Home / Unlabelled / Yasuo - Tool For Detecting Vulnerable & Exploitable 3rd-party Web Applications

Yasuo - Tool For Detecting Vulnerable & Exploitable 3rd-party Web Applications

Yasuo - Tool For Detecting Vulnerable & Exploitable 3rd-party Web Applications

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

There are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.

Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

INSTALLATION

You would need to install the following gems:
  • bundle install --path vendor
  • bundler exec ./yasuo.rb -f [myfile]

Usage:

Yasuo provides following command-line options:

-r :: If you want Yasuo to perform a port scan, use this switch to provide an IP address or IP range

-l :: If you want Yasuo to perform a port scan, use this switch to provide an input file with new-line separated IP addresses, similar to nmap's -iL option

-s :: Provide custom signature file. [./yasuo.rb -s mysignatures.yaml -f nmap.xml] [Default - signatures.yaml]

-f :: If you do not want Yasuo to perform a port scan and already have an nmap output in XML format, use this switch to feed the nmap output

-u :: Takes a newline-separated file of URLs saved from the previous run of Yasuo. 

-n :: Tells Yasuo to not ping the host while performing the port scan. Standard nmap option.

-p :: Use this switch to provide port number(s)/range

-A :: Use this switch to scan all the 65535 ports. Standard nmap option.

-b [all/form/basic] :: If the discovered application implements authentication, use this switch to brute-force the auth. "all" will brute-force both form & HTTP basic auth. "form" will only brute-force form-based auth. "basic" will only brute-force HTTP basic auth.

-t :: Specify the maximum number of threads

-h :: Help


Examples:

./yasuo -r 127.0.0.1 -p 80,8080,443,8443 -b form
The above command will perform port scan against 127.0.0.1 on ports 80, 8080, 443 and 8443 and will brute-force login for all the applications that implement form-based authentication.

./yasuo -l /project/hosts -p 80,8080,443,8443
The above command will perform port scan against the hosts in file /projects/hosts on ports 80, 8080, 443 and 8443 and will not perform any brute-force actions against the applications discovered.

./yasuo -f my_nmap_output.xml -b all
The above command will parse the nmap output file "my_nmap_output.xml" and will brute-force login for all the applications that implement form-based and HTTP basic authentication.


Download YASUO


Source: www.effecthacking.com
Yasuo - Tool For Detecting Vulnerable & Exploitable 3rd-party Web Applications Yasuo - Tool For Detecting Vulnerable & Exploitable 3rd-party Web Applications Reviewed by Anonymous on 10:34 PM Rating: 5

Tags