Speaker A
Hello guys, welcome back to Appendices Club. Today we're going to solve another tutorial named Yolium. So what is this Yolium?
A detailed tutorial on Yolium, an AI-powered vulnerability scanner that offers fast, modular, and precise security audits for bug bounty and pentesting.
Key Takeaways
- Yolium combines AI-driven autonomous scanning with extensive modular capabilities for thorough vulnerability detection.
- It supports integration with popular bug bounty platforms and automates vulnerability tracking and exploit generation.
- Yolium offers both fast native scans and adaptive agentic scans that learn and evolve per target.
- The tool is self-hosted, cost-effective, and supports cloud code and API protocol runtime environments.
- Real-world bug bounty success requires skill, communication with target organizations, and realistic expectations.
Summary
- Introduction to Yolium, a high-fidelity AI-powered vulnerability scanner combining agentic AI with modular scanning.
- Yolium offers two scanning modes: native fast scan and agentic AI-driven multi-phase scanning with 250+ modules.
- Supports content discovery, SPA spidering, active and passive audits, injection, access control, and Cloudflare-specific vulnerabilities.
- Integrates with HackerOne for bug bounty programs, identifying in-scope and out-of-scope vulnerabilities and tracking latest patches.
- Agentic scan autonomously plans attacks, selects modules, generates custom exploits, and performs deep source audits.
- Installation walkthrough including GitHub integration, npm setup, and validation of the environment.
- Comparison with other tools like SonarQube and code copilot, highlighting Yolium's unique live traffic analysis and custom exploit generation.
- Discussion on the limitations of bug bounty platforms and realistic expectations for bounty rewards.
- Plans for future tutorials on building custom AI pentesting agents with privacy considerations.
- Demonstration of scanning targets like Airbnb and handling installation errors and fixes.
Full Transcript — Download SRT & Markdown
Speaker A
Yolium is like a high-fidelity vulnerability scanner fusing AI agentic AI with negative speed, modularity, and precision. So what is this Yolium going to provide? Let's, uh, we would like to try to look it out this one. Let's
Speaker A
come back. So this is Yolium. So this Yolium provides like two complimentary scanning modes like a native scan. It's like a fast and powerful, a flexible, uh, deterministic multi-phase scanning with 250 modules across the cont, uh, content discovery
Speaker A
browsers with SPA and spidering and active and passive audit covering and injection access control with the file path and API protocol framework and specific Cloudflare infrastructure and out-of-the-bound vulnerability classes also will be identified like you just go
Speaker A
to your bug bounty programs either like, uh, let's you just visit any HackerOne either background, uh, you select any type of program, uh, that it may be only like in scope this will also will be identified is out of the scope and
Speaker A
latest vulnerabilities, latest what was identified and what was resolved, uh, the bugs that also will be identified from there. What are the versions of there have, uh, updated? And from there it's going to be a test
Speaker A
from there for you. It can save your lot of lengthy time process also for you now and it also like an agentic scan like a Yolium agent. So it's, uh, thoroughly audits your codebase AI-driven scanning that autonomously plans attacks and
Speaker A
selects like modules and generates like custom extensions and triggers results in combining like a deep source audit with autonomous targeted vulnerability scanning also. Now, uh, this has also with the GitHub, uh, GitHub for installations it's going to take like
Speaker A
uh, multi-time, uh, so I would like to try to install with the one code, uh, recommended one. Okay, let's, uh, we would like to try to go back here. Let's try to paste it here. Let's try to go for as installations
Speaker A
latest version and let it go for downloading. So it may take a little bit lengthy time process. Uh, uh, uh, before installation, let's we would like to try to go for look it out here.
Speaker A
So we would like to look like here a Yolium agent showcases. Now you can look like here you can look like Yolium statistics like critical, high, medium, low and this also gives detailed descriptions for you to get everything
Speaker A
here. Uh, why Yolium needs to use like, uh, always not like a snapshot for pentesters and, uh, SonarQube, uh, work for bug bounties is also you can use like a best one. Yolium can do like a code rabbit for
Speaker A
Copilot. It's like a run against like live apps. Uh, uh, this, uh, code rabbit for Copilot it's not going to be code. So pentesters agents you can look like here SonarQube work code that not going to perform
Speaker A
all these things and Yolium is going to perform all those things. Uh, it reads the entire source code in the live traffic and decides like what to attack and writes custom exploits also by itself. So this does not matter. You
Speaker A
can also build like a custom exploit getting with Exploit DB whichever is available, identify the versions also. You just need a pipeline very clearly in that case, uh, that's not a special, uh, uh, thing, uh, to get it out here.
