Tool and Usage
|Latest release||No release found|
Why this tool?
Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.
How it works
Yasuo starts with port scanning and generates an XML file with the results. Using input from this file or Nmap scans, it determines which ports are related to web applications. A connection is then initiated with the web server based on the parameters. For example, it can perform brute force scanning against forms when using the tool with the -b option.
The tool allows saving the state, which can be reused for previously scanned targets. This makes a scan much more efficient as it reduces the number of unneeded steps to take.
Usage and audience
Yasuo is commonly used for penetration testing, vulnerability scanning, or web application analysis. Target users for this tool are pentesters and security professionals.
- Command line interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
History and highlights
- Demo at Black Hat Europe 2016 Arsenal
- Demo at Black Hat USA 2017 Arsenal
Supported operating systems
Yasuo is known to work on Linux.
Similar tools to Yasuo:
W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. Read how it works in this review.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
This tool page was updated at . Found an improvement? Help the community by submitting an update.