This repo only contain default Signatures for Jaeles project. Pull requests or any ideas are welcome.
Please read the Official Documention here for writing your own signature.
Try to clone signatures folder to somewhere like this
git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures /tmp/jaeles-signatures/
then reload them in the DB with this command.
jaeles config -a reload --signDir /tmp/jaeles-signatures
Scan Usage example:
jaeles scan -s <signature> -u <url>
jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>
jaeles scan -c 50 -s <signature> -U <list_urls>
jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'
jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'
jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output
jaeles scan -s <signature> -s <another-selector> -u http://example.com
jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com
cat list_target.txt | jaeles scan -c 100 -s <signature>
Examples:
jaeles scan -s 'jira' -s 'ruby' -u target.com
jaeles scan -c 50 -s 'java' -x 'tomcat' -U list_of_urls.txt
jaeles scan -G -c 50 -s '/tmp/custom-signature/.*' -U list_of_urls.txt
jaeles scan -v -s '~/my-signatures/products/wordpress/.*' -u 'https://wp.example.com/blog/' -p 'root=[[.URL]]'
cat urls.txt | grep 'interesting' | jaeles scan -c 50 -s /tmp/jaeles-signatures/cves/sample.yaml -U list_of_urls.txt --proxy http://127.0.0.1:8080
Jaeles look for signature as a single file so you can structure it as whatever you want. This is just an example.
| Page | Description |
|---|---|
| common | Implement misconfiguration for some popular apps |
| cves | Implement some CVE |
| sensitvie | Some common path with sensitive information |
| probe | Used for detect some technology used by the target |
| passives | Used for passive detection |
| fuzz | Some common case for fuzz mode (I know a lot of false positive here) |
Fuzz signatures may have many false positive because I can't defined exactly what is vulnerable for everything. So make sure you gotta know what are you doing here.
 Apache Server Status |
 Tableau DOM XSS CVE-2019-19719 |
|---|---|
 RabbitMQ Default Credentials |
 Jenkins XSS CVE-2020-2096 |
More showcase can be found here
cves
├── aircontrol-rce.yaml
├── citrix-lfi.yaml
├── citrix-rce.yaml
├── citrix-sharefile-exposed.yaml
├── harboar-cve-2019-16097.yaml
├── iplanet-disclosure.yaml
├── jenkins-audit-xss.yaml
├── jenkins-gitlab-xss.yaml
├── jenkins-subversion-xss.yaml
├── jenkins-xss.yaml
├── jira-lfi.yaml
├── jira-ssrf.yaml
├── joomla-lfi-comfabrik.yaml
├── joomla-sqli-hdwplayer.yaml
├── kong-cve-2020-11710\ copy.yaml
├── kong-cve-2020-11710.yaml
├── nextjs-disclosure.yaml
├── nexus-cve-2019-7238.yaml
├── openproject-sqli.yaml
├── php7-rce.yaml
├── pulse-vpn-lfi.yaml
├── rails-cve-2018-3760.yaml
├── rails-cve-2019-5418.yaml
├── solr-rce.yaml
├── splunk-license.yaml
├── spring-cve-2020-5405.yaml
├── spring-lfi.yaml
├── tomcat-jkstatus.yaml
├── tomcat-open-redirect.yaml
├── tomcat-put-method.yaml
├── vbulletin-sqli.yaml
├── wordpress-lfi.yaml
└── zimbra-xxe.yaml
common
├── directory-listing.yaml
├── docker-api.yaml
├── docker-unauth.yaml
├── go-pprof-exposed.yaml
├── hadoop-unauth.yaml
├── iis-directory-listing.yaml
├── joomla-host-injection.yaml
├── nginx-vhost-xss.yaml
├── phpdebug.yaml
├── rocketmq-console.yaml
├── route-bypass.yaml
├── service-desk-signup.yaml
├── sonarqube-cred.yaml
├── spark-unauth.yaml
├── spring-probe.yaml
├── subdomain-takeover.yaml
├── wordpress-directory-listing.yaml
├── wordpress-misconfig.yaml
└── zabbix-console.yaml
sensitive
├── dot-secret.yaml
├── gitleak.yaml
├── log-secret.yaml
├── secret-path.yaml
└── stas.yaml
Become a financial contributor and help us sustain our community. [Contribute]
Jaeles is made with ♥ by @j3ssiejjj and it is released under the MIT license.