Speaker A
Native scanners is like a limited agent. Agentic scan is like infinity learns and adapts per target also inject and code like executions. We can see here what else is excess is available like etc. set of things in this case API
Speaker A
protocol runtime, uh, self-hosted so you don't need to pay, uh, $300 per month. It's like here so you can build it by your own. So in next tutorials in upcoming tutorials I will tell you how to build your own
Speaker A
pentesting agent AI that breaks all the, uh, code bases like that need to not get like a sufficient, like, uh, privacy policy or etc. etc. things. Okay, please continuously you can follow up then you can learn how to make it out. Okay, so
Speaker A
some agents that, uh, says, uh, this is like our privacy policies we cannot able to build it. So in most cases that's going to be, uh, doing like that. Okay. Uh, that's the major drawback here. So it's almost all done.
Speaker A
Let's, uh, we would like to look here. Yolium. Uh, better, uh, I would like to try to go to here as, uh, uh, HackerOne.com.
Speaker A
Let me, I would like to try to go here as HackerOne.com. Let me, I would like to try to log in here.
Speaker A
Success. Uh, decompression. This is, uh, D. Now then you just need to run as Yolium as a doctor. This is going to validate your setup.
Speaker A
Okay. Again we need to wiggle doctor as a fix. I think, uh, we need to install as an npm I think so, uh, for this.
Speaker A
So it's going to be installed whichever you have the tools. Uh, in meantime we just try to go back here and try to login in your HackerOne.com.
Speaker A
Let's, uh, uh, I would like to try to login with, uh, here. Let's see.
Speaker A
We have successfully done here. Now this is going to be installed. Uh, let's go back here. Now I have some notification. So let's we would like to look here. Uh, last time which I was done that, uh, uh, Hack The Box. Now it can look like
Speaker A
server-side template injections for status. So how much you make hard work also but this is not going to be given as a bounty. Okay. Uh, this is you look like here, uh, etc. etc. things send the following which I was done. Uh, there was
Speaker A
respond to me. Thank you for your submission. Your report has been passed like a preliminary review. Please note that this does not confirm like a validation. The status may be a change after a further review. Next step workflows. It says is like invalid. You
Speaker A
see after I perform everything when using like random tools validate always what they do, how they do and it was the results of them best records like Nicholas. So, uh, it's not going to be validated like, uh, I have done like in
Speaker A
the previous tutorials with some others, uh, uh, AI utilizing with that. So they're not going to be validated like in between like making like brokerages companies they're not going to get you as a bounty. So if anything that offers I
Speaker A
I highly recommend you if anything offers like one of the targeted organizations company you just talk with them and you just prove your skills with them that's all and don't interact with the bug bounties or try hack means yes
Speaker A
we hack in rare cases you just make hardly broken then and only they're going to be going to give you as bounty either $10 or $30 that's all. In rare cases if you make, uh, high critical bugs only they're going to pay you in
Speaker A
high things until unless you learn everything but you cannot able to get the bounty in this, uh, platforms because it's like, uh, the platforms also need to be in the money and if the platforms, uh, they recognize it have that a valid
Speaker A
bounty then and only they're going to give you as xy. So it's going to be installed as also as a cloud code also in this case. Uh, let it, uh, install the cloud record.
Speaker A
So, uh, these installations may take a lengthy time process also. Let's, uh, we would like to try to go here as your dashboard.
Speaker A
In this dashboard, I let it, uh, no problem. We have automatically like Airbnb. Uh, let's we would like to target this Airbnb.
Speaker A
Uh, let's we would like to try to look it out. So once, uh, this completely installed then I would like to try to come back here. Let it install first everything that need to be rectified. So, uh, in this
Speaker A
case, uh, we just, uh, install then we have given like a saxis then we just need to validate everything your setup is done or not. So I try to validate it here what I have got here, uh, many type of
Speaker A
errors path A is like gets this one like a cloud code, uh, along with I have got like a path B is with, uh, Yolium. So this is with npm. So, uh, uh, before only we just need to install this one as well
Speaker A
as, uh, bun it was automatically set up then we need to also install with the bun as a codeex with an OpenAI for a coding also this is the most important thing then I try to fix it out it has
Speaker A
fixed with the ool and session directories and template directories when it come again.
Speaker A
somewhat tight now where we noted see here as pi for a coding agent and pi piolium these three things is not available then I try to install as manually then I have find like agentic browser that is not
Speaker A
going to be uh get a versions and etc things I have fix uh everything. Then I have got like a uh error. All participants a driver has failed. Again I just uh put uh this one like with the agentic browser and
Speaker A
versions is not identified. This agentic browser uh is available in the npm and nodejs. So let me I would like to try to show you here.
Speaker A
You can see here aentic browser version is 0.2 uh 27.1. So uh I have installed in the back end.
