Scribd
Upload
258 views45 pages

Build an Automated Web Scanner with Jaeles

Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.

Uploaded by

asdasd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
258 views45 pages

Build an Automated Web Scanner with Jaeles

Jaeles is an open-source framework for building automated web application scanners. It allows users to define signatures in YAML format to describe checks for vulnerabilities or other behaviors. Signatures can include variables, payloads, requests, and detections. Requests are built dynamically based on the signature. Detections use JavaScript to evaluate requests and determine if they are vulnerable. The architecture is flexible and extensible to support different input sources, signatures, integrations with other tools, and a web UI. The goal of Jaeles is to provide a scanner that users have total control over and can customize through their own signatures.

Uploaded by

asdasd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Build your own automated Web Application Scanner

with Jaeles Framework

Ai Ho - @j3ssiejjj
whoami
• Amateur hacker and developer combined.
• Open-source lover.
• Author of kind of famous projects: Osmedeus, Jaeles and Metabigor.
• Acknowledge by / Security hall of fame: Microsoft, StackOverflow, DoD,
Django, IBM, Sony, Dell, Adobe, Mastercard, Ford and so on.

[Link]
@j3ssiejjj
Outline
• Why?
• Architecture
• Showcases

[Link]
Why building Jaeles? To build

• A scanner that can take advantage of your experience.


• Something that can check one or many things on many hosts.
• Something that can easily be extensible.
• A scanner that you can totally control it.
• Something that is flexible allowed you to easily integrate with other tools.
What Jaeles can do?

Depend on your creativity.

• Checking for known vulnerabilities.


• Fuzzer.
• Directory brute force / Content discovery.
• Technology fingerprint.
• Probing HTTP.
• Monitor.
• And More!
Architecture
Architecture

Requests or URLs can be provided in many way


Architecture

Signature file is written in YAML format


Signature In-depth

There are 3 kinds of Signatures: single, list, fuzz.


Signature In-depth 》Info

Used to define type of signature index signature in a DB.


Info

Reference Info
Signature In-depth 》Origin Request

Original Request to compare in detection


Origin Request

Replaced by variable
Signature In-depth 》Variables & Payloads

Resource for building lists of requests by single file. Format follow by default golang template engine.
Payloads only available in fuzz signature
Signature In-depth 》Variables & Payloads

Default variables parsed from URL input


Variables

Replaced by variable
Signature In-depth 》Variables & Payloads

Some Variables API to generate many request by using one signature


Variables API

Replaced by variable
Signature In-depth 》Payloads

Resource for building lists of requests by single file. Format follow by default golang template engine.
Payload

Generator
Signature In-depth 》Request Builder

Building list of request from input and detect if it’s vulnerable or not
Signature In-depth 》Request Builder 》Request Component

Detail info about request like method, URL, headers, etc.


Request Component
Request Component
Signature In-depth 》Request Builder 》Detections

Do some logical on based on detections script to determine request is


vulnerable or not.
Signature In-depth 》Request Builder 》Detections

Detections was written in Javascript so you can write whatever you want with some predefined
function below as long as you return boolean value to determine it’s found something or not.
Multiples Detection
Demo
[Link]
[Link]
Signature In-depth 》Request Builder 》Generators & Encoding

Only available in fuzz signature.


Provide some functions to generate request based on the template request with payloads.
Signature In-depth 》Request Builder 》Generators & Encoding

Path("{{.payload}}", "*")
Replace each path of request by the payload.

Header("{{.payload}}", "X-Filename")
Adding new X-Filename header to request or replace an old one.

Query("{{.original}}{{.payload}}"); Method("PUT")
Append each query value with payload and change method to PUT.
Use Payloads with variables

Generators
Signature In-depth 》Request Builder 》Middleware

Middleware

Doing some extra task before sending a request to target.


Passive Detection

Like Detection part but check for every request


Passive Detection

Or can only triggered for specific request if it satisfied the detection


Burp Intergration
Burp Intergration
Burp Intergration
Web UI

Web UI powered by React


Web UI
Planned Features

• Adding more signatures.


• Adding more input sources.
• Adding proxy plugins to directly receive input from browser of
http client.
• Adding passive signature for passive checking each request.
• Adding more APIs to get access to more properties of the
request.
• Integrate with many other tools.
Takeaways

If you didn't find anything blame your signature, not my tool :P

Official Documentation: [Link]

@j3ssiejjj
Thank you for your attention!
Supporting me at [Link]

@j3ssiejjj

You might also like