yawast-ng is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories:

• TLS/SSL - Versions and cipher suites supported; common issues.
• Information Disclosure - Checks for common information leaks.
• Presence of Files or Directories - Checks for files or directories that could indicate a security issue.
• Common Vulnerabilities
• Missing Security Headers

This is meant to provide an easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the --proxy parameter). For authenticated scanning, a cookie or header can be passed in (see Usage)

Getting Started

yawast-ng is packaged as a Python package and as a Docker container to make installing it as easy as possible. Details are available on the installation page.

macOS, Linux, etc.

The simplest options to install are:

As a Python package: pip3 install yawast-ng (yawast-ng Python 3.9+)

Docker

docker pull adcaudill/yawast-ng

It’s strongly recommended that you review the installation page to ensure you have the proper dependencies.

Documentation

Details about yawast-ng and how to use it can be found below:

• Installation
• Usage & Parameters
• Scanning TLS/SSL
  • OpenSSL & 3DES Compatibility
• Sample Output
• Plugins
• FAQ
• Change Log

Recent Blog Posts

• 04 Apr 2025 » Announcing yawast-ng
• 02 Jan 2020 » YAWAST 0.11 Released
• 10 Dec 2019 » YAWAST 0.10 Released
• 04 Sep 2019 » YAWAST 0.9 Released
• 16 Aug 2019 » YAWAST 0.8 Released
• 13 Aug 2019 » Welcome to YAWAST