Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.
Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.
Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.
Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.
Ai Ho - @j3ssiejjj whoami • Amateur hacker and developer combined. • Open-source lover. • Author of kind of famous projects: Osmedeus, Jaeles and Metabigor. • Acknowledge by / Security hall of fame: Microsoft, StackOverflow, DoD, Django, IBM, Sony, Dell, Adobe, Mastercard, Ford and so on.
https://github.com/jaeles-project/jaeles Why building Jaeles? To build
• A scanner that can take advantage of your experience.
• Something that can check one or many things on many hosts. • Something that can easily be extensible. • A scanner that you can totally control it. • Something that is flexible allowed you to easily integrate with other tools. What Jaeles can do?
There are 3 kinds of Signatures: single, list, fuzz.
Signature In-depth 》Info
Used to define type of signature index signature in a DB.
Info
Reference Info Signature In-depth 》Origin Request
Original Request to compare in detection
Origin Request
Replaced by variable Signature In-depth 》Variables & Payloads
Resource for building lists of requests by single file. Format follow by default golang template engine. Payloads only available in fuzz signature Signature In-depth 》Variables & Payloads
Default variables parsed from URL input
Variables
Replaced by variable Signature In-depth 》Variables & Payloads
Some Variables API to generate many request by using one signature
Variables API
Replaced by variable Signature In-depth 》Payloads
Resource for building lists of requests by single file. Format follow by default golang template engine. Payload
Generator Signature In-depth 》Request Builder
Building list of request from input and detect if it’s vulnerable or not Signature In-depth 》Request Builder 》Request Component
Detail info about request like method, URL, headers, etc.
Do some logical on based on detections script to determine request is
vulnerable or not. Signature In-depth 》Request Builder 》Detections
Detections was written in Javascript so you can write whatever you want with some predefined function below as long as you return boolean value to determine it’s found something or not. Multiples Detection Demo https://www.youtube.com/playlist?list=PLqpLl_iGMLnCBBC-TQZVxQAoFXWjTlGoV https://jaeles-project.github.io/showcases/ Signature In-depth 》Request Builder 》Generators & Encoding
Only available in fuzz signature.
Provide some functions to generate request based on the template request with payloads. Signature In-depth 》Request Builder 》Generators & Encoding
Path("{{.payload}}", "*") Replace each path of request by the payload.
Header("{{.payload}}", "X-Filename") Adding new X-Filename header to request or replace an old one.
Query("{{.original}}{{.payload}}"); Method("PUT") Append each query value with payload and change method to PUT. Use Payloads with variables
Doing some extra task before sending a request to target.
Passive Detection
Like Detection part but check for every request
Passive Detection
Or can only triggered for specific request if it satisfied the detection
Burp Intergration Burp Intergration Burp Intergration Web UI
Web UI powered by React
Web UI Planned Features
• Adding more signatures.
• Adding more input sources. • Adding proxy plugins to directly receive input from browser of http client. • Adding passive signature for passive checking each request. • Adding more APIs to get access to more properties of the request. • Integrate with many other tools. Takeaways
If you didn't find anything blame your signature, not my tool :P
Official Documentation: https://jaeles-project.github.io/
@j3ssiejjj Thank you for your attention! Supporting me at https://jaeles-project.github.io/donation/
Kali Linux Wireless Penetration Testing Beginner s Guide Learn to penetrate Wi Fi and wireless networks to secure your system from vulnerabilities 2nd Edition Vivek Ramachandran Cameron Buchanan all chapter instant download
Kali Linux Wireless Penetration Testing Beginner s Guide Learn to penetrate Wi Fi and wireless networks to secure your system from vulnerabilities 2nd Edition Vivek Ramachandran Cameron Buchanan all chapter instant download
