# yaklang/yakit **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/yaklang-yakit).** 7,386 stars · 807 forks · TypeScript · AGPL-3.0 ## Links - GitHub: https://github.com/yaklang/yakit - awesome-repositories: https://awesome-repositories.com/repository/yaklang-yakit.md ## Topics `blueteam` `burpsuite` `exploit` `golang` `hacking` `hacking-tools` `pentest` `redteam` `redteam-tools` `scanner` `security` ## Description Yakit is a comprehensive cybersecurity all-in-one platform designed for security assessments. It integrates a suite of core tools including an HTTP interception proxy for real-time traffic modification, an out-of-band interaction detector for verifying remote command execution via TCP, DNSLog, and ICMP, and a reverse shell manager for controlling remote server connections. The platform is distinguished by its dedicated security scripting environment, which allows for the development and execution of custom logic and plugins using a specialized high-performance language. It further extends functionality through a plugin framework and a centralized marketplace for integrating third-party tools. The toolset covers a wide range of capability areas, including web application fuzzing with dynamic parameter generation and automated vulnerability scanning using proof-of-concept templates. It also provides advanced network utilities such as multi-protocol port multiplexing and reverse-shell tunneling to bridge internal network services to the public internet. The system supports remote backend management, enabling a local client to execute security tasks across different network environments. ## Tags ### Security & Cryptography - [Cybersecurity Platforms](https://awesome-repositories.com/f/security-cryptography/cybersecurity-platforms.md) — Provides a unified environment for conducting comprehensive security assessments, integrating traffic interception and vulnerability scanning. - [Web Application Fuzzers](https://awesome-repositories.com/f/security-cryptography/security-fuzzing-engines/web-application-fuzzers.md) — Ships a comprehensive web application fuzzer using dynamic data generation to identify security vulnerabilities. ([source](https://github.com/yaklang/yakit/blob/master/README-EN.md)) - [Man-in-the-Middle Frameworks](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks.md) — Provides a man-in-the-middle proxy to intercept, decode, and modify HTTP requests and responses in real time. - [Out-of-Band Security Testing](https://awesome-repositories.com/f/security-cryptography/out-of-band-security-testing.md) — Monitors TCP, DNSLog, and ICMP callbacks to verify command execution or network egress on target systems. ([source](https://github.com/yaklang/yakit#readme)) - [Parameter Fuzzing](https://awesome-repositories.com/f/security-cryptography/parameter-fuzzing.md) — Implements active testing of application input fields using malformed data to find injection points. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md)) - [Reverse Shells](https://awesome-repositories.com/f/security-cryptography/reverse-shells.md) — Ships a reverse shell manager to control remote server connections and deliver exploitation payloads. - [Security Scripting Frameworks](https://awesome-repositories.com/f/security-cryptography/security-scripting-frameworks.md) — Provides a dedicated security scripting environment for developing and executing custom logic and plugins. ([source](https://github.com/yaklang/yakit/blob/master/README-EN.md)) - [Security Tool Development](https://awesome-repositories.com/f/security-cryptography/security-tool-development.md) — Supports the development of custom security tools and automation using a specialized high-performance language. ([source](https://github.com/yaklang/yakit/tree/master/backups)) - [Out-of-Band Interaction Monitoring](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/vulnerability-scanners/out-of-band-interaction-monitoring.md) — Monitors TCP, DNSLog, and ICMP callbacks to verify remote command execution via out-of-band interaction. - [Vulnerability Assessment and Testing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing.md) — Automates the identification and verification of security flaws using PoC templates and custom scripts. - [Scanning Template Libraries](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/scanning-template-libraries.md) — Integrates a library of proof-of-concept templates to automate the detection of known security flaws. - [Automated Vulnerability Detection](https://awesome-repositories.com/f/security-cryptography/automated-vulnerability-detection.md) — Runs proof-of-concept scripts and templates to automatically identify known security flaws in target web services. