X-code Professional

X-code Community

Facebook group

Instagram X-code


X-code Blog

Welcome! Anonymous

The YAWAST Antecedent Web Application Security Toolkit


Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

The YAWAST Antecedent Web Application Security Toolkit

Postby familycode » Thu Jan 25, 2018 4:17 am


The YAWAST Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors.


The following tests are performed:

(Generic) Info Disclosure: X-Powered-By header present
(Generic) Info Disclosure: X-Pingback header present
(Generic) Info Disclosure: X-Backend-Server header present
(Generic) Info Disclosure: X-Runtime header present
(Generic) Info Disclosure: Via header present
(Generic) Info Disclosure: PROPFIND Enabled
(Generic) TRACE Enabled
(Generic) X-Frame-Options header not present
(Generic) X-Content-Type-Options header not present
(Generic) Content-Security-Policy header not present
(Generic) Public-Key-Pins header not present
(Generic) X-XSS-Protection disabled header present
(Generic) SSL: HSTS not enabled
(Generic) Source Control: Common source control directories present
(Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
(Generic) Presence of sitemap.xml
(Generic) Presence of WS_FTP.LOG
(Generic) Presence of RELEASE-NOTES.txt
(Generic) Presence of readme.html
(Generic) Missing cookie flags (Secure, HttpOnly, and SameSite)
(Generic) Search for files (14,169) & common directories (21,332)
(Apache) Info Disclosure: Module listing enabled
(Apache) Info Disclosure: Server version
(Apache) Info Disclosure: OpenSSL module version
(Apache) Presence of /server-status
(Apache) Presence of /server-info
(Apache Tomcat) Presence of Tomcat Manager
(Apache Tomcat) Presence of Tomcat Host Manager
(Apache Tomcat) Tomcat Manager Weak Password
(Apache Tomcat) Tomcat Host Manager Weak Password
(Apache Tomcat) Tomcat version detection via invalid HTTP verb
(Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617)
(Apache Struts) Sample files which may be vulnerable
(IIS) Info Disclosure: Server version
(ASP.NET) Info Disclosure: ASP.NET version
(ASP.NET) Info Disclosure: ASP.NET MVC version
(ASP.NET) Presence of Trace.axd
(ASP.NET) Presence of Elmah.axd
(ASP.NET) Debugging Enabled
(nginx) Info Disclosure: Server version
(PHP) Info Disclosure: PHP version

CMS Detection:

Generic (Generator meta tag) [Real detection coming as soon as I get around to it...]

SSL Information:

Certificate details
Certificate chain
Supported ciphers
Maximum requests using 3DES in a single connection
DNS CAA records

Checks for the following SSL issues are performed:

Expired Certificate
Self-Signed Certificate
MD5 Signature
SHA1 Signature
RC4 Cipher Suites
Weak (< 128 bit) Cipher Suites

Certain DNS information is collected:

IP Addresses
IP Owner/Network (via api.iptoasn.com)
TXT Records
MX Records
NS Records
CAA Records (with CNAME chasing)
Common Subdomains (2,354 subdomains) - optional, via --subdomains
SRV Records - optional, via --srv

In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), TP HEAD request, and others.

Download : https://github.com/adamcaudill/yawast
User avatar
Posts: 367
Joined: Thu Oct 13, 2005 4:06 pm
Location: Yogyakarta


Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 20 guests