DEV.co
Open-Source Security · jaeles-project

jaeles

Jaeles is a Go-based web application security scanner framework designed for automated vulnerability testing. However, the project is archived and no longer maintained as of the README notice, with the author directing users to a successor project (Vigolium).

Source: GitHub — github.com/jaeles-project/jaeles
2.4k
GitHub stars
334
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryjaeles-project/jaeles
Ownerjaeles-project
Primary languageGo
LicenseMIT — OSI-approved
Stars2.4k
Forks334
Open issues32
Latest releasebeta-v0.17.1 (2023-07-08)
Last updated2026-06-20
Sourcehttps://github.com/jaeles-project/jaeles

What jaeles is

Built in Go with a modular signature-based architecture, Jaeles supports CLI scanning, concurrency control, custom payloads, and integrations with Burp Suite. It relies on external signature repositories and offers both precompiled binaries and source installation via Go 1.17+.

Quickstart

Get the jaeles source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/jaeles-project/jaeles.gitcd jaeles# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Bug Bounty Automation

Signature-driven scanning of multiple targets with customizable payloads and report generation, suitable for security researchers automating reconnaissance workflows.

Framework Extension for Custom Scans

Leverage the Go framework to build internal security scanner tools with custom detection logic, leveraging the modular architecture shown in the GitHub repository.

Integration into Recon Pipelines

CLI-first design and Docker support enable embedding Jaeles into larger security orchestration workflows (e.g., Osmedeus Engine integration mentioned in README).

Implementation considerations

  • Requires Go >= 1.17 with Go Modules if building from source; precompiled binaries available to avoid build complexity.
  • Signature-based detection requires downloading and managing external signature repository separately; integration workflow must account for signature updates and compatibility.
  • Concurrency (-c flag) must be tuned per target to avoid rate-limiting or resource exhaustion; no adaptive throttling mentioned.
  • Custom payloads and parameters are supported via -p flag, but escaping and injection safety depend on signature author rigor.
  • Docker image available (j3ssie/jaeles) but freshness and security posture of image Unknown.

When to avoid it — and what to weigh

  • Active Maintenance Required — Project is explicitly archived and no longer maintained. Security vulnerabilities, compatibility issues with new Go versions, or signature updates will not be addressed by the original team.
  • Enterprise Production Dependency — For mission-critical security scanning in regulated environments, a maintained tool is essential. Use only in controlled, non-production contexts or after thorough internal vetting.
  • Signature Library Currency — Relies on external signature repository (jaeles-signatures). Unknown maintenance status of signatures for emerging vulnerabilities or recent CVEs.
  • Support Expectations — No official support channel. Community contributions and issue resolution are unpredictable for an archived project.

License & commercial use

Licensed under MIT (permissive OSI license). Permits use, modification, and distribution for any purpose, including commercial, provided attribution and license text are retained.

MIT license permits commercial use without restriction. However, archived status means no vendor liability, warranty, or indemnity. Use in commercial security operations carries risk of unpatched vulnerabilities or feature gaps. Evaluate internal fork or successor (Vigolium) for production deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceStale
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Archived project carries inherent risk: unpatched Go dependencies, potential incompatibility with current OS/Go versions, and no vendor security response. Signature quality depends on external repository maintainers. When scanning sensitive targets or production systems, verify that your deployment includes all required security patches, use in isolated environments, and validate signature accuracy before trust. No security audit or disclosure policy data provided.

Alternatives to consider

Vigolium

Explicitly recommended successor by Jaeles author as 'better in every way'; actively maintained with modern architecture.

Burp Suite Community / Pro

Established, maintained web app scanner with professional support, robust signature set, and active vulnerability research.

OWASP ZAP

Free, open-source, actively maintained web application security scanner with strong community support and regular updates.

Software development agency

Build on jaeles with DEV.co software developers

Jaeles is archived and no longer supported. For active security scanning needs, consider Vigolium (successor), Burp Suite, or OWASP ZAP instead.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

jaeles FAQ

Is Jaeles still maintained?
No. The repository is archived and the author recommends using Vigolium instead. No security patches or feature updates should be expected.
Can I use Jaeles in production?
Not recommended. For production security scanning, use a maintained tool like Burp Suite, ZAP, or Vigolium. Jaeles may be acceptable for isolated research or legacy systems if validated thoroughly.
How do I extend Jaeles with custom signatures?
Signatures are managed in the external jaeles-signatures repository. Extend or fork that repository; refer to official documentation for signature format (link provided in README).
What is the Go version requirement?
Go >= 1.17 with Go Modules enabled if building from source. Precompiled binaries are available for download and avoid this requirement.

Software development & web development with DEV.co

Need help beyond evaluating jaeles? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source security integrations — and maintain them long-term.

Evaluate Maintained Alternatives

Jaeles is archived and no longer supported. For active security scanning needs, consider Vigolium (successor), Burp Suite, or OWASP ZAP instead.