We are recommending for quite a while for companies serious with their IT security to subject itself to a thorough penetration testing. Pen test can be done internally by knowledgeable IT staff, or the company can hire an external pen testing team. Members of pen test teams are passionable when it comes to detecting weaknesses in the system, either through their elaborate methods of inspection or using a program to do the same.

Tools such as the opensource Kali Linux is a common presence for anyone that performs penetration testing, however vulnerability checks today can be done in automated fashion. The name of this new tool is Yuki Chan, it markets itself as an automated intelligence gathering, vulnerability analyst, system enumeration and off course pen testing tool. Developed using Python, it is a pen test integration script that combines the functionalities of many known ethical hacking tool using a central script. It visually provides a modular system for automated ethical hacking composed of a number of tried and tested modules:

  1. A2SV
  2. Dirsearch
  3. DNSRecon
  4. Droopescan ( CMS Vulnerability Scanner WordPress, Joomla, Silverstripe, Drupal, And Moodle)
  5. Metagoofil
  6. Nmap
  7. Nslookup
  8. Spaghetti
  9. SSLScan
  10. SSLyze
  11. Sublist3r
  12. TheHarvester
  13. WAFNinja
  14. Wafw00f
  15. WhatWeb
  16. Whois domain analyzer
  17. WPscan
  18. WPscanner
  19. WPSeku
  20. XSS Scanner                       

Unlike the paid and proprietary, Yuki Chan is an open source project, which means it is considered as transparent to the user and does not keep anyone from guessing what it does in the background. It can be downloaded from its official GitHub page. It supplements the tools already accessible inside Kali Linux, but for those that are more comfortable with Ubuntu or Debian, it can be installed in any of those distros as well, with additional instructions of installing additional packages that Kali Linux already has by default.

Any Linux distribution with Nmap, Wafw00f, WPScan, SSLScan, and SSLyze installed can use Yuki Chan. These five mentioned packages are Yuki Chan’s prerequisites, its functionality will not work in the absence of the packages. The article assumes that the user already has the five essential packages or at least know how to install them using the distro’s package management system.

How to Install Yuki Chan Pen Test:

  1. Navigate to https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest.git and download the script and extract it to a folder of your choice.
  2. Set executable permission for the extracted files. The user may use the GUI or even the chmod +x command in the CLI to accomplish this.
  3. Using the terminal, sudo to root user, change directory to where the files were extracted earlier. Issue the command “pip install -r requirements.txt” without the quotes and press Enter.
  4. The program install script will run, providing feedback to the user about the progress of the installation.
  5. The terminal returns to its normal prompt, issue the command “./yuki.sh” without the quotes and press enter. The user will be greated by the Yuki Chan start-up screen:Chan Pen Test

From this point, the program itself will be fully automated, it will not prompt the user to ask for permission in order to run all the tools included in its script one after another.

Related Resources:

You Need To Understand The Benefits Of Third-Party Pentesting

These Software Vulnerabilities Have Pentesters On Edge


Post a comment