Published by j3ssie about 3 years ago
Published by j3ssie over 3 years ago
Published by j3ssie almost 4 years ago
Published by j3ssie about 4 years ago
replicate
in signatures to easily create a replicate of requests with different ports and prefix.replicate:
ports: '8080, 9090'
prefixes: 'actuator, api, admin'
Published by j3ssie about 4 years ago
jaeles config
commands.--at
option to enable always true detection for observed response.New config command will look like this
Config Command examples:
# Init default signatures
jaeles config init
# Update latest signatures
jaeles config update
jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin
jaeles config update --repo [email protected]/jaeles-project/another-signatures -K your_private_key
# Reload signatures from a standard signatures folder (contain passives + resources)
jaeles config reload --signDir ~/standard-signatures/
# Add custom signatures from folder
jaeles config add --signDir ~/custom-signatures/
# Clean old stuff
jaeles config clean
Published by j3ssie about 4 years ago
donce: true
for only run detections once.--json
option for store output as JSON.Published by j3ssie over 4 years ago
-A
option to run API server without authentication.For example from this response:
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=4F6904C386821F445B9C961CF1A10811; Path=/;
we can use RegexSelect("resHeaders", "JSESSIONID=(?P<sess>.*);\\sP")
to get 4F6904C386821F445B9C961CF1A10811
as sess
variables then can render it in next request with [[.sess]]
Published by j3ssie over 4 years ago
OSEnv('ENV_NAME', 'default_value')
Confidence
in signatures and HTML report.-J
option to parse special input.echo '{"BaseURL":"https://example.com/sub/"}' | jaeles scan -s sign.yaml -J
Published by j3ssie over 4 years ago
ContentLength('body'), ContentLength('resHeaders')
.# Replace generator
Replace()
http://example.com/FUZZ/sample --> http://example.com/PAYLOAD/sample
# Fuzz generator
Fuzz('{{.payload}}')
http://example.com/{{.FUZZ}}/sample --> http://example.com/PAYLOAD/sample
Published by j3ssie over 4 years ago
-H
options for custom headers from cli.Published by j3ssie over 4 years ago
-f
options for Run host OS command when vulnerability found.id: sample-siganture-01
passive: true
info:
name: Sample
risk: Info
Published by j3ssie over 4 years ago
Published by j3ssie over 4 years ago
-s 'jira' -s 'tomcat'
-x
option for excluding a specific signature.out/jaeles-summary.txt
Published by j3ssie over 4 years ago
--params 'variable_name=value'
options for passing variables from command line.Exist, StringGrepCmd, RegexGrepCmd
.--passive
option.HasPopUp(), ValueOf("variable_name")
and more.[[.variable]]
.Published by j3ssie almost 5 years ago
Published by j3ssie almost 5 years ago
jaeles scan ...
) now.The documentation is available here.
Published by j3ssie almost 5 years ago
First release candidate, please visit Official Documentation: https://jaeles-project.github.io/ for usage.