Skip to content

Installation

Adam Caudill edited this page Apr 18, 2019 · 4 revisions

Installing

The simplest method to install is to use the RubyGem installer:

gem install yawast

This allows for simple updates (gem update yawast) and makes it easy to ensure that you are always using the latest version.

YAWAST requires Ruby 2.2+, and is tested on Mac OSX, Linux, and Windows. YAWAST is tested against Ruby 2.2.8, 2.3.5, and 2.4.2.

Note: There are additional dependencies required for certain scanning features starting with YAWAST 0.7.0; see the "Enhanced Vulnerability Scanner" section below for details.

Docker

YAWAST can be run inside a docker container.

docker pull adamcaudill/yawast && docker run --rm adamcaudill/yawast scan <url> ...

This is the recommended option, especially if you need to perform the SWEET32 test (--tdessessioncount), due to OpenSSL dropping support for the 3DES cipher suites.

If you would like to capture the JSON output via the --output= option, you will need to use a slightly different command. The following example is for macOS, Linux, etc., for Windows, you will need to modify the command. The following mounts the current directory to the Docker image, so that it can write the JSON file:

$ docker pull adamcaudill/yawast && docker run -v `pwd`/:/data/output/ --rm adamcaudill/yawast scan <url> --output=./output/

Kali Rolling

To install on Kali, just run gem install yawast - all of the dependencies are already installed. Note: The version of OpenSSL used with Kali doesn't support 3DES cipher suites, so some tests, such as SWEET32 do not work. If you need these tests to work, using the Docker image is the recommended solution.

Ubuntu

To install YAWAST, you first need to install a couple packages via apt-get:

sudo apt-get install ruby ruby-dev
sudo gem install yawast

macOS

The version of Ruby shipped with macOS is too old, so the recommended solution is to use RVM:

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
rvm install 2.4
rvm use 2.4 --default
gem install yawast

Windows

To install on Windows, you need to first install Ruby. This can be done easily with the latest version of RubyInstaller. Once Ruby is installed, YAWAST can be installed via gem install yawast as normal.

Enhanced Vulnerability Scanner

Starting in YAWAST version 0.7.0, there is a new vulnerability scanner that performs tests that aren't possible using Ruby alone. To accomplish this, the new vulnerability scanner uses Chrome via Selenium, which adds a few additional dependencies:

macOS

ChromeDriver can be installed via brew using the following commands:

brew tap homebrew/cask
brew cask install chromedriver

Linux

ChromeDriver for Linux can be install using the following commands; please make sure that you are using the latest stable release from the ChromeDriver web site.

wget https://chromedriver.storage.googleapis.com/73.0.3683.68/chromedriver_linux64.zip
unzip chromedriver_linux64.zip
sudo mv chromedriver /usr/bin/chromedriver
sudo chown root:root /usr/bin/chromedriver
sudo chmod +x /usr/bin/chromedriver

Windows

You can easily install ChromeDriver on Windows via a package manager such as Chocolatey using the following command:

choco install chromedriver
You can’t perform that action at this time.