Skip to content

ZombieInside/jaeles-signatures

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
common
common
 
 
cves
cves
 
 
fuzz
fuzz
 
 
mics
mics
 
 
passives
passives
 
 
probe
probe
 
 
sensitive
sensitive
 
 
README.md
README.md
 
 

Repository files navigation

Jaeles

Software License Release

This repo only contain default Signatures for Jaeles project. Pull requests or any ideas are welcome.

Please read the Official Documention here for writing your own signature.

Installation

Try to clone signatures folder to somewhere like this

git clone https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/

then reload them in the DB with this command.

jaeles config -a reload --signDir /tmp/jaeles-signatures

Usage

Scan Usage example:
  jaeles scan -s <signature> -u <url>
  jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
  jaeles scan -c 50 -s <signature> -U <list_urls>
  jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
  jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
  jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
  jaeles scan -s <signature> -s <another-selector> -u http://example.com
  jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
  cat list_target.txt | jaeles scan -c 100 -s <signature>


Examples:
  jaeles scan -s 'jira' -s 'ruby' -u target.com
  jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
  jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
  jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com' -p 'root=[[.URL]]'
  cat urls.txt | grep 'interesting' | jaeles scan -L 5 -c 50 -s 'fuzz/.*' -U list_of_urls.txt --proxy http://127.0.0.1:8080

Structure of the Repo

Jaeles look for signature as a single file so you can stucture it as whatever you want. This is just an example.

Page Description
common Implement misconfiguration for some popular app
cves Implement some CVE
fuzz Some common case for fuzz mode
sensitvie Some common path with sensitive information
probe Used for detect some technology used by the target
passives Used for passive detection

Examples

Example for simple single signature in scan mode phpdebug.yaml

Example for complex signature in scan mode phpdebug.yaml

Example for simple list signature in fuzz mode content-type.yaml

Example for complex signature in fuzz mode open-redirect-02.yaml

Note for using Fuzz signatures

Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.

Showcases

apache-status.png Apache Server Status tableau-dom-xss.png Tableau DOM XSS CVE-2019-19719
rabbitmq-cred.png RabbitMQ Default Credentials jenkins-xss.png Jenkins XSS CVE-2020-2096

More showcase can be found here

License

Jaeles is made with ♥ by @j3ssiejjj and it is released under the MIT license.

About

Default signature for Jaeles Scanner

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published