Usage & Parameters
Commands & Parameters
- Standard scan:
yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv] [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345] [--nodns]
- HEAD-only scan:
yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]
- SSL information:
yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]
- DNS Information:
yawast dns <url>
- CMS detection:
yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]
For detailed information, just call
yawast -h to see the help page. To see information for a specific command, call
yawast -h <command> for full details. Here is an example, the details for the options to the
OPTIONS: --nossl Disables SSL checks --nociphers Disables check for supported ciphers (only with --internalssl) --internalssl Disable SSL Labs integration --tdessessioncount Counts the number of messages that can be sent in a single session --dir Enables directory search --dirrecursive Recursive directory search (only with --dir) --dirlistredir Show 301 redirects (only with --dir) --files Performs a search for a large list of common files --srv Scan for known SRV DNS Records --subdomains Search for Common Subdomains --proxy STRING HTTP Proxy Server (such as Burp Suite) --cookie STRING Session cookie --nodns Disable DNS checks
Using with Zap / Burp Suite
By default, Burp Suite's proxy listens on localhost at port 8080, to use YAWAST with Burp Suite (or any proxy for that matter), just add this to the command line:
For authenticated testing, YAWAST allows you to specify a cookie to be passed via the
About The Output
You'll notice that most lines begin with a letter in a bracket, this is to tell you how to interpret the result at a glance. There are four possible values:
[I]- This indicates that the line is informational, and doesn't necessarily indicate a security issue.
[W]- This is a Warning, which means that it could be an issue, or could expose useful information. These need to be evaluated on a case-by-case basis to determine the impact.
[V]- This is a Vulnerability, it indicates an issue that is known to be an issue, and needs to be addressed.
[E]- This indicates that an error occurred, sometimes these are serious and indicate an issue with your environment, the target server, or the application. In other cases, they may just be informational to let you know that something didn't go as planned.
The indicator used may change over time based on new research or better detection techniques. In all cases, results should be carefully evaluated within the context of the application, how it's used, and what threats apply. The indicator is guidance, a hint if you will, it's up to you to determine the real impact.