Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.
Download precompiled version here.
If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command.
GO111MODULE=on go get -u github.com/jaeles-project/jaeles
jaeles scan -u http://example.com
jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt
jaeles scan -v --passive --verbose -s "signatures/cves/jira-*" -U /tmp/list_of_urls.txt -o /tmp/vuls
jaeles server --verbose -s sqli
More showcase here
Detect Jira SSRF CVE-2019-8451
- Adding more signatures.
- Adding more input sources.
- Adding more APIs to get access to more properties of the request.
- Adding proxy plugins to directly receive input from browser of http client.
Adding passive signature for passive checking each request.
- Adding more action on Web UI.
- Integrate with many other tools.