I just released a new version of Yaptest.  The biggest enhancement is being able to store the login credentials in the database.  The yaptest-credentials.pl script can be used to list the systems that you've found logins for.  See here for a proper explanation of yaptest's new password management features. The CHANGELOG lists the new tools supported.  I've also update the FAQs page.

For download and installation instructions, click here. 

During larger pentests, it's quite possible you'll acquire logon credentials for tens, hundreds or even thousands of systems.  After a while it becomes hard to track which systems you know usernames for, which ones you've got passwords for, etc.  Yaptest can help you keep track of all your logon credentials.  Here are some of its features:

• Ability to parse credentials from passwd, shadow and pwdump-style files
• Ability to parse group membership information from /etc/group and enum4linux output
  
• Enter arbitrary logon information into the database from the command line
• Command-line querying of the credentials database
• Uses John the Ripper to crack hashes that haven't been cracked yet
• Can use Rainbow Tables (via rcrack) to crack LANMAN and NTLM hashes

Examples of the type of query you can make include: 

• Show me all the usernames we've found for host 10.0.0.1
• Show me all the systems which have the username "bob"
• Show me all the members of the adminstrators group on 10.0.0.1
  
• Show me all the passwords we know for the user "bob"
  
• Show me all the LANMAN hashes we've collected
  

Query results are all tab-delimitted so are easily cuttable and greppable.