Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.


Download precompiled version here.
If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command.

GO111MODULE=on go get -u github.com/jaeles-project/jaeles

Please visit the Official Documention for more details.
Checkout Signature Repo for base signature and passive signature.

More usage here
Example commands.

jaeles scan -u http://example.com

jaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txt

jaeles scan -v --passive --verbose -s "signatures/cves/jira-*" -U /tmp/list_of_urls.txt -o /tmp/vuls

jaeles server --verbose -s sqli

More showcase here

Detect Jira SSRF CVE-2019-8451

Burp Integration

Plugin can be found here and Video Guide here

My introduction slide about Jaeles

Planned Features

  • Adding more signatures.
  • Adding more input sources.
  • Adding more APIs to get access to more properties of the request.
  • Adding proxy plugins to directly receive input from browser of http client.
  • Adding passive signature for passive checking each request.
  • Adding more action on Web UI.
  • Integrate with many other tools.


  • Special thanks to chaitin team for sharing ideas to me for build the architecture.
  • React components is powered by Carbon and carbon-tutorial.
  • Awesomes artworks are powered by Freepik at flaticon.com.
Download Jaeles
Original Source