This talk is going to be centered around Yasuo- an open-source vulnerable application scanner purely written in Ruby that we will be releasing at the conference. If you search through Exploit-db there are over 10 – 000 remotely exploitable vulnerabilities that exist in tons of web applications and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to LFI and so on. We often talk about exploiting JBoss jmx-console- Apache tomcat manager but that’s just scratching the surface.A random wise man once said, It’s not about what--"it’s about where". With all the modern network protections these days- a smart hacker- good or bad- is always looking for that one IP- one port- one application that could be exploited to penetrate through the network. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter. During this talk- we will elaborate on the development of Yasuo- the problem- the challenges and how it can be effective in hacking an organization in the real-world scenario.