Numorian Logo
Numorian

Announcing yawast-ng: A Numorian Open-Source Project

In 2013, I started working on a new tool for penetration testers, YAWAST. The goal was to build something that would check for common security issues, and speed up the start of web-application pentests. In 2020, development was quietly paused. Thanks to Numorian, it’s back, with a new name, a broader mission, and a new home.

I’m proud to announce yawast-ng (GitHub repo).

yawast-ng …where a pentest starts

When performing a penetration test on a web application, there are a few issues that come up frequently, and a lot of information the consultant needs to understand to decide how to how focus their time and efforts. Getting this information quickly is important to make sure that a test is as efficient and productive as possible.

With yawast-ng, the intent is to quickly find the most common issues, along with the necessary evidence, and to gain this critical insight as quickly as possible. It’s most effective when it’s the first scan ran after a test begins.

This application is the result of thousands of hours of development time over a number of years, with development efforts informed by countless real-world reports to ensure that it would detect both useful information and actionable & reportable issues.

Saving time and being efficient is critical for delivering the best possible service for clients, and having the best possible impact to improve security.

New Name, New Home

On the project blog I wrote a bit about this change, but it comes down to a desire not to break the old versions of YAWAST by pushing people to a new version with different features and different requirements.

As part of Numorian’s support for yawast-ng, we plan on expanding its scope with new features and functionality, setting the stage for a larger and more impactful project. We’ll be sharing more details on this in the future.

Available Now

We’ve released the first stable version of yawast-ng, and it’s available for download now. It’s available as both a Python package and Docker image. Take a look at the installation instructions for more details.

If you have any questions, suggestions, or run into any issues, please open an issue.

Ready to see how Numorian can help your business?

Contact us today to learn more about our services and how we can support your business.