Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Overview

Yuyu Scanner

Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

installation

   ! run as root
   ~$ chmod +x install.sh
   ~$ ./install.sh

Preview

GUI

This Gui is made using Electron JS and Bootstrap

CLI

This CLI was created using the python language program

REPORTING

Features

  • Available for Gui Version

  • Subdomain Discovery with Passive Method from Public Api

              http://web.archive.org/
              https://threatcrowd.org/
              https://urlscan.io/
              https://rapiddns.io/
              https://otx.alienvault.com/
              https://dnsdumpster.com/
              https://crt.sh/
              https://api.threatminer.org/
              https://api.certspotter.com/
              https://api.hackertarget.com/
              https://riddler.io/
              http://index.commoncrawl.org/
    
  • Top 10 port scanning with NMAP

  • Url Discovery from waybackurl

  • IP Discovery

  • Title Discovery of target

  • Common sensitive files Discovery

  • Status code Discovery from subdomain result

  • Reverse IP with Passive Method from Public Api

  • Checking Collected Subdomain and IP Address

  • Email Address Discovery with Passive Method from Public Api

  • WHOIS Lookup

  • Save all Discovery result

  • Generate HTML Report

  • Generate JSON Report

  • Multiprocessing

Usage

  • Basic Arguments:

            ~$ python3 yuyu.py -u domain.com [arg]
    

            -h, --help            show this help message and exit
            -u URL, --url URL     Target URL
            -g, --gui             Run Yuyu in Gui Mode
            -sp, --scanport       Port Discovery from Discovery IP
            -ri, --revip          Reverse IP from target URL
            -wl, --whois          Whois Lookup from target URL
            -cu, --collecturl     Collect URL from target URL & Subdomain Result
            -ed, --emaildiscover  Email Discovery jfrom Subdomain Result
            -fs, --filesensitive  Find Sensitive Files from Subdomain Result

Run Gui

  bash gui.sh run

Stop Gui

  bash gui.sh stop

Publication

Contact me

References

Credits & Thanks

Owner
Justakazh
random people
Justakazh
This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information

Telefónica 66 Nov 08, 2022
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022
Dahua IPC/VTH/VTO devices auth bypass exploit

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri

Ashish Kunwar 23 Dec 02, 2022
#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

Kirill Nikolaev 14 Jun 24, 2022
An forensics tool to help aid in the investigation of spoofed emails based off the email headers.

A forensic tool to make analysis of email headers easy to aid in the quick discovery of the attacker. Table of Contents About mailMeta Installation Us

Syed Modassir Ali 59 Nov 26, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023
LinOTP - the open source solution for two factor authentication

LinOTP LinOTP - the Open Source solution for multi-factor authentication Copyright © 2010-2019 KeyIdentity GmbH Coypright © 2019- arxes-tolina GmbH In

LinOTP 462 Jan 02, 2023
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

Horizon 3 AI Inc 25 Nov 09, 2022
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex

Mr. Cl0wn - H4ck1ng C0d3r 88 Dec 23, 2022
The RDT protocol (RDT3.0,GBN,SR) implementation and performance evaluation code using socket

소켓을 이용한 RDT protocols (RDT3.0,GBN,SR) 구현 및 성능 평가 코드 입니다. 코드를 실행할때 리시버를 먼저 실행하세요. 성능 평가 코드는 패킷 전송 과정을 제외하고 시간당 전송률을 출력합니다. RDT3.0 GBN SR(버그 발견으로 구현중 입니

kimtaeyong98 0 Dec 20, 2021
Hikvision 流媒体管理服务器敏感信息泄漏

Hikvisioninformation Hikvision 流媒体管理服务器敏感信息泄漏 Options optional arguments: -h, --help show this help message and exit -u url, --url url

Henry4E36 13 Nov 09, 2022
CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Al1ex 213 Dec 30, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

Binary Defense 144 Nov 19, 2022
This program will brute force any Instagram account you send it its way given a list of proxies.

Instagram Bruter This program will brute force any Instagram account you send it its way given a list of proxies. NOTICE I'm no longer maintaining thi

1 Nov 15, 2021
EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

EyeJo EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。 免责声明 本平台集成了大量的互联网公开工具,主要是方便安全人员整理、排查资产、安全测试等,切勿用于非法用途。使用者存在危害网络安全等任何非法行为,后果自负,作

429 Dec 31, 2022
A simple python code for hacking profile views

This code for hacking profile views. Not recommended to adding profile views in profile. This code is not illegal code. This code is for beginners.

Fayas Noushad 3 Nov 28, 2021
A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

Guilherme Paixão 6 Jul 14, 2022