jaeles
Jaeles is a Go-based web application security scanner framework designed for automated vulnerability testing. However, the project is archived and no longer maintained as of the README notice, with the author directing users to a successor project (Vigolium).
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | jaeles-project/jaeles |
| Owner | jaeles-project |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 2.4k |
| Forks | 334 |
| Open issues | 32 |
| Latest release | beta-v0.17.1 (2023-07-08) |
| Last updated | 2026-06-20 |
| Source | https://github.com/jaeles-project/jaeles |
What jaeles is
Built in Go with a modular signature-based architecture, Jaeles supports CLI scanning, concurrency control, custom payloads, and integrations with Burp Suite. It relies on external signature repositories and offers both precompiled binaries and source installation via Go 1.17+.
Get the jaeles source
Clone the repository and explore it locally.
git clone https://github.com/jaeles-project/jaeles.gitcd jaeles# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Go >= 1.17 with Go Modules if building from source; precompiled binaries available to avoid build complexity.
- Signature-based detection requires downloading and managing external signature repository separately; integration workflow must account for signature updates and compatibility.
- Concurrency (-c flag) must be tuned per target to avoid rate-limiting or resource exhaustion; no adaptive throttling mentioned.
- Custom payloads and parameters are supported via -p flag, but escaping and injection safety depend on signature author rigor.
- Docker image available (j3ssie/jaeles) but freshness and security posture of image Unknown.
When to avoid it — and what to weigh
- Active Maintenance Required — Project is explicitly archived and no longer maintained. Security vulnerabilities, compatibility issues with new Go versions, or signature updates will not be addressed by the original team.
- Enterprise Production Dependency — For mission-critical security scanning in regulated environments, a maintained tool is essential. Use only in controlled, non-production contexts or after thorough internal vetting.
- Signature Library Currency — Relies on external signature repository (jaeles-signatures). Unknown maintenance status of signatures for emerging vulnerabilities or recent CVEs.
- Support Expectations — No official support channel. Community contributions and issue resolution are unpredictable for an archived project.
License & commercial use
Licensed under MIT (permissive OSI license). Permits use, modification, and distribution for any purpose, including commercial, provided attribution and license text are retained.
MIT license permits commercial use without restriction. However, archived status means no vendor liability, warranty, or indemnity. Use in commercial security operations carries risk of unpatched vulnerabilities or feature gaps. Evaluate internal fork or successor (Vigolium) for production deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Stale |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
Archived project carries inherent risk: unpatched Go dependencies, potential incompatibility with current OS/Go versions, and no vendor security response. Signature quality depends on external repository maintainers. When scanning sensitive targets or production systems, verify that your deployment includes all required security patches, use in isolated environments, and validate signature accuracy before trust. No security audit or disclosure policy data provided.
Alternatives to consider
Vigolium
Explicitly recommended successor by Jaeles author as 'better in every way'; actively maintained with modern architecture.
Burp Suite Community / Pro
Established, maintained web app scanner with professional support, robust signature set, and active vulnerability research.
OWASP ZAP
Free, open-source, actively maintained web application security scanner with strong community support and regular updates.
Build on jaeles with DEV.co software developers
Jaeles is archived and no longer supported. For active security scanning needs, consider Vigolium (successor), Burp Suite, or OWASP ZAP instead.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
jaeles FAQ
Is Jaeles still maintained?
Can I use Jaeles in production?
How do I extend Jaeles with custom signatures?
What is the Go version requirement?
Software development & web development with DEV.co
Need help beyond evaluating jaeles? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source security integrations — and maintain them long-term.
Evaluate Maintained Alternatives
Jaeles is archived and no longer supported. For active security scanning needs, consider Vigolium (successor), Burp Suite, or OWASP ZAP instead.