YAWAST

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors.

View the Project on GitHub adamcaudill/yawast

Checks Performed

The following checks are performed; please note, this may not include all checks performed by YAWAST, but is an overview.

TLS/SSL Information

By default, YAWAST uses SSL Labs to gather information and issues related to TLS. This includes the full list of issues reported by SSL Labs, with some additional information and issues captured. When a scan is performed against a target that SSL Labs would not be able to scan (such as a private IP address), YAWAST will use SSLyze to perform this analysis.

By using SSL Labs and SSLyze, YAWAST is able to capture a significant number of TLS issues; the full list is too long (and updated too often) to display here.

Checks for the following SSL issues are performed (the exact list depends on which integration is used):

SWEET32

YAWAST is unique among the tools available, in that it provides the only implementation of a test for SWEET32 that does more than check for cipher suites with a 64-bit block size. This allows YAWAST to provide the most accurate assessment of this issue available.

See here for more information.

DNS Information

In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others.