s 'jira' -s 'ruby' -u target.com
  jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
  jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
  jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com' -p 'root=[[.URL]]'
  cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz/.*' -U list_of_urls.txt --proxy http://127.0.0.1:8080
  jaeles server -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi

More usage can be found here

Run with Docker

docker pull j3ssie/jaeles
docker run j3ssie/jaeles scan -s '<selector>' -u http://example.com

Showcases

Jenkins Gitlab XSS CVE-2020-2096	Grafana DoS Probing CVE-2020-13379
SolarWindsOrion LFI CVE-2020-10148	Nginx Vhost XSS

More showcase can be found here

HTML Report summary

HTML Report

Burp Integration

Plugin can be found here and Video Guide here

Mentions

My introduction slide about Jaeles

Planned Features

Adding more signatures.
Adding more input sources.
Adding more APIs to get access to more properties of the request.
Adding proxy plugins to directly receive input from browser of http client.
~~Adding passive signature for passive checking each request.~~
Adding more action on Web UI.
Integrate with many other tools.

Contribute

If you have some new idea about this project, issue, feedback or found some valuable tool feel free to open an issue for just DM me via @j3ssiejjj. Feel free to submit new signature to this repo.

Credits

Special thanks to chaitin team for sharing ideas to me for build the architecture.
React components is powered by Carbon and carbon-tutorial.
Awesomes artworks are powered by Freepik at flaticon.com.