The Jaeles είναι ένα ισχυρό, ευέλικτο και εύκολα επεκτάσιμο εργαλείο που έχει γραφεί σε Go για τη πραγματοποίηση ενός Web Application Scanner.
Installation
Download the precompiled version from here
If you have a Go environment, make sure you have Go> = 1,13 with the Go units enabled and run the following command:
GO111MODULE=on go get github.com/jaeles-project/ jaeles
Use
# Scan Usage example:
jaeles scan -s signature> -u url>
jaeles scan -c 50 -s signature> -U list_urls> -L level-of-signatures>
jaeles scan -c 50 -s signature> -U list_urls>
jaeles scan -c 50 -s signature> -U list_urls> -p 'dest = xxx.burpcollaborator.net'
jaeles scan -c 50 -s signature> -U list_urls> -f 'noti_slack “{{.vulnInfo}}”'
jaeles scan -v -c 50 -s signature> -U list_target.txt -o / tmp / output
jaeles scan -s signature> -s another-selector> -u http://example.com
jaeles scan -G -s signature> -s another-selector> -x exclude-selector> -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s signature>
#Examples:
jaeles scan -s 'jira' -s 'ruby' -u target.com
jaeles scan -c 50 -s 'Java' -x 'tomcat' -U list_of_urls.txt
jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
jaeles scan -v -s '~ / my-signatures / products /wordpress/.*' -u 'https://wp.example.com' -p 'root = [[. URL]]'
cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz /.*' -U list_of_urls.txt –proxy http://127.0.0.1:8080
Snapshots application
https://www.youtube.com/watch?v=nkBcIvzi3H4
Burp Integration
HTML Report summary
https://www.youtube.com/watch?v=JfihhEOEWSE
https://www.youtube.com/watch?v=ed4n1sCNu3s
https://www.youtube.com/watch?v=EG7Qmt8kt58
Plugin you can find here and Video guide here