Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Related tags

Security related resourcesYuyu_Scanner
Overview

Yuyu Scanner

Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

installation

   ! run as root
   ~$ chmod +x install.sh
   ~$ ./install.sh

Preview

GUI

This Gui is made using Electron JS and Bootstrap

CLI

This CLI was created using the python language program

REPORTING

Features

  • Available for Gui Version

  • Subdomain Discovery with Passive Method from Public Api

              http://web.archive.org/
          https://threatcrowd.org/
          https://urlscan.io/
          https://rapiddns.io/
          https://otx.alienvault.com/
          https://dnsdumpster.com/
          https://crt.sh/
          https://api.threatminer.org/
          https://api.certspotter.com/
          https://api.hackertarget.com/
          https://riddler.io/
          http://index.commoncrawl.org/

  • Top 10 port scanning with NMAP

  • Url Discovery from waybackurl

  • IP Discovery

  • Title Discovery of target

  • Common sensitive files Discovery

  • Status code Discovery from subdomain result

  • Reverse IP with Passive Method from Public Api

  • Checking Collected Subdomain and IP Address

  • Email Address Discovery with Passive Method from Public Api

  • WHOIS Lookup

  • Save all Discovery result

  • Generate HTML Report

  • Generate JSON Report

  • Multiprocessing

Usage

  • Basic Arguments:

            ~$ python3 yuyu.py -u domain.com [arg]


            -h, --help            show this help message and exit
            -u URL, --url URL     Target URL
            -g, --gui             Run Yuyu in Gui Mode
            -sp, --scanport       Port Discovery from Discovery IP
            -ri, --revip          Reverse IP from target URL
            -wl, --whois          Whois Lookup from target URL
            -cu, --collecturl     Collect URL from target URL & Subdomain Result
            -ed, --emaildiscover  Email Discovery jfrom Subdomain Result
            -fs, --filesensitive  Find Sensitive Files from Subdomain Result

Run Gui

  bash gui.sh run

Stop Gui

  bash gui.sh stop

Publication

Contact me

References

Credits & Thanks

Owner
Justakazh
random people
Justakazh
GitHub Repository
log4j-tools: CVE-2021-44228 poses a serious threat to a wide range of Java-based applications

log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Overview

JFrog Ltd. 171 Dec 25, 2022
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS

Enox 47 Nov 09, 2022
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks.

Driver Buddy Reloaded Quickstart Table of Contents Installation Usage About Driver Buddy Reloaded Finding DispatchDeviceControl Labelling WDM & WDF St

Paolo 'VoidSec' Stagno 199 Jan 04, 2023
Cloud One Container Security Runtime Events Forwarder

Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

Markus Winkler 3 Feb 10, 2022
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because

The Hacker's Choice 58 Nov 15, 2022
NFC Implant-base RSA Encrypted Messagging application

Encrypted messaging application with the use of MIFARE DESfire chip to store the private/public keys needed for the application authentication

4 Nov 06, 2021
AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

AIL LeakFeeder: A Module for AIL Framework that automates the process to feed leaked files automatically to AIL, So basically this feeder will help you ingest AIL with your leaked files automatically

ail project 8 May 03, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

enigma146 17 Apr 05, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
CVE-2021-43798Exp多线程批量验证脚本

Grafana V8.*任意文件读取Exp--多线程批量验证脚本 漏洞描述 Grafana是一个开源的度量分析与可视化套件。经常被用作基础设施的时间序列数据和应用程序分析的可视化,它在其他领域也被广泛的使用包括工业传感器、家庭自动化、天气和过程控制等。其 8.*版本任意文件读取漏洞,该漏洞目前为0d

2 Dec 16, 2021
Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

Team Spark 103 Aug 20, 2022
A Superfast SMS & Call bomber for Linux And Termux !

A Superfast SMS & Call bomber for Linux And Termux !

Anubhav Kashyap 15 Feb 21, 2022
♻️ Password Generator (PSG) 📚 This plugin is made for more familiarity with Python, but can also be used to create passwords

About Tool This plugin is made for more familiarity with Python, but can also be used to create passwords.

STgazing 2 Jul 23, 2022
Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works

Joe Ammond 92 Dec 29, 2022
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

Finn Lancaster 20 Nov 12, 2022
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

b4zinga 5 Mar 21, 2022
Scan publicly accessible assets on your AWS cloud environment

poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

9rnt 134 Dec 16, 2022
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regardin

Cycurity 39 Dec 10, 2022