Speaker A
So I just pass some time. Then I just try to look it out. Cloud code is installed. Then again I just try here by doctor. This is uh totally is given clearance in this case.
Speaker A
So system is readiness for check SQL live databases is check it's okay and their ping is okay server uh version is 3.5 51.2 two and schema 16 tables is present. It's okay. And then native to scan it's okay. Chromium nuclear
Speaker A
templates embedded with JavaScript scan that's also okay. Agent scan with OM agent it's also available over there.
Speaker A
Uh base URL that's okay. Uh you don't need to install any type of uh etc etc things.
Speaker A
uh everything is cleared and tools like a burn cordex and npm all systems is ready. Okay. Now we have a cross check in this uh we have already checked with Airbnb and etc things with the clearance. Now, now let me we would like
Speaker A
to check here as uh yolon minus minus we just type here as help uh you just need to scan for a targeted uh etc etc things either you need to uh set up etc things uh scan targets update
Speaker A
of flags with user agent etc things. Now config list. Now I would like to go here as uh volia uh UI uh sorry let's uh they would like to try to hear us vium as hell.
Speaker A
So I would like to try to go with as a UI but uh import ahead.
Speaker A
So you just need to utilize a same as it is. So let's we would like to try to look here as uh uh documents do y boolean. Let me I would like to try to read uh this by
Speaker A
volume as in the documents. I would like to start as a web UI. So we just need to utilize as a YOLOM as server. That's all. Apart from that uh anything else nothing else from here. So we have set up all we required etc
Speaker A
things go as server. It was uh running in the server. Let's we would like to try to open this.
Speaker A
So it's asking like an API uh high fidelity vulnerability scanner fusing with Asian KI either if you go with credentials we don't have a credentials uh it's me asking like an API so let's we would like to try to uh
Speaker A
uh register here as let's come back here View documentation. See the project. Uh uh enter to the console.
Speaker A
This is like a demo. But uh it may asking for us API. This is in the server. How we need to utilize as this uh to view your API keys. We just need to cross check. Copy. Come back. Then
Speaker A
let me just type it as clear. Now let me just try to paste it here.
Speaker A
So this is my API key. Let me just try to copy. Come back. So we just need to work a little bit uh some hard work then you can get it here. Try to sign in. So we have signing into our yol
Speaker A
that's why here. Now once you have got here inside as yolia. Now we just need to add UR this is a dashboard findings http records oath models extensions uh engine to scan agentic scan databases settings this is automatically is connected you
Speaker A
don't need to worry everything so uh completed with the errors which I was done in previous case Now start like a new scan. Let's we would like to uh start like a new scan. Let's try to go and get back from your uh your targeted
Speaker A
uh domain. Let's try to go back. Uh come back here. Let me just try to close this. You just need to paste it here.
Speaker A
Remove this WW. That's all. A target is a full scan like a auto detect. Uh you just need to put like a full scan otherwise URL scan or raw request uh repositories are scan. Now I just put like a full scan then uh you just need
Speaker A
to go for as a exhaust like a deep scan either first surface for a level scan and common is shows uh we would like to go for as a deep scan in this case.
Speaker A
Let's we would like to try to put it here. Where is this quick scan?
Speaker A
Let's dry run on advance. We just need to utilize here modules like uh access uh scanner.
Speaker A
Uh okay, let's try to scan. This is uh running here. Let's we would like to try to look it out in the dashboard.
Speaker A
Uh running in this case let uh it is running and this is one is pending. Let's uh we would like to try to look it out here in this case.
Speaker A
Let's try to look it out. This is like a running scans are running is one. That's it.
Speaker A
What is this uh running? Let's we would like to try to look it out. We cannot able to get this one at the moment until this one scan uh this will be displayed here. What is is identified?
Speaker A
HTTP records is in breakdown and text with HTML as unknowns or etc etc things.
Speaker A
It was uh deployed here up time and runtime. Let's we would like to look it out here. This is uh try to go in here.
Speaker A
Let's say you can look here. This is try to getting here everything. What is in the back end? It's going to be running here. Try to identify all the clearance whichever you are going to getting out here. So let it going to be run in the
Speaker A
back end. Now you can look like in the findings. In the findings uh let's look like here as HTTP records which is uh try to get your HTTP records everything.
Speaker A
Uh this is going to be records here. Now it's not identify modules which is like available. This is automatically get like a request response settings uh all modules whichever we have all these modules is presented extensions we can look like uh a false positive
Speaker A
filters that is available with the javascript languages with a languages uh clear uh in guest uh like you just need to input your target URL then it's go for uh scanning Then a native to scan you can utilize as
Speaker A
need to scan and agentic scan. This is also utilized with the agentic scans. You can use audit get whichever you require. This will automatically works with an autopilot and databases.
