beta-v0.17.1

• Update dependencies.
• Small improvement to allow proxy can be applied in chrome headless
• Refactor and fix some bugs.

beta-v0.17

• Small improve to allow proxy can be applied in chrome headless
• Refactor and fix some bugs.

beta-v0.16

• Added new dns type in signatures to detect subdomain takeover via DNS (experimental).
• Added --fi option and Diff() detection to enable checksum feature for more detection case.
• Refactor and fix some bugs.

---

Explore new checksum feature here and example signatures here

Explore new DNS signatures here and example signatures here

beta-v0.15

• Added new routine type in signatures to do simple logic.
• Added --dr option to disable replicate.
• Refactor and fix some bugs.

---

Explore routine from here here.
Example routine can be found here.

beta-v0.14

• Refactor entire architecture.
• Added replicate in signatures to easily create a replicate of requests with different ports and prefix.

replicate:
  ports: '8080, 9090'
  prefixes: 'actuator, api, admin'

beta-v0.13

• Refactor jaeles config commands.
• Added --at option to enable always true detection for observed response.
• Added chunk mode for dealing with a really big file (experimental).
• Small improve on console color.
• Refactor and fix some bugs.

New config command will look like this

Config Command examples:
  # Init default signatures
  jaeles config init

  # Update latest signatures
  jaeles config update
  jaeles config update --repo http://github.com/jaeles-project/another-signatures --user admin --pass admin
  jaeles config update --repo git@github.com/jaeles-project/another-signatures -K your_private_key

  # Reload signatures from a standard signatures folder (contain passives + resources)
  jaeles config reload --signDir ~/standard-signatures/

  # Add custom signatures from folder
  jaeles config add --signDir ~/custom-signatures/

  # Clean old stuff
  jaeles config clean

beta-v0.12

• Refactor and fix some bugs.
• Improve template engine with sprig.
• Added donce: true for only run detections once.
• Added --json option for store output as JSON.
• Added verbose HTML reports.

beta-v0.11

• Refactor and fix some bugs.
• Added -A option to run API server without authentication.
• Improve conditions and conclusion with Named Capturing Groups.

---

For example from this response:

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=4F6904C386821F445B9C961CF1A10811; Path=/;

we can use RegexSelect("resHeaders", "JSESSIONID=(?P<sess>.*);\\sP") to get 4F6904C386821F445B9C961CF1A10811 as sess variables then can render it in next request with [[.sess]]

beta-v0.10

• Refactor and fix some bugs.
• Added new variable function to get OS Env OSEnv('ENV_NAME', 'default_value')
• Added Confidence in signatures and HTML report.
• Added -J option to parse special input.

echo '{"BaseURL":"https://example.com/sub/"}' | jaeles scan -s sign.yaml -J 

beta-v0.9

• Add new HTML report.
• Improve some detections: ContentLength('body'), ContentLength('resHeaders').
• Refactor and fix some bugs.
• Add Fuzz and Replace generators

# Replace generator
Replace()
http://example.com/FUZZ/sample --> http://example.com/PAYLOAD/sample

# Fuzz generator
Fuzz('{{.payload}}')
http://example.com/{{.FUZZ}}/sample --> http://example.com/PAYLOAD/sample