YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories:

• TLS/SSL - Versions and cipher suites supported; common issues.
• Information Disclosure - Checks for common information leaks.
• Presence of Files or Directories - Checks for files or directories that could indicate a security issue.
• Common Vulnerabilities
• Missing Security Headers

This is meant to provide an easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).

Getting Started

YAWAST is packaged as a Python package, Docker container, and as a Windows EXE to make installing it as easy as possible. Details are available on the installation page.

Windows

The simplest option for Windows users is to download the compiled executable, as Windows requires certain dependencies to be compile.

macOS, Linux, etc.

The simplest options to install are:

As a Python package: pip3 install yawast (YAWAST requires Python 3.7)

Docker

docker pull adamcaudill/yawast

It’s strongly recommended that you review the installation page to ensure you have the proper dependencies.

Documentation

Details about YAWAST and how to use it can be found below:

• Installation
• Usage & Parameters
• Scanning TLS/SSL
  • OpenSSL & 3DES Compatibility
• Sample Output
• FAQ
• Change Log

Recent Blog Posts

• 02 Jan 2020 » YAWAST 0.11 Released
• 10 Dec 2019 » YAWAST 0.10 Released
• 04 Sep 2019 » YAWAST 0.9 Released
• 16 Aug 2019 » YAWAST 0.8 Released
• 13 Aug 2019 » Welcome to YAWAST.org