The Jaeles is a powerful, flexible and easily scalable tool written in Go to make a Web Application Scanner.
Installation
Download the precompiled version from here
If you have a Go environment, make sure you have Go> = 1,13 with Go units enabled and execute the following command:
GO111MODULE = on go get github.com/jaeles-project /jaeles
Use
# Scan Usage example:
jaeles scan -s <signature> -u <url>
jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
jaeles scan -c 50 -s <signature> -U <list_urls>
jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest = xxx.burpcollaborator.net'
jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack “{{.vulnInfo}}”'
jaeles scan -v -c 50 -s <signature> -U list_target.txt -o / tmp / output
jaeles scan -s <signature> -s <another-selector> -u http://example.com
jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s <signature>
# Examples:
jaeles scan -s 'jira' -s 'ruby' -u target.com
jaeles scan -c 50 -s 'Java' -x 'tomcat' -U list_of_urls.txt
jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
jaeles scan -v -s '~ / my-signatures / products / wordpress /.*' -u 'https://wp.example.com' -p 'root = [[. URL]]'
cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz /.*' -U list_of_urls.txt –proxy http://127.0.0.1:8080
Snapshots implementation
Burp Integration
HTML Report summary
OWASP ZAP: Find vulnerabilities in web applications!
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators