GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → adamcaudill → Yawast

adamcaudill / Yawast

Licence: mit
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securityssltlssecurity-auditsecurity-scannerappsec

Projects that are alternatives of or similar to Yawast

Tlsfuzzer
SSL and TLS protocol test suite and fuzzer
Stars: ✭ 335 (+85.08%)
Mutual labels:  ssl, tls, security-audit
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (-49.72%)
Mutual labels:  tls, ssl, appsec
Atls
A light TLS implementation used for learning: TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 GMSSL 1.1(国密SSL) based on libcrypto.so.
Stars: ✭ 134 (-25.97%)
Mutual labels:  ssl, tls
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (-25.41%)
Mutual labels:  ssl, tls
Badssl.com
🔒 Memorable site for testing clients against bad SSL configs.
Stars: ✭ 2,234 (+1134.25%)
Mutual labels:  ssl, tls
Chromium Gost
Chromium с поддержкой алгоритмов ГОСТ
Stars: ✭ 123 (-32.04%)
Mutual labels:  ssl, tls
Libleakmydata
A simple LD_PRELOAD library to disable SSL certificate verification. Inspired by libeatmydata.
Stars: ✭ 132 (-27.07%)
Mutual labels:  ssl, tls
Fluentftp
An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#,…
Stars: ✭ 1,943 (+973.48%)
Mutual labels:  ssl, tls
Captagent
100% Open-Source Packet Capture Agent for HEP
Stars: ✭ 116 (-35.91%)
Mutual labels:  ssl, tls
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-10.5%)
Mutual labels:  security-audit, security-scanner
Search Guard Ssl
Elasticsearch SSL for free. Supports native Open SSL.
Stars: ✭ 159 (-12.15%)
Mutual labels:  ssl, tls
Https Ssl Cert Check Zabbix
Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.
Stars: ✭ 162 (-10.5%)
Mutual labels:  ssl, tls
Certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates.
Stars: ✭ 1,689 (+833.15%)
Mutual labels:  ssl, tls
Pem
Easy PEM file parsing in Python.
Stars: ✭ 122 (-32.6%)
Mutual labels:  ssl, tls
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-9.94%)
Mutual labels:  ssl, tls
Tlslite Ng
TLS implementation in pure python, focused on interoperability testing
Stars: ✭ 119 (-34.25%)
Mutual labels:  ssl, tls
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+907.73%)
Mutual labels:  security-audit, security-scanner
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1173.48%)
Mutual labels:  security-audit, security-scanner
React Native Tcp Socket
React Native TCP socket API for Android, iOS & macOS with client SSL/TLS support
Stars: ✭ 112 (-38.12%)
Mutual labels:  ssl, tls
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (-37.57%)
Mutual labels:  ssl, tls
View All Similar Projects ➔

YAWAST codecov CodeFactor Language grade: Python PyPI version Docker Pulls Twitter Follow

YAWAST

The YAWAST Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories:

  • TLS/SSL - Versions and cipher suites supported; common issues.
  • Information Disclosure - Checks for common information leaks.
  • Presence of Files or Directories - Checks for files or directories that could indicate a security issue.
  • Common Vulnerabilities
  • Missing Security Headers

This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter).

Documentation

Please see yawast.org for full documentation.

Usage

The most common usage scenario is as simple as:

yawast scan <url1> <url2>

Detailed usage information is available on the YAWAST web site.

Contributing

  1. Fork it (https://github.com/adamcaudill/yawast/fork)
  2. Create your feature branch (git checkout -b my-new-feature origin/develop)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

Issues that are labeled as beginner are great starting points for new contributors. These are less complex issues that will help make you familiar with working on YAWAST.

Contributions, in the form of feature requests and pull requests are both welcome and encouraged. YAWAST will only evolve if users are willing and able to give back, and work too make YAWAST better for everyone.

Information on development standards, and guidelines for issues are available in our CONTRIBUTING document.

Special Thanks

  • BSI AppSec - Generously providing time to improve this tool.
  • SecLists - Various lists are based on the resources collected by this project.
  • FuzzDB Project - Various lists are based on the resources collected by this project.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].