Primary Use Case

Jaeles is designed for security professionals and developers to automate the detection of web application vulnerabilities using customizable signatures. It is ideal for penetration testers, bug bounty hunters, and DevSecOps teams looking to integrate automated scanning into their workflows for continuous security assessment.

Key Features

Extensible framework for building custom web application scanners

Supports signature-based vulnerability scanning

Written in Go for performance and portability

Can scan single URLs or lists of URLs concurrently

Integration with external tools like Burp Suite

Provides HTML reports summarizing scan results

Supports notification hooks such as Slack

Dockerized for easy deployment

Insights & Recommendations

Jaeles requires Go version 1.17 or higher for installation from source and supports modular signature management via a separate signatures repository. It is recommended to review and customize signatures to fit specific testing needs. Integration with tools like Burp Suite enhances workflow efficiency. Users should be aware of concurrency settings to balance scan speed and resource usage.

Installation

Download precompiled binaries from the GitHub releases page
Ensure Go environment is installed with version >= 1.17 and Go Modules enabled
Run `go install github.com/jaeles-project/jaeles@latest` to install from source
Refer to the official documentation at https://jaeles-project.github.io/ for detailed setup
Optionally, clone and install signatures from the jaeles-signatures repository

Usage

jaeles scan -s <signature> -u <url>

Scan a single URL with a specified signature

jaeles scan -c 50 -s <signature> -U <list_urls> -L <level-of-signatures>

Scan multiple URLs concurrently with specified signature and signature level

jaeles scan -c 50 -s <signature> -U <list_urls> -p 'dest=xxx.burpcollaborator.net'

Run concurrent scans with custom parameters for payload destinations

jaeles scan -c 50 -s <signature> -U <list_urls> -f 'noti_slack "{{.vulnInfo}}"'

Scan URLs and send vulnerability notifications to Slack

jaeles scan -v -c 50 -s <signature> -U list_target.txt -o /tmp/output

Verbose scan of multiple targets with output saved to a directory

jaeles scan -s <signature> -s <another-selector> -u http://example.com

Scan a URL with multiple signature selectors

jaeles scan -G -s <signature> -s <another-selector> -x <exclude-selector> -u http://example.com

Run a scan with included and excluded signature selectors

cat list_target.txt | jaeles scan -c 100 -s <signature>

Pipe a list of URLs into Jaeles for concurrent scanning

docker pull j3ssie/jaeles

Pull the official Jaeles Docker image

docker run j3ssie/jaeles scan -s '<selector>' -u http://example.com

Run a scan inside a Docker container

Smart Usage Notes

Integrate Jaeles into CI/CD pipelines for continuous automated web vulnerability scanning.Leverage custom signature development to tailor scans for organization-specific web applications.Use Jaeles in conjunction with manual penetration testing to increase coverage and efficiency.Automate alerting and reporting via Slack or other notification hooks for rapid incident awareness.Deploy Jaeles in containerized environments to simplify scaling and integration into DevSecOps workflows.

OpenSec Atlas

jaeles

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like