Nytro Posted February 11, 2016 Report Share Posted February 11, 2016 YASUO Description Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on. If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter. Link: https://github.com/0xsauby/yasuo Quote Link to comment Share on other sites More sharing options...
torsaves Posted March 1, 2016 Report Share Posted March 1, 2016 Thank you for the share. It is weird they put the application signatures in a YAML file, but still I am glad they did the work on this tool. Quote Link to comment Share on other sites More sharing options...