Version 0.2.1 of yaptest is now available. Download it here. This is quite a major update. The most notable improvements are support for running Nessus and/or OpenVAS. At present Nessus and OpenVAS are automatically run against any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept [...]
The next version of unix-privesc-check has just been released. Download it here. This version checks the file permissions of SUID programs. It should catch issue like the recent Ingres privesc where and SUID programs used a shared object file that could be modified by a non-root user.
Some useful syntax reminders for SQL Injection into Informix databases…
I just updated unix-privesc-check. Download it here. This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash).
I just released an important update to exploit-suggester. Download it here. It seems that “showrev -p” sometimes lists multiple revisions for the same patch. This caused exploit-suggester to return false-positives.
I received an interesting tip from Munish about how to prevent directories from being easily identified in IIS. I’ve updated my original post about directory enumeration with the following info: Setting the “Hidden” Attribute to Hide Files in IIS Hiding directories in IIS seems to be as easy as setting the “hidden” attribute: cd c:\Inetpub\wwwroot [...]
See this blog post for download link and installation instructions.
Full details about “on”, the rexd client can be found on this blog post.
Full details about YaptestFE can be found on its project page. If you’re after the download link, it’s on the same page.
Yaptest v0.2.0 is now avaialble. Download it here. The main improvements are support for udp-proto-scanner to improve UDP service detection and support for ms08-067_check to automatically check for the most recent pentester-friendly MS vulnerability. There are also minor improvements including DNS tests and more automatic issue-parsing. Remember that you can use YaptestFE to view collected [...]