What are You Looking for?

Jaeles Security Scanner – How to write Custom Signatures

Jaeles Security Scanner is a powerful web application vulnerability scanning tool designed for penetration testers and web application developers to assess the security of their web applications. Its versatile nature allows for both automated scanning and the creation of customized signatures suited to specific testing scenarios.

Jaeles Security Scanner

Table of Contents

 

Installation

To get started with Jaeles, you can install it by cloning the GitHub repository at https://github.com/jaeles-project/jaeles. Ensure you have Go installed on your system and run the following commands to install Jaeles:

git clone https://github.com/jaeles-project/jaeles.git
cd jaeles
go build

After the build process, an executable will be available in the directory which you can add to your system path for easy access.

 

Basic Usage

Jaeles Scanner is a command-line tool, to use it, simply enter jaeles commands into your terminal. Here’s how to perform a basic scan:

jaeles scan -u http://example.com

This command will run Jaeles scanner using the default signatures.

 

  • For scanning a list of URLs with a specific signature:
jaeles scan -s <signature> -U <url-file.txt>

Where <signature> is the path to a signature file and <url-file.txt> contains a list of URLs to test.

 

  • Performing Concurrent Scans
jaeles scan -c 50 -s /path/to/signatures/* -U targets.txt
  • Specifying Custom Headers
jaeles scan --headers 'Authorization: Bearer TOKEN' -s /path/to/signatures/* -u 'http://example.com'

 

Signatures Explained

Signatures are the core of Jaeles Security Scanner. They define the actual tests to be performed on the target applications. These signatures are YAML files that describe the request to be made and the patterns to look for in the response. These signatures help in identifying common vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), Local File Inclusion (LFI), and many others. Plenty of signatures are located in  https://github.com/jaeles-project/jaeles-signatures .

 

Writing Custom Signatures

Custom signatures allow for more targeted scanning. A signature in Jaeles is written in YAML format and define how to send the request and analyze the response. Here is the basic structure of a signature:

id: Name of the signature
info:
  name: Name of the vulnerability
  risk: Risk level
requests:
  - method: GET
    path: "{{.BaseURL}}/specific-endpoint"
    headers:
      User-Agent: "Your User Agent"
    detections:
      - type: regex
        pattern: "specific-pattern"

Each signature must include an id, some info about the vulnerability, and at least one request. The detections specify what to look for in the response.

 

Example Signatures

Example 1: Basic GET Request

id: basic-get-example
info:
  name: Example GET request
  risk: Low
requests:
  - method: GET
    path: "{{.BaseURL}}/api/v1/info"
    detections:
      - type: status
        pattern: 200

This basic signature sends a GET request to the /api/v1/info endpoint and checks if the response status code is 200.

 

Example 2: Pattern Detection

id: pattern-detect-example
info:
  name: Detect Specific Pattern in Response
  risk: High
requests:
  - method: GET
    path: "{{.BaseURL}}/login"
    detections:
      - type: regex
        pattern: "Welcome, admin"

This signature detects if the ‘Welcome, admin’ text is present in the response, indicating a successful login or information disclosure.

 

Example 3: POST Request with Data

id: post-data-example
info:
  name: POST Request with Data
  risk: Medium
requests:
  - method: POST
    path: "{{.BaseURL}}/submit-form"
    body: "username=admin&password=admin"
    detections:
      - type: word
        pattern: "Thank you for submitting the form"

Here, a POST request submits data to a form, and the presence of the acknowledgment message is checked.

 

Example 4: Header Injection

id: header-injection-example
info:
  name: Header Injection Vulnerability
  risk: Critical
requests:
  - method: GET
    path: "{{.BaseURL}}/header-test"
    headers:
      X-Injection-Test: "test-payload"
    detections:
      - type: header
        part: X-Injection-Test
        pattern: "test-payload"

This signature tests for Header Injection by sending a custom header and looking for it in the response.

 

Troubleshooting Tips

If you are experiencing issues with Jaeles, here are some troubleshooting tips to help you resolve them:

  • Ensure Jaeles is correctly installed and the executable is in your system path.
  • Check your network connection and the target URL to rule out connectivity issues.
  • Make sure the syntax of your custom signature is correct and follows the YAML format.
  • Review the log files that Jaeles generates for insight into the error messages.

 

References

Conclusive Summary

Jaeles Security Scanner is a versatile and potent tool for discovering vulnerabilities in web applications. By understanding how to install, execute basic scans, and write custom signatures, security professionals can utilize Jaeles to its full potential. As with any tool, practice and experience will ultimately lead to more efficient and effective usage. Remember to test responsibly and ethically, and refer to the tool’s documentation when in doubt.

ByRavishanker Kusuma
Updated on