Need help with jaeles-signatures?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

jaeles-project
143 Stars 40 Forks 82 Commits 7 Opened issues

Description

Default signature for Jaeles Scanner

Services available

!
?

Need anything else?

Contributors list

Jaeles

Software License Release


This repo only contain Default Signatures for Jaeles project. Pull requests or any ideas are welcome.

Please read the Official Documentation here for writing your own signature.


Installation

jaeles config init

Or

Try to clone signatures folder to somewhere like this

git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/

then reload them in the DB with this command.

jaeles config -a reload --signDir /tmp/jaeles-signatures

Usage

Scan Usage example:
  jaeles scan -s  -u 
  jaeles scan -c 50 -s  -U  -L 
  jaeles scan -c 50 -s  -U 
  jaeles scan -c 50 -s  -U  -p 'dest=xxx.burpcollaborator.net'
  jaeles scan -c 50 -s  -U  -f 'noti_slack "{{.vulnInfo}}"'
  jaeles scan -v -c 50 -s  -U list_target.txt -o /tmp/output
  jaeles scan -s  -s  -u http://example.com
  jaeles scan -G -s  -s  -x  -u http://example.com
  cat list_target.txt | jaeles scan -c 100 -s 
  jaeles scan -s '/tmp/custom-signature/sensitive/.*' -L 2 --fi

Examples: jaeles scan -s 'jira' -s 'ruby' -u target.com jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt jaeles scan -G -c 50 -s '/tmp/custom-signature/.' -U list_of_urls.txt jaeles scan -v -s '~/my-signatures/products/wordpress/.' -u 'https://wp.example.com/blog/' -p 'root=[[.URL]]' cat urls.txt | grep 'interesting' | jaeles scan -c 50 -s /tmp/jaeles-signatures/cves/sample.yaml -U list_of_urls.txt --proxy http://127.0.0.1:8080

Config Command examples:

Init default signatures

jaeles config init

Update latest signatures

jaeles config update jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin jaeles config update --repo [email protected]/jaeles-project/another-signatures -K your_private_key

Reload signatures from a standard signatures folder (contain passives + resources)

jaeles config reload --signDir ~/standard-signatures/

Add custom signatures from folder

jaeles config add --signDir ~/custom-signatures/

Clean old stuff

jaeles config clean

More examples

jaeles config add --signDir /tmp/standard-signatures/ jaeles config cred --user sample --pass not123456

For full Usage: jaeles -hh


Structure of the Repo

Jaeles look for signature as a single file so you can structure it as whatever you want. This is just an example.

| Page | Description | |----------------|------------------------------------| | common | Implement misconfiguration for some popular apps | | cves | Implement some CVE | | sensitvie | Some common path with sensitive information | | probe | Used for detect some technology used by the target| | passives | Used for passive detection| | fuzz | Some common case for fuzz mode (I know a lot of false positive here) | | routines | Routines example |

Note for using Fuzz signatures

Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.

Showcases

| apache-status.png Apache Server Status | tableau-dom-xss.png Tableau DOM XSS CVE-2019-19719 | |:----------:|:-------------:| | rabbitmq-cred.png RabbitMQ Default Credentials | jenkins-xss.png Jenkins XSS CVE-2020-2096 |

More showcase can be found here


Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Special Thanks

cvebase

Explore the latest vulnerabilities at cvebase.com

License

Jaeles
is made with ♥ by @j3ssiejjj and it is released under the MIT license.

Donation

paypal

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.