Skip to content

Usage & Parameters

Adam Caudill edited this page Oct 14, 2017 · 2 revisions

Commands & Parameters

  • Standard scan: yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv] [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345] [--nodns]
  • HEAD-only scan: yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]
  • SSL information: yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]
  • DNS Information: yawast dns <url>
  • CMS detection: yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]

For detailed information, just call yawast -h to see the help page. To see information for a specific command, call yawast -h <command> for full details. Here is an example, the details for the options to the scan command:

        Disables SSL checks
        Disables check for supported ciphers (only with --internalssl)
        Disable SSL Labs integration
        Counts the number of messages that can be sent in a single session
        Enables directory search
        Recursive directory search (only with --dir)
        Show 301 redirects (only with --dir)
        Performs a search for a large list of common files
        Scan for known SRV DNS Records
        Search for Common Subdomains
    --proxy STRING 
        HTTP Proxy Server (such as Burp Suite)
    --cookie STRING 
        Session cookie
        Disable DNS checks

Using with Zap / Burp Suite

By default, Burp Suite's proxy listens on localhost at port 8080, to use YAWAST with Burp Suite (or any proxy for that matter), just add this to the command line:

--proxy localhost:8080

Authenticated Testing

For authenticated testing, YAWAST allows you to specify a cookie to be passed via the --cookie parameter.

--cookie SESSIONID=1234567890

About The Output

You'll notice that most lines begin with a letter in a bracket, this is to tell you how to interpret the result at a glance. There are four possible values:

  • [I] - This indicates that the line is informational, and doesn't necessarily indicate a security issue.
  • [W] - This is a Warning, which means that it could be an issue, or could expose useful information. These need to be evaluated on a case-by-case basis to determine the impact.
  • [V] - This is a Vulnerability, it indicates an issue that is known to be an issue, and needs to be addressed.
  • [E] - This indicates that an error occurred, sometimes these are serious and indicate an issue with your environment, the target server, or the application. In other cases, they may just be informational to let you know that something didn't go as planned.

The indicator used may change over time based on new research or better detection techniques. In all cases, results should be carefully evaluated within the context of the application, how it's used, and what threats apply. The indicator is guidance, a hint if you will, it's up to you to determine the real impact.

You can’t perform that action at this time.