Yasuo v2.3 Ruby Web Application Assessment Tool

Yasuo v2.3 Ruby Web Application Assessment Tool

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.

If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.

Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.


Changelog v2.3

  • Accepts file with new-line separated list of IP addresses with “-l” switch.
  • Smart brute-forcing. Introduced app-specific credentials in the signature file, which are tried first.
  • Sqlite database integration. Yasuo output is now stored in a sqlite database.
  • All output and log files are now saved in “logs” directory.
  • And man there were bugs. Fixed now.



Yasuo provides following command-line options:

  • -r :: If you want Yasuo to perform port scan, use this switch to provide an IP address or IP range or an input file with new-line separated IP addresses
  • -s :: Provide custom signature file. [./yasuo.rb -s mysignatures.yaml -f nmap.xml] [Default – signatures.yaml]
  • -f :: If you do not want Yasuo to perform port scan and already have an nmap output in xml format, use this switch to feed the nmap output
  • -u :: Takes a newline-separated file of URLs saved from previous run of Yasuo. See below for more details.
  • -n :: Tells Yasuo to not ping the host while performing the port scan. Standard nmap option.
  • -p :: Use this switch to provide port number(s)/range
  • -A :: Use this switch to scan all the 65535 ports. Standard nmap option.
  • -b [all/form/basic] :: If the discovered application implements authentication, use this switch to brute-force the auth. “all” will brute-force both form & http basic auth. “form” will only brute-force form-based auth. “basic” will only brute-force http basic auth.
  • -t :: Specify maximum number of threads
  • -h :: Well, take a guess


More Information: here

[button size=large style=round color=red align=none url=https://github.com/0xsauby/yasuo]Download Yasuo v2.1[/button]

Thanks to our friend Saurabh Harit [0xsauby], for sharing this tool with us.


www.artssec.com @maxisoler