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md)) - [Input Parameter Fuzzers](https://awesome-repositories.com/f/security-cryptography/input-parameter-fuzzers.md) — Includes a web application fuzzer for discovering vulnerabilities via dynamic parameter generation and dictionary attacks. - [Proof of Concept Execution](https://awesome-repositories.com/f/security-cryptography/proof-of-concept-execution.md) — Integrates an ecosystem of proof-of-concept templates to run security probes and verify vulnerabilities on target systems. ([source](https://github.com/yaklang/yakit/tree/master/backups)) - [Remote Security Backend Management](https://awesome-repositories.com/f/security-cryptography/remote-security-backend-management.md) — Allows a local client to connect to and manage a remote backend for executing security tasks across networks. - [Remote Security Backends](https://awesome-repositories.com/f/security-cryptography/remote-security-backends.md) — Connects local clients to remote backends to facilitate security tasks across different network environments. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md)) - [Connection Control](https://awesome-repositories.com/f/security-cryptography/reverse-shells/connection-control.md) — Controls remote servers through reverse shells and delivers protocol payloads to exploit vulnerabilities upon connection. ([source](https://github.com/yaklang/yakit/blob/master/README-EN.md)) - [Shell Management](https://awesome-repositories.com/f/security-cryptography/reverse-shells/shell-management.md) — Controls remote server shells through a listener that provides a native terminal experience. ([source](https://github.com/yaklang/yakit#readme)) - [HTTP Parameter Brute Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/resource-discovery-brute-forcing/http-parameter-brute-forcing.md) — Provides automated brute-forcing of HTTP parameters using wordlists and dynamic tags to discover accepted parameters. ([source](https://github.com/yaklang/yakit/blob/master/README.md)) ### Networking & Communication - [HTTP Traffic Inspection](https://awesome-repositories.com/f/networking-communication/http-traffic-inspection.md) — Runs an HTTP proxy to capture, decode, and modify requests and responses in real time. ([source](https://github.com/yaklang/yakit#readme)) - [Traffic Interception Tools](https://awesome-repositories.com/f/networking-communication/traffic-interception-tools.md) — Provides utilities for capturing and modifying HTTP traffic in real time to analyze and replay packets. - [Traffic Proxying](https://awesome-repositories.com/f/networking-communication/traffic-proxying.md) — Intercepts and hijacks HTTP traffic via a proxy to manually edit, track, and replay packets. ([source](https://github.com/yaklang/yakit/blob/master/README-EN.md)) - [Internal Network Bridging](https://awesome-repositories.com/f/networking-communication/internal-network-bridging.md) — Maps internal network services to the public internet using reverse-shell tunneling to facilitate lateral movement. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md)) - [Multi-Protocol Port Multiplexing](https://awesome-repositories.com/f/networking-communication/multi-protocol-port-multiplexing.md) — Implements multi-protocol port multiplexing to handle diverse network callbacks on a single listening port. - [Reverse Tunnels](https://awesome-repositories.com/f/networking-communication/reverse-tunnels.md) — Provides reverse-shell tunneling to map internal network services to the public internet for remote access. ### Programming Languages & Runtimes - [Security Logic Runtimes](https://awesome-repositories.com/f/programming-languages-runtimes/programming-language-varieties/scripting-languages/security-logic-runtimes.md) — Includes a dedicated high-performance scripting environment for developing and executing custom security logic and plugins. ### System Administration & Monitoring - [Real-Time Modifications](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/linux-system-administration/networking/traffic-interception-modification/real-time-modifications.md) — Intercepts network requests and responses in real-time to view, edit, and replay data packets. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md)) ### Testing & Quality Assurance - [HTTP Fuzzing](https://awesome-repositories.com/f/testing-quality-assurance/http-fuzzing.md) — Provides tools for generating permutations of HTTP requests to discover hidden endpoints and test input validation. ([source](https://github.com/yaklang/yakit#readme)) ### Part of an Awesome List - [Fuzzing Parameter Tags](https://awesome-repositories.com/f/awesome-lists/devtools/tagging/dynamic-tag-values/fuzzing-parameter-tags.md) — Uses a tagging system and external dictionaries to generate malformed data for automated HTTP fuzzing. - [Automated Exploitation Frameworks](https://awesome-repositories.com/f/awesome-lists/devtools/automated-exploitation-frameworks.md) — All-in-one security testing platform for automated penetration testing. ### Development Tools & Productivity - [Security Tool Orchestrators](https://awesome-repositories.com/f/development-tools-productivity/security-tool-installation/security-tool-orchestrators.md) — Provides a unified interface to orchestrate and manage various cybersecurity tools during assessments. ([source](https://github.com/yaklang/yakit/blob/main/README.md)) ### User Interface & Experience - [Plugin Frameworks](https://awesome-repositories.com/f/user-interface-experience/plugin-frameworks.md) — Ships a plugin framework that allows expanding the toolset using a dedicated scripting language. ([source](https://github.com/yaklang/yakit/blob/master/README_LEGACY.md))