Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → jaeles-project → Jaeles Signatures

jaeles-project / Jaeles Signatures

Default signature for Jaeles Scanner

Labels

security bugbounty vulnerability-scanner

Projects that are alternatives of or similar to Jaeles Signatures

Commix

Automated All-in-One OS Command Injection Exploitation Tool.

Stars: ✭ 3,016 (+1653.49%)

Mutual labels: vulnerability-scanner, bugbounty

sub404

A python tool to check subdomain takeover vulnerability

Stars: ✭ 205 (+19.19%)

Mutual labels: bugbounty, vulnerability-scanner

Burpbounty

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Stars: ✭ 1,026 (+496.51%)

Mutual labels: vulnerability-scanner, bugbounty

Fuxploider

File upload vulnerability scanner and exploitation tool.

Stars: ✭ 1,997 (+1061.05%)

Mutual labels: vulnerability-scanner

Proof Of Concepts

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

Stars: ✭ 148 (-13.95%)

Mutual labels: bugbounty

Minesweeper

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Stars: ✭ 162 (-5.81%)

Mutual labels: bugbounty

Url Tracker

Change monitoring app that checks the content of web pages in different periods.

Stars: ✭ 171 (-0.58%)

Mutual labels: bugbounty

Autosetup

Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.

Stars: ✭ 140 (-18.6%)

Mutual labels: bugbounty

Bbrecon

Python library and CLI for the Bug Bounty Recon API

Stars: ✭ 169 (-1.74%)

Mutual labels: bugbounty

Rescope

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Stars: ✭ 156 (-9.3%)

Mutual labels: bugbounty

Di.we.h

Repositório com conteúdo sobre web hacking em português

Stars: ✭ 156 (-9.3%)

Mutual labels: bugbounty

Xss Payload List

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Stars: ✭ 2,617 (+1421.51%)

Mutual labels: bugbounty

Redteam Hardware Toolkit

🔺 Red Team Hardware Toolkit 🔺

Stars: ✭ 163 (-5.23%)

Mutual labels: bugbounty

Bug Hunting Colab

A Colab For Bug Hunting!

Stars: ✭ 147 (-14.53%)

Mutual labels: bugbounty

Mobilehackersweapons

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

Stars: ✭ 170 (-1.16%)

Mutual labels: bugbounty

Bbr

An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.

Stars: ✭ 142 (-17.44%)

Mutual labels: bugbounty

Bountystrike Sh

Poor (rich?) man's bug bounty pipeline

Stars: ✭ 168 (-2.33%)

Mutual labels: bugbounty

Awesome Bugbounty Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

Stars: ✭ 2,429 (+1312.21%)

Mutual labels: bugbounty

Apkleaks

Scanning APK file for URIs, endpoints & secrets.

Stars: ✭ 2,707 (+1473.84%)

Mutual labels: bugbounty

Jira Scan

CVE-2017-9506 - SSRF

Stars: ✭ 159 (-7.56%)

Mutual labels: bugbounty

View All Similar Projects ➔

This repo only contain Default Signatures for Jaeles project. Pull requests or any ideas are welcome.

Please read the Official Documentation here for writing your own signature.

Installation

jaeles config init

Try to clone signatures folder to somewhere like this

git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/

then reload them in the DB with this command.

jaeles config -a reload --signDir /tmp/jaeles-signatures

Usage

Scan Usage example:
  jaeles scan -s <signature> -u <url>
  jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
  jaeles scan -c 50 -s <signature> -U <list_urls>
  jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
  jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
  jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
  jaeles scan -s <signature> -s <another-selector> -u http://example.com
  jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
  cat list_target.txt | jaeles scan -c 100 -s <signature>
  jaeles scan -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi

Examples:
  jaeles scan -s 'jira' -s 'ruby' -u target.com
  jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
  jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
  jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com/blog/' -p 'root=[[.URL]]'
  cat urls.txt | grep 'interesting' | jaeles scan -c 50 -s /tmp/jaeles-signatures/cves/sample.yaml -U list_of_urls.txt --proxy http://127.0.0.1:8080

Config Command examples:
  # Init default signatures
  jaeles config init

  # Update latest signatures
  jaeles config update
  jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin
  jaeles config update --repo [email protected]/jaeles-project/another-signatures -K your_private_key

  # Reload signatures from a standard signatures folder (contain passives + resources)
  jaeles config reload --signDir ~/standard-signatures/

  # Add custom signatures from folder
  jaeles config add --signDir ~/custom-signatures/

  # Clean old stuff
  jaeles config clean

  # More examples
  jaeles config add --signDir /tmp/standard-signatures/
  jaeles config cred --user sample --pass not123456

For full Usage:
  jaeles -hh

Structure of the Repo

Jaeles look for signature as a single file so you can structure it as whatever you want. This is just an example.

Page	Description
common	Implement misconfiguration for some popular apps
cves	Implement some CVE
sensitvie	Some common path with sensitive information
probe	Used for detect some technology used by the target
passives	Used for passive detection
fuzz	Some common case for fuzz mode (I know a lot of false positive here)
routines	Routines example

Note for using Fuzz signatures

Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.

Showcases

Jenkins Gitlab XSS CVE-2020-2096	Grafana DoS Probing CVE-2020-13379
SolarWindsOrion LFI CVE-2020-10148	Nginx Vhost XSS

More showcase can be found here

What should I do if Jaeles found a vulnerability?

Read the signature file.
Seriously, read the signature file.
Remember that you were warned twice about reading the signature file.
Read the references and detection part to understand why Jaeles said it's vulnerable.
Manually verify the vulnerability.

Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Special Thanks

Explore the latest vulnerabilities at cvebase.com

License

Jaeles is made with ♥ by @j3ssiejjj and it is released under the MIT license.

Donation

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 172

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (7) 🔗