Yaptest Update: v0.1.6

I just released a pretty big update to yaptest.  You can download the new version from the project page.  There are lots of bug fixes and some new feature and optimisations too.

Deanx contributed a module to runs vessl (which I blogged about recently) against SSL services.  It even parses out lots of SSL releated issues and enters them into the database for easy search / report compilation.

Also included in this release are modules to:

  • Fingerprint DNS servers using fpdns
  • Detect and screenshot open X11 Server using xdpyinfo and xwd
  • Obtain usernames from the ident (AKA “auth”) service on 113/TCP using ident-user-enum
  • Query Windows domain controllers using all enumerated naming contexts
  • Parse Oracle-related issues and other info from the the output of tnscmd

The database schema has been updated to improve performance and to hold network topology information.  Hopefully in future it will be possible to produce network maps using the information in the yaptest database.

Here’s the rather long changelog for this release…

* Added yaptest-x-open.pl to run commands against open
  X11 servers
* Added yaptest-fpdns.pl to fingerprint any DNS servers
* Added yaptest-ident-user-enum.pl to grab usernames if the
  ident/auth service is running on 113/TCP.
* Added yaptest-vessl.pl - contributed by deanx.
  Performs verious checks on SSL certs and adds corresponding
  issues to database.
* run_test now supports markup to use port_info, e.g.
* yaptest-ldapsearch.pl modified to run a query using each
  naming context found as a base DN.
* run_test's port filter can now select a range of ports
* The run_test 'command' markup for ports can handle
  subtraction, e.g. ::PORT-6000:: for X11 tests.
* run_test's port_info filter can now use <, >
* run_test's filter can now be applied to only a subset of
  hosts using the host_filter argument.
* Bug Fix: yaptest-issues.pl can delete port-issues
* Bug Fix: Permission problem on icmp_names table
* Bug Fix: yaptest-password-guess-smb.pl works now
* Bug Fix: yaptest-parse-nmap-xml.pl is better at parsing
           the nmap_os_guess host_info field
* Bug Fix: view_insecure_protos no long contains ssl ports
* Bug Fix: view_host_info no longer contains null rows
* yaptest-issue.pl parses a few more issues from nessus
* yaptest-parse-enum4linux.pl parses user enumeration
* Added yaptest-dns.pl and yaptest-parse-dns.pl to check
  for recursive lookups.  May do more in future.
* Schema update: added primary keys back
* Schema update: support for holding network topology info
                 (initially used only by YaptestFE v0.9.1)
* Schema update: Added speed-up indexes to the credentials table
* yaptest-parse-nmap-xml.pl modified to parse topology
  info from TCP traceroutes which are done automatically by
  later versions of nmap.
* yaptest-traceroute.pl and yaptest-ping-r.pl added to
  collect network topology information.
* Actually added yaptest-host-info.pl to the tar ball!
* yaptest-parse-snmpwalk.pl now parses the interface IPs
  into the "interfaces" table.  Helps to identify multi-homed
  hosts for the network map.
* Added yaptest-parse-tnscmd.pl to parse port_info and issues
  about oracle services.


Posted in Blog