YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. This is meant to provide a easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit.

The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests.

The tool performs basic checks in these categories:

• TLS/SSL – Versions and cipher suites supported; common issues.
• Information Disclosure – Checks for common information leaks.
• Presence of Files or Directories – Checks for files or directories that could indicate a security issue.
• Common Vulnerabilities
• Missing Security Headers

There are a large list of tests which will help to perform web application fingerprinting to identify CMS, Tomcat , Apache, Nginx, IIS, ASP.NET , PHP , DNS information.

The following are the detailed tests:

• (Generic) User Enumeration via Password Reset Form Response Differences
• (Generic) User Enumeration via Password Reset Form Timing Differences
• (Generic) Info Disclosure: X-Powered-By header present
• (Generic) Info Disclosure: X-Pingback header present
• (Generic) Info Disclosure: X-Backend-Server header present
• (Generic) Info Disclosure: X-Runtime header present
• (Generic) Info Disclosure: Via header present
• (Generic) Info Disclosure: PROPFIND Enabled
• (Generic) TRACE Enabled
• (Generic) X-Frame-Options header not present
• (Generic) X-Content-Type-Options header not present
• (Generic) Content-Security-Policy header not present
• (Generic) Public-Key-Pins header not present
• (Generic) Referrer-Policy header not present
• (Generic) Feature-Policy header not present
• (Generic) X-XSS-Protection disabled header present
• (Generic) SSL: HSTS not enabled
• (Generic) Source Control: Common source control directories present
• (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
• (Generic) Presence of sitemap.xml
• (Generic) Presence of WS_FTP.LOG
• (Generic) Presence of RELEASE-NOTES.txt
• (Generic) Presence of readme.html
• (Generic) Presence of CHANGELOG.txt
• (Generic) Missing cookie flags (Secure, HttpOnly, and SameSite)
• (Generic) Search for 14,405 common files (via --files) & 21,332 common directories (via --dir)
• (Apache) Info Disclosure: Module listing enabled
• (Apache) Info Disclosure: Server version
• (Apache) Info Disclosure: OpenSSL module version
• (Apache) Presence of /server-status
• (Apache) Presence of /server-info
• (Apache Tomcat) Presence of Tomcat Manager
• (Apache Tomcat) Presence of Tomcat Host Manager
• (Apache Tomcat) Tomcat Manager Weak Password
• (Apache Tomcat) Tomcat Host Manager Weak Password
• (Apache Tomcat) Tomcat version detection via invalid HTTP verb
• (Apache Tomcat) Tomcat version detection via File Not Found
• (Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617)
• (Apache Tomcat) Tomcat Windows RCE (CVE-2019-0232)
• (Apache Struts) Sample files which may be vulnerable
• (Nginx) Info Disclosure: Server version
• (Nginx) Info Disclosure: Server status
• (IIS) Info Disclosure: Server version
• (ASP.NET) Info Disclosure: ASP.NET version
• (ASP.NET) Info Disclosure: ASP.NET MVC version
• (ASP.NET) Presence of Trace.axd
• (ASP.NET) Presence of Elmah.axd
• (ASP.NET) Debugging Enabled
• (PHP) Info Disclosure: PHP version
• (Rails) File Content Disclosure: CVE-2019-5418
• (WordPress) Version detection
• (WordPress) WP-JSON User Enumeration

You can read more and download this tool over here: https://github.com/adamcaudill/yawast