Yasso: Intranet assisted penetration toolset

Yasso

Yasso will be released as an Intranet assisted penetration toolset, which brings together a number of utility features to help Red Team members use tools in extreme Intranet environments, as well as Intranet self-check for Blue Team members. It also adds proxy functionality and scan concurrency for ants. In the realization of functions at the same time the pursuit of accuracy and speed.

Program function module

-H parameters all support IP. TXT import, as shown below

Currently available functional modules:

ALL module: full scan mode of calling all modules, faster and more powerful, a perfect combination of ants and concurrency

Ping module: ordinary user can call system ping, root can choose to use ICMP packet

Use ping or icmp to scanner alive host



Usage:



Yasso ping [flags]



Flags:

-h, --help help for ping

-H, --host hosts Set hosts(The format is similar to Nmap)

-i, --icmp Icmp packets are sent to check whether the host is alive(need root)

Crack module: Powerful blasting module and utilizing toolset – sub-toolset

Available Commands:

  ftp         ftp burst module (support proxy)

  grdp        RDP burst module (support proxy)

  log4j       Open a socket listener to test log4J vulnerabilities offline

  mongo       MongoDB burst module (support proxy)

  mssql       SQL Server burst module and extend tools (not support proxy)

  mysql       MYSQL burst module and extend tools (support proxy)

  postgres    PostgreSQL burst module (not support proxy)

  redis       Redis burst and Redis extend tools (support proxy)

  smb         Smb burst module (not support proxy)

  ssh         SSH burst and SSH extend tools (support proxy)

  winrm       winrm burst and extend tools (support proxy)



Flags:

      --crack              make sure to use crack

  -h, --help               help for crack

  -H, --hosts string       to crack hosts address (crack Must)

      --pd string          pass dic path (.eg) pass.txt

      --port int           to crack hosts port (if not set use default)

      --proxy string       set socks5 proxy address

      --runtime int        set crack thread number (default 100)

      --timeout duration   crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)

      --ud string          user dic path (.eg) user.txt

The program is mainly divided into a number of sub-command functions, each function is annotated in detail, here is a detailed introduction of sub-functions

• ftp FTP service blowing module – support SOcks5 proxy
• grdp RDP service blowup module – support socks5 proxy
• log4j log4j2 server – For manual log4J vulnerability detection within the network
• mongo mongodb service blasting module – support socks5 proxy
• mssql SQL Server service blowup module and powerlifting auxiliary module – socks5 proxy is not supported
• mysql mysql service explosion module and database query – support for SOcks5 proxy
• postgres PostgreSQL Service blowup module – No support for SOcks5 proxy
• Redis Redis service blowup module, unauthorized detection, one-click utilization (write public key, bounce shell) – support socks5 proxy
• smb SMB Service blowup module – Does not support SOcks5 proxy
• ssh SSH service burst module, fully interactive shell connection – support socks5 proxy
• winrm Winrm service blowup module, command execution horizontal – support socks5 proxy

ps module: using ANTS coroutine for port scanning, faster and more accurate – does not support SOcks5 proxy

vulscan module: Host vulnerability scan – support MS17010, SMbGhost – support socks5 proxy

WebScan module: full dismap porting, with more powerful fingerprint recognition – support socks5 proxy

winscan module: Windows host NetBIOS recognition, OXID network card discovery, SMB host fingerprint – support SOcks5 proxy

Tool advantages 🤡

• Simple command, simple module function invocation, easy to expand and add a variety of new functions

• A large collection of commonly used features, making Yasso not like a regular scanner, but rather a toolset

• Powerful SQL penetration assist functions, providing common Redis, mysql, MSSQL databases such as one key weight and database operations

• Powerful concurrent blasting, allowing larger dictionaries to gain faster speed

• The strong addition of RDP and WinRM makes the horizontal network faster and more convenient

Download