whatisgithub

What is yakit?

yaklang/yakit — explained in plain English

Analysis updated 2026-06-24

7,269TypeScriptAudience · developerComplexity · 3/5LicenseSetup · moderate

In one sentence

An all-in-one desktop security testing toolkit for web apps and networks, with an intercepting proxy, web fuzzer, and reverse connection handler, powered by the custom Yaklang scripting language.

Mindmap

mindmap
  root((Yakit))
    Core features
      Intercepting proxy
      Web Fuzzer
      Reverse connections
    Tech stack
      TypeScript
      Yaklang
      gRPC
    Use cases
      Web app testing
      Network security
      Plugin scripting
    Architecture
      Remote backend
      Local mode
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Capture and modify live HTTP requests from your browser to find weaknesses in how a web app handles data.

USE CASE 2

Send automated fuzzing requests with custom payloads to discover input-validation flaws in a web API.

USE CASE 3

Set up a single reverse connection listener that handles multiple protocols for authorized penetration test callbacks.

What is it built with?

TypeScriptYaklanggRPC

How does it compare?

yaklang/yakitakveo/kittentricksmaterial-shell/material-shell
Stars7,2697,2637,261
LanguageTypeScriptTypeScriptTypeScript
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audiencedevelopervibe coderdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min
Authorized security testing and personal learning only. Commercial use requires written permission from the Yaklang.io team.

So what is it?

Yakit is a desktop security testing platform built for professionals who test web applications and network systems for vulnerabilities. It provides a graphical interface on top of a purpose-built security language called Yaklang, which the same team developed. Think of it as an all-in-one toolkit that bundles the most common security testing tasks into a single application, rather than requiring users to stitch together separate tools. The platform includes an intercepting proxy, which works similarly to the popular BurpSuite tool. When you route your browser traffic through it, Yakit captures each HTTP request and response so you can inspect, modify, or replay them. This is useful for finding weaknesses in how a web application handles data. The Web Fuzzer module lets users send custom HTTP requests with automatically generated variations, which is how testers discover input-handling flaws. A built-in tag system called Fuzztag handles common patterns like generating numeric ranges or loading wordlists from files, which reduces manual setup compared to similar tools. The reverse connection module lets a tester set up a listener on a single port that can handle multiple different protocols at once. This matters for exploit testing scenarios where an attacker-controlled server needs to receive callbacks from a target machine. Yakit's implementation identifies the incoming protocol automatically and responds accordingly, so fewer ports and external services are needed. The reverse shell feature provides a terminal experience closer to a native SSH session than older approaches. Yakit runs on a gRPC server architecture, meaning the backend engine and the graphical frontend communicate through a well-defined protocol. Users can run the backend remotely and connect the desktop client over a network, or run everything locally. The platform also supports plugins, so teams can extend it with custom Yaklang scripts at any point during a testing workflow. The project is primarily documented in Chinese. It is licensed for authorized security testing and personal learning only. Commercial use requires obtaining official permission from the Yaklang.io team.

Copy-paste prompts

Prompt 1
I'm doing an authorized web app penetration test with Yakit. How do I configure my browser to route traffic through the Yakit intercepting proxy and start capturing requests?
Prompt 2
Show me how to use Yakit's Web Fuzzer to send a POST request with a list of payloads substituted into a specific parameter.
Prompt 3
How do I write a basic Yaklang plugin script that runs automatically during a fuzzing workflow to process each response?
Prompt 4
How do I run the Yakit backend gRPC server on a remote machine and connect the desktop GUI client to it over the network?

Frequently asked questions

What is yakit?

An all-in-one desktop security testing toolkit for web apps and networks, with an intercepting proxy, web fuzzer, and reverse connection handler, powered by the custom Yaklang scripting language.

What language is yakit written in?

Mainly TypeScript. The stack also includes TypeScript, Yaklang, gRPC.

What license does yakit use?

Authorized security testing and personal learning only. Commercial use requires written permission from the Yaklang.io team.

How hard is yakit to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is yakit for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.