Yasuo Logo

Yasuo

0
Free
Visit Website

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

FEATURES

ALTERNATIVES

Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.

Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.

Web-application vulnerability scanner with extensive coverage of security testing modules.

A tool to find and search for registered CVEs, creating a local CVE database for offline use.

A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.

A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1

OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.

A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.