Today we are pleased to announce the immediate release of YAWAST v0.9.0 - this is a regular monthly release, as part of our normal beginning of the month release cadence. This is a feature and bug-fix release, addressing an uncommon bug, and adding a few new features.

The most important new feature is the addition of the --header='name=value' parameter, which allows you to specify a header (such as a bearer token) that will be include in each request. This allows you to perform authenticated scans of applications that don’t use session cookies.

Change Log

• #20 - Check for common backup files
• #207 - Specify JWT Similar To Cookie
• #235 - WordPress Plugin Local Path Disclosure
• #244 - Check for common files with phpinfo()
• #264 - Add new version command
• #237 - Bug: Connection error in check_local_ip_disclosure

Feedback & Support

As always, if you discover any issues or have a feature request, please open an issue and provide as much information as possible.