Bits and bytes of a hacker.

Automated Web Hacking With Yasuo

Recently Saurabh Harit and Sephen Hall released their latest iteration of Yasuo, a ruby scanner for known vulnerable third party web applications.

The scanner is extremely fast and has numerous arguments that make it easy to use. I gave the scanner a run by feeding it an Nmap XML file to parse. The scanner found all IPs running third party web services and isolated those with default login credentials.

Finally, the scanner prints out a table with the application name and URL. It also recommends a potential exploit and prints the default credentials if any were found.

This tool is great for networks with large IP ranges and I highly recommend it for others to try. The source is readily available on Github here.