Yasuo
Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A JavaScript scanner built in PHP for scraping URLs and other information.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
Automate software supply chain security by blocking malicious open source components
A tool for detecting and exploiting vulnerabilities in web applications
SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.
A virtual host scanner with the ability to detect catch-all scenarios, aliases, and dynamic default pages, presented at SecTalks BNE in September 2017.
A hybrid mobile app for Android that intentionally contains vulnerabilities for testing and education
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.