Description
Jaeles is a powerful, flexible web application scanner. It uses YAML-based signature definitions that let you write and share custom vulnerability checks. The community maintains a large library of signatures covering SSRF, XSS, SQLi, SSTI, and more.
Installation
BASH
go install github.com/jaeles-project/jaeles@latest
# Download default signatures
jaeles config initBasic Usage
BASH
# Scan with all signatures
echo "https://target.com" | jaeles scan -s /path/to/signatures/
# Scan specific URL
jaeles scan -u https://target.com -s /path/to/signatures/
# From URL list
jaeles scan -U urls.txt -s /path/to/signatures/Advanced Usage
BASH
# Custom concurrency
jaeles scan -U urls.txt -s signatures/ -c 30
# Specific signature category
jaeles scan -u https://target.com -s signatures/cves/
jaeles scan -u https://target.com -s signatures/common/
# Output results
jaeles scan -U urls.txt -s signatures/ -o results/
# With Burp request
jaeles scan --req request.txt -s signatures/Common Workflows
BASH
# Full scan pipeline
subfinder -d target.com -silent | httpx -silent | jaeles scan -s signatures/ -c 20 -o jaeles_results/
# Update signatures
jaeles config reload --signDir /path/to/updated/signatures
# Custom CVE scanning
jaeles scan -u https://target.com -s signatures/cves/ -o cve_findings/