explaingit

yaklang/yakit

7,269TypeScriptAudience · developerComplexity · 3/5LicenseSetup · moderate

TLDR

An all-in-one desktop security testing toolkit for web apps and networks, with an intercepting proxy, web fuzzer, and reverse connection handler, powered by the custom Yaklang scripting language.

Mindmap

mindmap
  root((Yakit))
    Core features
      Intercepting proxy
      Web Fuzzer
      Reverse connections
    Tech stack
      TypeScript
      Yaklang
      gRPC
    Use cases
      Web app testing
      Network security
      Plugin scripting
    Architecture
      Remote backend
      Local mode
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Capture and modify live HTTP requests from your browser to find weaknesses in how a web app handles data.

USE CASE 2

Send automated fuzzing requests with custom payloads to discover input-validation flaws in a web API.

USE CASE 3

Set up a single reverse connection listener that handles multiple protocols for authorized penetration test callbacks.

Tech stack

TypeScriptYaklanggRPC

Getting it running

Difficulty · moderate Time to first run · 30min
Authorized security testing and personal learning only. Commercial use requires written permission from the Yaklang.io team.

In plain English

Yakit is a desktop security testing platform built for professionals who test web applications and network systems for vulnerabilities. It provides a graphical interface on top of a purpose-built security language called Yaklang, which the same team developed. Think of it as an all-in-one toolkit that bundles the most common security testing tasks into a single application, rather than requiring users to stitch together separate tools. The platform includes an intercepting proxy, which works similarly to the popular BurpSuite tool. When you route your browser traffic through it, Yakit captures each HTTP request and response so you can inspect, modify, or replay them. This is useful for finding weaknesses in how a web application handles data. The Web Fuzzer module lets users send custom HTTP requests with automatically generated variations, which is how testers discover input-handling flaws. A built-in tag system called Fuzztag handles common patterns like generating numeric ranges or loading wordlists from files, which reduces manual setup compared to similar tools. The reverse connection module lets a tester set up a listener on a single port that can handle multiple different protocols at once. This matters for exploit testing scenarios where an attacker-controlled server needs to receive callbacks from a target machine. Yakit's implementation identifies the incoming protocol automatically and responds accordingly, so fewer ports and external services are needed. The reverse shell feature provides a terminal experience closer to a native SSH session than older approaches. Yakit runs on a gRPC server architecture, meaning the backend engine and the graphical frontend communicate through a well-defined protocol. Users can run the backend remotely and connect the desktop client over a network, or run everything locally. The platform also supports plugins, so teams can extend it with custom Yaklang scripts at any point during a testing workflow. The project is primarily documented in Chinese. It is licensed for authorized security testing and personal learning only. Commercial use requires obtaining official permission from the Yaklang.io team.

Copy-paste prompts

Prompt 1
I'm doing an authorized web app penetration test with Yakit. How do I configure my browser to route traffic through the Yakit intercepting proxy and start capturing requests?
Prompt 2
Show me how to use Yakit's Web Fuzzer to send a POST request with a list of payloads substituted into a specific parameter.
Prompt 3
How do I write a basic Yaklang plugin script that runs automatically during a fuzzing workflow to process each response?
Prompt 4
How do I run the Yakit backend gRPC server on a remote machine and connect the desktop GUI client to it over the network?
Open on GitHub → Explain another repo

← yaklang on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.