Want to see it first-hand?
Find the source code at github.com/pixelindigo/...

YuraScanner can reach deep states of web applications that no scanner can. We tested on 20 web apps, manually validated its ability to discover and execute tasks, and discovered 12 zero-day XSS vulnerabilities.

YuraScanner is one of the first task-driven web application scanners powered by LLM that can autonomously discover workflows and execute them. No user traces or input are needed!

Don’t miss the YuraScanner presentation by Tim, today, session 2B “Web Security” at NDSS ‘25!

Our new scanner features LLM, XSS, and a pinch of 0-days. Read further to find out more!

We are making the source code of YuraScanner public: github.com/pixelindigo/...

We initially restricted it to prevent misuse (fake accounts, scraping). We re-eval risk-benefits with live tests. Defenses (CAPTCHA, MFA, etc.) are sufficient, thus we pushed the code to GitHub.

USENIX Security '25 Call for Papers

Please consider sending your awesome computer security & privacy papers to
USENIX Security
'25! The cycle 2 deadline is Jan 22 AoE. Remember that writing about research ethics and open science (sharing datasets, code, scripts, etc.) is required! usenix.org/conference/u...
@gianko.bsky.social