Yosuo v2.3- is A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.

Yosuo v2.3- is A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.

Changelog Yasuo v2.3:
1) Accepts file with new-line separated list of IP addresses with “-l” switch.
2) Smart brute-forcing. Introduced app-specific credentials in the signature file, which are tried first.
3) Sqlite database integration. Yasuo output is now stored in a sqlite database.
4) All output and log files are now saved in “logs” directory.
5) And man there were bugs. Fixed now.

yasuo v2.3

yasuo v2.3

yasuo 2.1

yasuo 2.1

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.

If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.
Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

Setup / Install

Details

Yasuo provides following command-line options:

Examples
./yasuo -r 127.0.0.1 -p 80,8080,443,8443 -b form
The above command will perform port scan against 127.0.0.1 on ports 80, 8080, 443 and 8443 and will brute-force login for all the applications that implement form-based authentication.

./yasuo -f my_nmap_output.xml -b all
The above command will parse the nmap output file “my_nmap_output.xml” and will brute-force login for all the applications that implement form-based and http basic authentication.

Download : Master.zip  | Clone Url
Source : https://github.com/0xsauby | Our Post Before