yuki chan tool - 情報セキュリティ株式会社 · yuki chan tool. information security ......
TRANSCRIPT
Information Security Confidential - Partner Use Only
Contents
2
• About Yuki chan
• Features
• Modules included
• Requirements
• Demo configuration
• Installing the tool
• Using the tool
• References
Information Security Confidential - Partner Use Only
About Yuki chan
3
• Yuki Chan is an Automated Penetration Testing tool
• The tool will audit all standard security test methods
Information Security Confidential - Partner Use Only
Features
4
• Automated
• Intel-Gathering
• Vulnerability Analysis
• Security Auditing
• OSINT
• Tracking
• System Enumeration
• Fuzzing
• CMS Auditing
• SSL Security Auditing
Information Security Confidential - Partner Use Only
Modules included
5
• Whois domain analyzer
• Nslookup
• Nmap
• TheHarvester
• Metagoofil
• DNSRecon
• Sublist3r
• Wafw00f
• WAFNinja
• XSS Scanner
• WhatWeb
• Spaghetti
• WPscan
Information Security Confidential - Partner Use Only
Modules included
6
• WPscanner
• WPSeku
• Droopescan ( CMS Vulnerability Scanner Wordpress, Joomla,
Silverstripe, Drupal, And Moodle)
• SSLScan
• SSLyze
• A2SV
• Dirsearch
Information Security Confidential - Partner Use Only
Requirements
7
• sslyze
• wafw00f
• droopescan
• argparse
• netaddr
• dnspython
• requests
• beautifulsoup4
• prettytable
• progressbar
• configparser
• parse
Information Security Confidential - Partner Use Only
Demo configuration
8
• Kali Linux 2017 64 bit (https://www.kali.org/downloads/)
• http://www.kitploit.com/2017/04/kali-linux-20171-release.html
Information Security Confidential - Partner Use Only
Installing the tool
9
• Clone it
• Change filemode
Information Security Confidential - Partner Use Only
Using the tool
14
• Running TheHarvester and Metagoofil
Information Security Confidential - Partner Use Only
References
15
• Kitploit
http://www.kitploit.com/2017/09/yuki-chan-automate-pentest-tool.html
• Kali Linux
https://www.kali.org/downloads/