YAWAST – Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. This is meant to provide a easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit.

The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests.

YAWAST - Antecedent Web Application Security Toolkit
YAWAST – Antecedent Web Application Security Toolkit

The tool performs basic checks in these categories:

  • TLS/SSL – Versions and cipher suites supported; common issues.
  • Information Disclosure – Checks for common information leaks.
  • Presence of Files or Directories – Checks for files or directories that could indicate a security issue.
  • Common Vulnerabilities
  • Missing Security Headers

There are a large list of tests which will help to perform web application fingerprinting to identify CMS, Tomcat , Apache, Nginx, IIS, ASP.NET , PHP , DNS information.

The following are the detailed tests:

  • (Generic) User Enumeration via Password Reset Form Response Differences
  • (Generic) User Enumeration via Password Reset Form Timing Differences
  • (Generic) Info Disclosure: X-Powered-By header present
  • (Generic) Info Disclosure: X-Pingback header present
  • (Generic) Info Disclosure: X-Backend-Server header present
  • (Generic) Info Disclosure: X-Runtime header present
  • (Generic) Info Disclosure: Via header present
  • (Generic) Info Disclosure: PROPFIND Enabled
  • (Generic) TRACE Enabled
  • (Generic) X-Frame-Options header not present
  • (Generic) X-Content-Type-Options header not present
  • (Generic) Content-Security-Policy header not present
  • (Generic) Public-Key-Pins header not present
  • (Generic) Referrer-Policy header not present
  • (Generic) Feature-Policy header not present
  • (Generic) X-XSS-Protection disabled header present
  • (Generic) SSL: HSTS not enabled
  • (Generic) Source Control: Common source control directories present
  • (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
  • (Generic) Presence of sitemap.xml
  • (Generic) Presence of WS_FTP.LOG
  • (Generic) Presence of RELEASE-NOTES.txt
  • (Generic) Presence of readme.html
  • (Generic) Presence of CHANGELOG.txt
  • (Generic) Missing cookie flags (Secure, HttpOnly, and SameSite)
  • (Generic) Search for 14,405 common files (via --files) & 21,332 common directories (via --dir)
  • (Apache) Info Disclosure: Module listing enabled
  • (Apache) Info Disclosure: Server version
  • (Apache) Info Disclosure: OpenSSL module version
  • (Apache) Presence of /server-status
  • (Apache) Presence of /server-info
  • (Apache Tomcat) Presence of Tomcat Manager
  • (Apache Tomcat) Presence of Tomcat Host Manager
  • (Apache Tomcat) Tomcat Manager Weak Password
  • (Apache Tomcat) Tomcat Host Manager Weak Password
  • (Apache Tomcat) Tomcat version detection via invalid HTTP verb
  • (Apache Tomcat) Tomcat version detection via File Not Found
  • (Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617)
  • (Apache Tomcat) Tomcat Windows RCE (CVE-2019-0232)
  • (Apache Struts) Sample files which may be vulnerable
  • (Nginx) Info Disclosure: Server version
  • (Nginx) Info Disclosure: Server status
  • (IIS) Info Disclosure: Server version
  • (ASP.NET) Info Disclosure: ASP.NET version
  • (ASP.NET) Info Disclosure: ASP.NET MVC version
  • (ASP.NET) Presence of Trace.axd
  • (ASP.NET) Presence of Elmah.axd
  • (ASP.NET) Debugging Enabled
  • (PHP) Info Disclosure: PHP version
  • (Rails) File Content Disclosure: CVE-2019-5418
  • (WordPress) Version detection
  • (WordPress) WP-JSON User Enumeration

You can read more and download this tool over here: https://github.com/adamcaudill/yawast

Share