Yasuo Logo

Yasuo

0
Free
Visit Website

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

FEATURES

ALTERNATIVES

A tool for detecting and exploiting Android application vulnerabilities

Compares target's patch levels against Microsoft vulnerability database and detects missing patches.

A repository containing hourly-updated data dumps of bug bounty platform scopes

A collection of real-world scenarios to evaluate command injection detection and exploitation abilities

A utility for testing AWS Lambda functions for SQL Injection vulnerabilities using SQLMap attacks.

A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.

Command line interface for managing and inspecting images, policies, subscriptions, and registries with support for various operating systems and packages.

LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.

CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2024 - All rights reserved