Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
tfsec is being replaced by Trivy, a more comprehensive open-source security solution
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
A vulnerable Android application demonstrating various security issues and vulnerabilities
A tool that finds unprotected secrets in container images or file systems, matching against a database of 140 secret types.