All Projects → jaeles-project → Jaeles

jaeles-project / Jaeles

Licence: mit
The Swiss Army knife for automated Web Application Testing

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Projects that are alternatives of or similar to Jaeles

Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-52.56%)
Mutual labels:  hacking, security-tools, scanner, infosec, bugbounty
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+220.5%)
Mutual labels:  security-tools, scanner, infosec, bugbounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+575.3%)
Mutual labels:  hacking, scanner, infosec, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (-9.23%)
Mutual labels:  hacking, scanner, vulnerabilities, bugbounty
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (-28.52%)
Mutual labels:  hacking, security-tools, scanner, bugbounty
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+79.68%)
Mutual labels:  hacking, security-tools, scanner, bugbounty
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-94.22%)
Mutual labels:  hacking, security-tools, infosec, bugbounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-83.04%)
Mutual labels:  hacking, security-tools, infosec, bugbounty
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (-61.51%)
Mutual labels:  hacking, security-tools, scanner
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-61.51%)
Mutual labels:  hacking, scanner, vulnerabilities
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-60.21%)
Mutual labels:  hacking, security-tools, bugbounty
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-66.45%)
Mutual labels:  security-tools, scanner, vulnerabilities
Awesome Web Hacking
A list of web application security
Stars: ✭ 3,760 (+250.42%)
Mutual labels:  hacking, scanner, vulnerabilities
Appinfoscanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Stars: ✭ 424 (-60.48%)
Mutual labels:  hacking, security-tools, scanner
Xxe Injection Payload List
🎯 XML External Entity (XXE) Injection Payload List
Stars: ✭ 304 (-71.67%)
Mutual labels:  hacking, infosec, bugbounty
H2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-72.79%)
Mutual labels:  security-tools, infosec, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: ✭ 583 (-45.67%)
Mutual labels:  hacking, scanner, bugbounty
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (-39.89%)
Mutual labels:  hacking, security-tools, scanner
Shellshockhunter
It's a simple tool for test vulnerability shellshock
Stars: ✭ 52 (-95.15%)
Mutual labels:  hacking, security-tools, scanner
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (-27.77%)
Mutual labels:  security-tools, scanner, vulnerabilities

Jaeles

Software License Release Rawsec's CyberSecurity Inventory

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.

Architecture

Painless integrate Jaeles into your recon workflow?

huntersuite

Enjoying this tool? Support it's development and take your game to the next level by using HunterSuite.io

Installation

Download precompiled version here.

If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command.

GO111MODULE=on go get github.com/jaeles-project/jaeles

Please visit the Official Documention for more details.

Note: Checkout Signatures Repo for install signature.

Usage

# Scan Usage example:
  jaeles scan -s <signature> -u <url>
  jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
  jaeles scan -c 50 -s <signature> -U <list_urls>
  jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
  jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
  jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
  jaeles scan -s <signature> -s <another-selector> -u http://example.com
  jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
  cat list_target.txt | jaeles scan -c 100 -s <signature>


# Examples:
  jaeles scan -s 'jira' -s 'ruby' -u target.com
  jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
  jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
  jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com' -p 'root=[[.URL]]'
  cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz/.*' -U list_of_urls.txt --proxy http://127.0.0.1:8080
  jaeles server -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi

More usage can be found here

Run with Docker

docker pull j3ssie/jaeles
docker run j3ssie/jaeles scan -s '<selector>' -u http://example.com

Showcases

asciicast Jenkins Gitlab XSS CVE-2020-2096 asciicast Grafana DoS Probing CVE-2020-13379
asciicast SolarWindsOrion LFI CVE-2020-10148 asciicast Nginx Vhost XSS

More showcase can be found here


HTML Report summary

HTML Report

Burp Integration

Burp Integration

Plugin can be found here and Video Guide here

Mentions

My introduction slide about Jaeles

Planned Features

  • Adding more signatures.
  • Adding more input sources.
  • Adding more APIs to get access to more properties of the request.
  • Adding proxy plugins to directly receive input from browser of http client.
  • Adding passive signature for passive checking each request.
  • Adding more action on Web UI.
  • Integrate with many other tools.

Contribute

If you have some new idea about this project, issue, feedback or found some valuable tool feel free to open an issue for just DM me via @j3ssiejjj. Feel free to submit new signature to this repo.

Credits

In distributions

Packaging status

Contributors

Code Contributors

This project exists thanks to all the people who contribute. [Contribute].

Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Individuals

Organizations

Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]

License

Jaeles is made with ♥ by @j3ssiejjj and it is released under the MIT license.

Donation

paypal

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].