Speaker A
Uh this is automatically will install with your databases as with the your etc etc things.
Speaker A
Now let's we would like to try to look it out here in the settings uh yolms config uh full configurations this is automatically how now let's we would like to try to look it out here as in the http
Speaker A
a request by post which is getting with us and just a json uh a request uh 2x uh 3x X, 4x, 5x which is automatically have post method for all like you just need to get like as get get methods all you can get
Speaker A
here where we can like uh get like here as recept you can look like it's automatically have a popsuit uh as a pro model you can utilize as here with a BSU as pro model request as a response a
Speaker A
temporary as redirecting to Airbnb as redirected as URL or recept. Uh this is they use a lot of cloudfires in this case uh here.
Speaker A
Now you can look like here as get post put uh uh patched delete in this case does not get head noted yet.
Speaker A
uh options in this case not it yet uh post we have got it here logging messages so itself uh everything can do for a penetration testing no 204 no content is found you can see here very very clear now let's we would like to
Speaker A
look here uh everything we are getting here clear we have got it here etc Now uh we would like to try to look it out here as in another case let we would like to try to refresh which is uh identify here images uh uh
Speaker A
GIF text are plain text and applications which is uh described here. Uh unless we would like to look it out here. Uh records is one uh 1,000 which is identified modules is using critical or high findings is available that will be
Speaker A
displayed here automatically in the uh yolium. Let's uh we can also look it out uh in this case after this is done. Let's we would like to try to look it out as another uh uh opportunities. Let's we would like to
Speaker A
look here as in another opportunities in uh kind hako. Let's we would like to try to look it out. This is with an crypto uh uh kindhako.com your gateway of crypto trading in Singapore. Okay, let's we would like to
Speaker A
try to utilize this. This is in the demo versions. uh you can look like in the findings which is finding like one is like a critical which is identified in the critical phases in high a medium low suspect
Speaker A
informations that's going to be identified here very useful uh let's you can look like in the findings you can identify here medium uh tenative which is identified here etc etc things that's all uh clearly then HTTP records all these
Speaker A
clearance you're going to be look out modules uh extensions you can add enable like extensions like anything uh you can add etc things now you can look like here because we are testing in the live mode that's why we cannot able
Speaker A
to get any type of findings or etc things 77% is totally is done as scan Let's uh we would like to try to go for as a scan. Let's uh we would like to utilize auto detect as repository scans. Let's uh let's I would
Speaker A
like to put like a auto detect. I don't want to get here. Uh dry run is on advanc mode. You just need to utilize like extra settings. uh path for repositories profile name maximum per host like a request rate limit 100
Speaker A
maximum durations is uh 30 minutes okay we just need to scan maximum duration is 30 minutes that's all apart from that headers names or things nothing else then try to let's go for a scan This is go for one by one. It's going to
Speaker A
be uh scan everything. Then let's go for here as http records. If uh this is completed then it's go for a further thing. You can look like here you're going to be identifying all the uh clearance. It may also take your most
Speaker A
uh valuable and lengthy time process also here it can look like here in the back end it's going to be running here uh next everything extensions for harvest this is started everything that's going to be start your scanning
Speaker A
everything here once this is done you can identify and list all the vulnerabilities here.
Speaker A
That's it. Here you can click here in the findings you get like findings, services configurations modules type and descriptions, match, tag, source, repositories, files, etc. links. And now first we need get modules.
Speaker A
We have all the modules extensions we have in native scans. It is scanning a step by step. After this is complete then it's go for as second one then it's go for a third one it not going to be
Speaker A
scan whichever the targeted uh uh informations you have provided it's not going to be uh start automatically it's start by step by step that's all and it's also going to be provided like a databases here uh aic scan
Speaker A
uh by Golem audit authentications finding records, HTTP records uh which is uh record automatically here in the databases.
Speaker A
Now I can look like here scan locks which is identified here. Here scan configurations messages everything which is are trying to going to give you here scans uh scores a users admin admin operator analyst and auditor.
Speaker A
So you can also add a new operators for this also settings. This is also clearance which we have got here in the dashboard. Let's we would like to look it out here. That's all. Here uh 441 uh findings is identified. If there is
Speaker A
something else is a critical or high that's going to be auto identified uh for you here. That's it. So apart from that you can get it everything is clear way. That's it. So you can host otherwise uh in this case it can scan
Speaker A
everything whichever you may required and however you're going to be required. That's everything going to be done here.
Speaker A
That's it. So apart from that everything is clear. That's it. So uh you try it your own guys. Thank you guys for watching and keep smiling. Have a great day.
Topics:YoliumAI vulnerability scanneragentic AIbug bountypenetration testingsecurity auditHackerOne integrationcustom exploit generationmodular scanningself-hosted security tool
