jaeles-project / Jaeles Signatures
Default signature for Jaeles Scanner
Stars: ✭ 172
Projects that are alternatives of or similar to Jaeles Signatures
Commix
Automated All-in-One OS Command Injection Exploitation Tool.
Stars: ✭ 3,016 (+1653.49%)
Mutual labels: vulnerability-scanner, bugbounty
sub404
A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+19.19%)
Mutual labels: bugbounty, vulnerability-scanner
Burpbounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+496.51%)
Mutual labels: vulnerability-scanner, bugbounty
Fuxploider
File upload vulnerability scanner and exploitation tool.
Stars: ✭ 1,997 (+1061.05%)
Mutual labels: vulnerability-scanner
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-13.95%)
Mutual labels: bugbounty
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-5.81%)
Mutual labels: bugbounty
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (-0.58%)
Mutual labels: bugbounty
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-18.6%)
Mutual labels: bugbounty
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-1.74%)
Mutual labels: bugbounty
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-9.3%)
Mutual labels: bugbounty
Di.we.h
Repositório com conteúdo sobre web hacking em português
Stars: ✭ 156 (-9.3%)
Mutual labels: bugbounty
Xss Payload List
🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List
Stars: ✭ 2,617 (+1421.51%)
Mutual labels: bugbounty
Mobilehackersweapons
Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Stars: ✭ 170 (-1.16%)
Mutual labels: bugbounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-17.44%)
Mutual labels: bugbounty
Awesome Bugbounty Writeups
A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Stars: ✭ 2,429 (+1312.21%)
Mutual labels: bugbounty
Apkleaks
Scanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1473.84%)
Mutual labels: bugbounty
Jaeles project. Pull requests or any ideas are welcome.
This repo only contain Default Signatures forhere for writing your own signature.
Please read the Official DocumentationInstallation
jaeles config init
Or
Try to clone signatures folder to somewhere like this
git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/
then reload them in the DB with this command.
jaeles config -a reload --signDir /tmp/jaeles-signatures
Usage
Scan Usage example:
jaeles scan -s <signature> -u <url>
jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
jaeles scan -c 50 -s <signature> -U <list_urls>
jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
jaeles scan -s <signature> -s <another-selector> -u http://example.com
jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s <signature>
jaeles scan -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi
Examples:
jaeles scan -s 'jira' -s 'ruby' -u target.com
jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com/blog/' -p 'root=[[.URL]]'
cat urls.txt | grep 'interesting' | jaeles scan -c 50 -s /tmp/jaeles-signatures/cves/sample.yaml -U list_of_urls.txt --proxy http://127.0.0.1:8080
Config Command examples:
# Init default signatures
jaeles config init
# Update latest signatures
jaeles config update
jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin
jaeles config update --repo [email protected]/jaeles-project/another-signatures -K your_private_key
# Reload signatures from a standard signatures folder (contain passives + resources)
jaeles config reload --signDir ~/standard-signatures/
# Add custom signatures from folder
jaeles config add --signDir ~/custom-signatures/
# Clean old stuff
jaeles config clean
# More examples
jaeles config add --signDir /tmp/standard-signatures/
jaeles config cred --user sample --pass not123456
For full Usage:
jaeles -hh
Structure of the Repo
Jaeles look for signature as a single file so you can structure it as whatever you want. This is just an example.
Page | Description |
---|---|
common | Implement misconfiguration for some popular apps |
cves | Implement some CVE |
sensitvie | Some common path with sensitive information |
probe | Used for detect some technology used by the target |
passives | Used for passive detection |
fuzz | Some common case for fuzz mode (I know a lot of false positive here) |
routines | Routines example |
Note for using Fuzz signatures
Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.
Showcases
Jenkins Gitlab XSS CVE-2020-2096 | Grafana DoS Probing CVE-2020-13379 |
---|---|
SolarWindsOrion LFI CVE-2020-10148 | Nginx Vhost XSS |
here
More showcase can be foundWhat should I do if Jaeles found a vulnerability?
- Read the signature file.
- Seriously, read the signature file.
- Remember that you were warned twice about reading the signature file.
- Read the references and detection part to understand why Jaeles said it's vulnerable.
- Manually verify the vulnerability.
Financial Contributors
Become a financial contributor and help us sustain our community. [Contribute]
Special Thanks
Explore the latest vulnerabilities at cvebase.com
License
Jaeles
is made with ♥ by @j3ssiejjj and it is released under the MIT license.
Donation
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].