Yuki Chan : The Auto Pentest Tool | Setup & Running Guide

on
Learn how to install and use Yuki-Chan on Kali Linux. Automate your security audits with this powerful tool that combines Nmap, Nikto, and WPScan into one script.

🚀 Yuki-Chan Installation Steps

Step 1 of 7

Setup Phase

Clone Repository

(Click card to reveal command)

Copy & Run in Terminal

(Click card to flip back)

Comprehensive Modules in Yuki-Chan

Yuki-Chan is a powerhouse of automation, integrating several industry-standard security tools. Below is a detailed breakdown of the modules included in this automated pentest suite.

1. Information Gathering & DNS Reconnaissance

  • Whois Domain Analyzer: Retrieves registration details, ownership, and contact information for the target domain.
  • Nslookup: A network utility used for querying DNS to obtain domain name or IP address mapping.
  • TheHarvester: Gathers emails, subdomains, hosts, employee names, open ports, and banners from different public sources.
  • DNSRecon: Provides the ability to perform specialized DNS enumerations and check for zone transfers.
  • Sublist3r: Designed to enumerate subdomains of websites using many search engines and integrated tools like PassiveDNS.

2. Network & Vulnerability Scanning

  • Nmap: The industry standard for port discovery, service versioning, and OS fingerprinting.
  • Metagoofil: An information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, etc.) found on target websites.
  • A2SV: Auto Scanning to SSL Vulnerability—scans for heartbleed, poodle, and other common SSL flaws.

3. Web Application & Firewall Analysis

  • Wafw00f & WAFNinja: Used to detect and analyze Web Application Firewalls (WAF) to find bypass techniques.
  • XSS Scanner: Scans web applications specifically for Cross-Site Scripting vulnerabilities.
  • WhatWeb: Identifies websites and the technologies they run (CMS, blogging platforms, JavaScript libraries).
  • Spaghetti: An open-source web application security scanner built to find misconfigurations and security issues.
  • Dirsearch: A simple command-line tool designed to brute force directories and files in webservers.

4. CMS Vulnerability Scanners

  • WPScan, WPscanner & WPSeku: A suite of tools dedicated to scanning WordPress installations for vulnerable plugins, themes, and users.
  • Droopescan: A powerful scanner used to identify vulnerabilities in WordPress, Joomla, Silverstripe, Drupal, and Moodle.

5. SSL/TLS Auditing

  • SSLScan & SSLyze: Modules that analyze the SSL/TLS configuration of a server to ensure encrypted communications are secure and properly configured.
?

About the Creator

Dedicated to making cybersecurity and kali linux contents accessible to everyone. Our goal is to provide interactive learning tools and guides that help beginners bridge the gap between theory and practice.

⚠️ Legal Disclaimer

The information provided in this post, including the setup process and basic running guide for yuki chan and flashcards, is for educational and ethical purposes only. Unauthorized access to computer systems is illegal. Always ensure you have explicit permission before testing any network or system. The author is not responsible for any misuse of this information.

Comments

Post a Comment