YAWAST – Antecedent Web Application Security Toolkit
YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. This is meant to provide a easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit.
The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests.

The tool performs basic checks in these categories:
- TLS/SSL – Versions and cipher suites supported; common issues.
- Information Disclosure – Checks for common information leaks.
- Presence of Files or Directories – Checks for files or directories that could indicate a security issue.
- Common Vulnerabilities
- Missing Security Headers
There are a large list of tests which will help to perform web application fingerprinting to identify CMS, Tomcat , Apache, Nginx, IIS, ASP.NET , PHP , DNS information.
The following are the detailed tests:
- (Generic) User Enumeration via Password Reset Form Response Differences
- (Generic) User Enumeration via Password Reset Form Timing Differences
- (Generic) Info Disclosure: X-Powered-By header present
- (Generic) Info Disclosure: X-Pingback header present
- (Generic) Info Disclosure: X-Backend-Server header present
- (Generic) Info Disclosure: X-Runtime header present
- (Generic) Info Disclosure: Via header present
- (Generic) Info Disclosure: PROPFIND Enabled
- (Generic) TRACE Enabled
- (Generic) X-Frame-Options header not present
- (Generic) X-Content-Type-Options header not present
- (Generic) Content-Security-Policy header not present
- (Generic) Public-Key-Pins header not present
- (Generic) Referrer-Policy header not present
- (Generic) Feature-Policy header not present
- (Generic) X-XSS-Protection disabled header present
- (Generic) SSL: HSTS not enabled
- (Generic) Source Control: Common source control directories present
- (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
- (Generic) Presence of sitemap.xml
- (Generic) Presence of WS_FTP.LOG
- (Generic) Presence of RELEASE-NOTES.txt
- (Generic) Presence of readme.html
- (Generic) Presence of CHANGELOG.txt
- (Generic) Missing cookie flags (Secure, HttpOnly, and SameSite)
- (Generic) Search for 14,405 common files (via
--files
) & 21,332 common directories (via--dir
) - (Apache) Info Disclosure: Module listing enabled
- (Apache) Info Disclosure: Server version
- (Apache) Info Disclosure: OpenSSL module version
- (Apache) Presence of /server-status
- (Apache) Presence of /server-info
- (Apache Tomcat) Presence of Tomcat Manager
- (Apache Tomcat) Presence of Tomcat Host Manager
- (Apache Tomcat) Tomcat Manager Weak Password
- (Apache Tomcat) Tomcat Host Manager Weak Password
- (Apache Tomcat) Tomcat version detection via invalid HTTP verb
- (Apache Tomcat) Tomcat version detection via File Not Found
- (Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617)
- (Apache Tomcat) Tomcat Windows RCE (CVE-2019-0232)
- (Apache Struts) Sample files which may be vulnerable
- (Nginx) Info Disclosure: Server version
- (Nginx) Info Disclosure: Server status
- (IIS) Info Disclosure: Server version
- (ASP.NET) Info Disclosure: ASP.NET version
- (ASP.NET) Info Disclosure: ASP.NET MVC version
- (ASP.NET) Presence of Trace.axd
- (ASP.NET) Presence of Elmah.axd
- (ASP.NET) Debugging Enabled
- (PHP) Info Disclosure: PHP version
- (Rails) File Content Disclosure: CVE-2019-5418
- (WordPress) Version detection
- (WordPress) WP-JSON User Enumeration
You can read more and download this tool over here: https://github.com/adamcaudill/yawast