Open In App

YAWAST – Open Source Web Application Information Gathering Toolkit

Improve
Improve
Like Article
Like
Save
Share
Report

Yawast is a free and open-source toolkit for web application and penetration testing. This toolkit is very useful for performing information gathering of the target domain and finding vulnerabilities on the web application. These vulnerabilities can be related to directories, application headers SSL/TLS, etc. By using yawast users can also get details of the certificate, DNS CAA records, and all the supported ciphers.

This tool can detect expired certificates of web applications and self-signed certificates, all the weak cipher suites, and sweet32. Yawast has special features of information disclosure test which is useful for finding out server information, leaked headers, open SSL modules, CMS information, etc. Yawast can find certain DNS information such as MX Record, NS record, CAA record, subdomain information, IP address

YAWAST – Open Source Web Application Information Gathering Toolkit

Installation

Step 1: Open your kali Linux operating system and use the following command to install the yawast toolkit.

gem install yawast

YAWAST – Open Source Web Application Information Gathering Toolkit

The tool has been installed successfully in your kali Linux operating system. Now we will see examples to use the tool.

Usages:

Example 1: Use the yawast tool to perform scanning on a domain.

yawast scan <domain>

The tool found various information such as Public key presence, feature policy, whether XSS protection is enabled or not.

Example 2: Use the Yawast toolkit to perform a DNS scan on a domain.

yawast dns <domain>

The tool has started finding the DNS information of the domain. Similarly, you can use yawast tool to perform scanning on your target. This tool is very useful in the initial phases of penetration testing.


Last Updated : 23 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads