jaeles v0.17.1 beta releases: The Swiss Army knife for automated Web Application Testing

by do son · Published · Updated

Jaeles is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner.

Changelog v0.17.1-beta

  • Update dependencies.
  • Small improvement to allow proxy can be applied in chrome headless
  • Refactor and fix some bugs.

Install

go get -u github.com/jaeles-project/jaeles

Use

Jaeles - The Swiss Army knife for automated Web Application Testing beta v0.1 by @j3ssiejjj



Usage:

jaeles [command]



Available Commands:

config      Configuration CLI

help        Help about any command

scan        Do the Scan

server      Run server



Flags:

-c, --concurrency int   concurrency (default 20)

  --config string     config file (default is $HOME/.jaeles/config.yaml)

  --debug             Debug

-h, --help              help for jaeles

  --no-output         Do not store raw output

-o, --output string     output folder name (default "out")

  --proxy string      proxy

  --refresh int       Refresh (default 10)

  --retry int         retry (default 3)

  --rootDir string    root Project (default "~/.jaeles/")

  --save-raw          save raw request

  --scanID string     Scan ID

  --signDir string    signFolder (default "~/.jaeles/signatures-base/")

  --timeout int       timeout (default 20)

-v, --verbose           Verbose



Use "jaeles [command] --help" for more information about a command.

 

 

Scan

Scan list of URLs based on signatures



Usage:

  jaeles scan [flags]



Flags:

  -h, --help          help for scan

  -s, --sign string   Provide custom header seperate by ';'

      --ssrf string   Fill your BurpCollab

  -u, --url string    URL of target

  -U, --urls string   URLs file of target

 

Examples Command

# scan all signature for single url

jaeles scan -u http://example.com

# scan phpdebug.yaml signature for list of urls

jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt

# scan all signatures with “aem” prefix for list of urls

jaeles scan --retry 3 --verbose -s "signatures/cves/aem-*" -U /tmp/list_of_urls.txt

Fuzz

Start API Server



Usage:

  jaeles server [flags]



Flags:

  -h, --help          help for server

      --host string   IP address to bind the server (default "127.0.0.1")

  -l, --level int16   Provide custom header seperate by ';' (default 1)

      --port string   Port (default "5000")

  -s, --sign string   Provide custom header seperate by ';'

 

Examples Command

# scan API server on http://127.0.0.1:5000

jaeles server

# scan API server on http://127.0.0.1:5000 with default signature sqli

jaeles --verbose server -s sqli

Burp Integration

Tutorial

Copyright (c) 2019 j3ssie

Source: https://github.com/jaeles-project/

Tags: automated Web Application Testingjaeles