Default signature for Jaeles Scanner
jaeles config init
Or
Try to clone signatures folder to somewhere like this
git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/
then reload them in the DB with this command.
jaeles config -a reload --signDir /tmp/jaeles-signatures
Scan Usage example: jaeles scan -s -u jaeles scan -c 50 -s -U -L jaeles scan -c 50 -s -U jaeles scan -c 50 -s -U -p 'dest=xxx.burpcollaborator.net' jaeles scan -c 50 -s -U -f 'noti_slack "{{.vulnInfo}}"' jaeles scan -v -c 50 -s -U list_target.txt -o /tmp/output jaeles scan -s -s -u http://example.com jaeles scan -G -s -s -x -u http://example.com cat list_target.txt | jaeles scan -c 100 -s jaeles scan -s '/tmp/custom-signature/sensitive/.*' -L 2 --fiExamples: jaeles scan -s 'jira' -s 'ruby' -u target.com jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt jaeles scan -G -c 50 -s '/tmp/custom-signature/.' -U list_of_urls.txt jaeles scan -v -s '~/my-signatures/products/wordpress/.' -u 'https://wp.example.com/blog/' -p 'root=[[.URL]]' cat urls.txt | grep 'interesting' | jaeles scan -c 50 -s /tmp/jaeles-signatures/cves/sample.yaml -U list_of_urls.txt --proxy http://127.0.0.1:8080
Config Command examples:
Init default signatures
jaeles config init
Update latest signatures
jaeles config update jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin jaeles config update --repo [email protected]/jaeles-project/another-signatures -K your_private_key
Reload signatures from a standard signatures folder (contain passives + resources)
jaeles config reload --signDir ~/standard-signatures/
Add custom signatures from folder
jaeles config add --signDir ~/custom-signatures/
Clean old stuff
jaeles config clean
More examples
jaeles config add --signDir /tmp/standard-signatures/ jaeles config cred --user sample --pass not123456
For full Usage: jaeles -hh
Jaeles look for signature as a single file so you can structure it as whatever you want. This is just an example.
| Page | Description | |----------------|------------------------------------| | common | Implement misconfiguration for some popular apps | | cves | Implement some CVE | | sensitvie | Some common path with sensitive information | | probe | Used for detect some technology used by the target| | passives | Used for passive detection| | fuzz | Some common case for fuzz mode (I know a lot of false positive here) | | routines | Routines example |
Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.
| Apache Server Status |
Tableau DOM XSS CVE-2019-19719 |
|:----------:|:-------------:|
|
RabbitMQ Default Credentials |
Jenkins XSS CVE-2020-2096 |
Become a financial contributor and help us sustain our community. [Contribute]
Explore the latest vulnerabilities at cvebase.com
Jaelesis made with ♥ by @j3ssiejjj and it is released under the MIT license.