Yasuo v2.3 Ruby Web Application Assessment Tool

Yasuo v2.3 Ruby Web Application Assessment Tool

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.

If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.

Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

 

Changelog v2.3

  • Accepts file with new-line separated list of IP addresses with “-l” switch.
  • Smart brute-forcing. Introduced app-specific credentials in the signature file, which are tried first.
  • Sqlite database integration. Yasuo output is now stored in a sqlite database.
  • All output and log files are now saved in “logs” directory.
  • And man there were bugs. Fixed now.

 

Details

Yasuo provides following command-line options:

  • -r :: If you want Yasuo to perform port scan, use this switch to provide an IP address or IP range or an input file with new-line separated IP addresses
  • -s :: Provide custom signature file. [./yasuo.rb -s mysignatures.yaml -f nmap.xml] [Default – signatures.yaml]
  • -f :: If you do not want Yasuo to perform port scan and already have an nmap output in xml format, use this switch to feed the nmap output
  • -u :: Takes a newline-separated file of URLs saved from previous run of Yasuo. See below for more details.
  • -n :: Tells Yasuo to not ping the host while performing the port scan. Standard nmap option.
  • -p :: Use this switch to provide port number(s)/range
  • -A :: Use this switch to scan all the 65535 ports. Standard nmap option.
  • -b [all/form/basic] :: If the discovered application implements authentication, use this switch to brute-force the auth. “all” will brute-force both form & http basic auth. “form” will only brute-force form-based auth. “basic” will only brute-force http basic auth.
  • -t :: Specify maximum number of threads
  • -h :: Well, take a guess

 

More Information: here

[button size=large style=round color=red align=none url=https://github.com/0xsauby/yasuo]Download Yasuo v2.1[/button]

Thanks to our friend Saurabh Harit [0xsauby], for sharing this tool with us.

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community