Metadata-Version: 2.4
Name: yawast-ng
Version: 0.12.1
Summary: The YAWAST Antecedent Web Application Security Toolkit
Home-page: https://github.com/Numorian/yawast-ng
Author: Adam Caudill
Author-email: adam@adamcaudill.com
License: MIT
Project-URL: Bug Reports, https://github.com/Numorian/yawast-ng/issues
Project-URL: Source, https://github.com/Numorian/yawast-ng
Project-URL: Changelog, https://github.com/Numorian/yawast-ng/blob/master/CHANGELOG.md
Keywords: security tls ssl dns http scan vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Natural Language :: English
Classifier: Topic :: Internet :: Name Service (DNS)
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: System :: Networking
Classifier: Topic :: Software Development :: Testing
Classifier: Topic :: Security
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: sslyze==6.0.0
Requires-Dist: requests-mock<2.0.0,>=1.12
Requires-Dist: jsonschema<5.0.0,>=4.0
Requires-Dist: validator-collection<2.0.0,>=1.5.0
Requires-Dist: requests
Requires-Dist: publicsuffixlist<2.0.0,>=1.0.0
Requires-Dist: dnspython<3.0.0,>=2.7
Requires-Dist: urllib3
Requires-Dist: colorama<0.5.0,>=0.4.0
Requires-Dist: nassl<6,>=5.2
Requires-Dist: cryptography<43,>42
Requires-Dist: packaging<25.0,>=24.2
Requires-Dist: beautifulsoup4<5.0.0,>=4.13.0
Requires-Dist: psutil<8.0.0,>=7.0
Requires-Dist: selenium<5.0.0,>=4.30
Requires-Dist: setuptools<79.0.0,>=78.1
Requires-Dist: ordered-set<5.0.0,>=4.1.0
Requires-Dist: python-dateutil<3.0.0,>=2.9.0
Requires-Dist: webdriver-manager
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: license-file
Dynamic: project-url
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

## yawast-ng
![unit-tests](https://github.com/Numorian/yawast-ng/workflows/unit-tests/badge.svg) [![codecov](https://codecov.io/github/Numorian/yawast-ng/branch/main/graph/badge.svg?token=LPEIB8NOE3)](https://codecov.io/github/Numorian/yawast-ng) [![PyPI version](https://img.shields.io/pypi/v/yawast-ng.svg)](https://pypi.org/project/yawast-ng/) [![Python version](https://img.shields.io/pypi/pyversions/yawast-ng.svg)](https://pypi.org/project/yawast-ng/) [![Static Badge](https://img.shields.io/badge/Docker-pull-blue)](https://hub.docker.com/r/adcaudill/yawast-ng)

![YAWAST](https://github.com/Numorian/yawast-ng/raw/main/yawast_logo_v1.svg?sanitize=true)

### The YAWAST Antecedent Web Application Security Toolkit - _Next Generation_

yawast-ng is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories:

* TLS/SSL - Versions and cipher suites supported; common issues.
* Information Disclosure - Checks for common information leaks.
* Presence of Files or Directories - Checks for files or directories that could indicate a security issue.
* Common Vulnerabilities
* Missing Security Headers

This is meant to provide a easy way to perform initial analysis and information discovery. It's not a full testing suite, and it certainly isn't Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the `--proxy` parameter).

#### _Next Generation_

This project is a continuation of YAWAST, as yawast-ng, to continue the project by the original author, years after the original project was ended, taking the project in a new direction.

### Documentation

* [Checks Performed](https://numorian.github.io/yawast-ng/checks/)
* [Installation](https://numorian.github.io/yawast-ng/installation/)
* [Usage & Parameters](https://numorian.github.io/yawast-ng/usage/)
* [Scanning TLS/SSL](https://numorian.github.io/yawast-ng/tls/)
  * [OpenSSL & 3DES Compatibility](https://numorian.github.io/yawast-ng/openssl/)
* [Sample Output](https://numorian.github.io/yawast-ng/sample/)
* [FAQ](https://numorian.github.io/yawast-ng/faq/)

Please see [the project website](https://numorian.github.io/yawast-ng/) for full documentation.

### Usage

The most common usage scenario is as simple as:

`yawast-ng scan <url1>`

Detailed [usage information](https://numorian.github.io/yawast-ng/usage/) is available on the project web site.

### Contributing

1. Fork it (https://github.com/Numorian/yawast-ng/fork)
2. Create your feature branch (`git checkout -b my-new-feature origin/develop`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request

Issues that are labeled as [good first issue](https://github.com/Numorian/yawast-ng/labels/good%20first%20issue) are great starting points for new contributors. These are less complex issues that will help make you familiar with working on yawast-ng.

Contributions, in the form of feature requests and pull requests are both welcome and encouraged. yawast-ng will only evolve if users are willing and able to give back, and work too make yawast-ng better for everyone.

Information on development standards, and guidelines for issues are available in our [CONTRIBUTING](/CONTRIBUTING.md) document.

### Special Thanks

* [SecLists](https://github.com/danielmiessler/SecLists) - Various lists are based on the resources collected by this project.
* [FuzzDB Project](https://github.com/fuzzdb-project) - Various lists are based on the resources collected by this project.
