Yaptest Update: v0.2.1
This is quite a major update. The most notable improvements are support for running Nessus and/or OpenVAS. At present Nessus and OpenVAS are automatically run against any open ports with Safe Checks enabled.
As with any major update one or two bugs might have crept in. Please mail pentestmonkey at pentestmonkey dot net if you find anything’s broken.
The complete changelog is included below:
2008-11-26 yaptest v0.2.1 * Added yaptest-ssh-keyscan.pl to gather SSH host keys * Lots more parsing of enum4linux to support the 'Windows info' feature of YaptestFE. * Added yaptest-parse-dcetest.pl to parse windows hostnames * yaptest-db-ips.sh now checks if you're root before running. * yaptest-parse-ntpq.pl parsed NTP OS disclosure issue and stores OS in host_info table. * Timeout for nmap UDP scans can be set with yaptest-config.pl * Changed issue name insec_proto_rdp to rdp_mitm * Added yaptest-smb-version.pl to get version info via metasploit's auxiliary/scanner/smb/version module. * Bug fix: "yaptest-ports.pl query --test_area foo" works * API change: insert_issue will now add ports into database if and only if the host already in the database. * API change: insert_port will not add new hosts * API change: ::PORT:: can be specified in output file even if it wasn't specified in the command. * Amap is now used to find SSL ports in addition to nmap. * Added yaptest-nessus3.pl and yaptest-nessus-wrapper.pl to to run Nessus v3 against hosts in backend database. * Netmask is now parsed from ICMP and SNMP data and stored in the interfaces tables. This will support better network maps in YaptestFE in future. * Added yaptest-openvas.pl to run OpenVAS against hosts in the backend datbases. * Output of nmap is parsed to identify hosts support SSHv1. * Added yaptest-ldapuserenum.pl to run ldapuserenum.py against LDAP servers. Usernames are parsed into the database. * Backgrounded nikto scans because the take a long time * yaptest-nmap-udp.pl now additionally tests all open UDP ports to make double sure we have version info for each one.
Posted in Blog