LSE toolsLSE toolsYasuo (295)Yasuo (295)

Tool and Usage

Project details

Programming language
Saurabh Harit
Latest release
No release found
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.

How it works

Yasuo starts with port scanning and generates an XML file with the results. Using input from this file or Nmap scans, it determines which ports are related to web applications. A connection is then initiated with the web server based on the parameters. For example, it can perform brute force scanning against forms when using the tool with the -b option.

The tool allows saving the state, which can be reused for previously scanned targets. This makes a scan much more efficient as it reduces the number of unneeded steps to take.

Usage and audience

Yasuo is commonly used for penetration testing, vulnerability scanning, or web application analysis. Target users for this tool are pentesters and security professionals.


  • Command line interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

History and highlights

  • Demo at Black Hat Europe 2016 Arsenal
  • Demo at Black Hat USA 2017 Arsenal

Author and Maintainers

Yasuo is under development by Saurabh Harit.


Supported operating systems

Yasuo is known to work on Linux.

Yasuo alternatives

Similar tools to Yasuo:



W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. Read how it works in this review.



Web Application Security Scanner aimed towards helping users evaluate the security of web applications



The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

All Yasuo alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.