Changelog yawast v0.5.0 – In Development:
+ #75 – Use internal SSL scanner for non-standard ports
+ #84 – Improve the display of ct_precert_scts
+ #86 – Add check for Tomcat Manager & common passwords
+ #87 – Tomcat version detection via invalid HTTP verb
+ #88 – Add IP Network Info via api.iptoasn.com
+ #89 – Add IP Location Info
+ #76 – Bug: Handle error for OpenSSL version support error
+ Various code and other improvements.
YAWAST v0.5.0.beta2
yawast v0.4.0
This application is still very much in the early development phase; as such it should be viewed as alpha software, and thus may have bugs, perform unexpectedly, or be missing features you’d expect from a tool like this. Please keep this in mind as you use this.
yawast
Why?
Because.
This is meant to provide a easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests
Tests
The following tests are performed:
+ (Generic) Info Disclosure: X-Powered-By header present
+ (Generic) Info Disclosure: X-Pingback header present
+ (Generic) Info Disclosure: X-Backend-Server header present
+ (Generic) Info Disclosure: X-Runtime header present
+ (Generic) Info Disclosure: Via header present
+ (Generic) X-Frame-Options header not present
+ (Generic) X-XSS-Protection disabled header present
+ (Generic) SSL: HSTS not enabled
+ (Generic) Source Control: Common source control directories present
+ (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
+ (Generic) Presence of WS_FTP.LOG
+ (Apache) Info Disclosure: Module listing enabled
+ (Apache) Info Disclosure: Server version
+ (Apache) Info Disclosure: OpenSSL module version
+ (Apache) Presence of /server-status
+ (Apache) Presence of /server-info
+ (IIS) Info Disclosure: Server version
+ (ASP.NET) Info Disclosure: ASP.NET version
+ (ASP.NET) Info Disclosure: ASP.NET MVC version
+ (ASP.NET) Presence of Trace.axd
+ (ASP.NET) Presence of Elmah.axd
+ (nginx) Info Disclosure: Server version
+ (PHP) Info Disclosure: PHP version
+ CMS Detection: Generic (Generator meta tag) [Real detection coming as soon as I get around to it…]
++ SSL Information:
– Certificate details
– Certification chain
– Supported Chippers
In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others
Usage:
makesure you have ruby language git clone https://github.com/adamcaudill/yawast && cd yawast gem install bundler bundle install Ubuntu/Debian7&8/Kali2.0/Rolling sudo apt-get install ruby ruby-dev sudo gem install yawast Mac OSX: gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 \curl -sSL https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm rvm install 2.2 rvm use 2.2 --default gem install yawast update git pull origin master
Source: https://github.com/adamcaudill | Our Post Before