Associating Hosts with Security Issues in Yaptest

Version 0.0.9 of yaptest introduced yaptest-issues.pl.  This script is responsible for storing associations between hosts and security issues that you (or yaptest) have identified (e.g. 10.0.0.1 has the “telnet -fuser” vulnerability).

This page illustrates how to use yaptest-issues.pl.

The Usage Message

Usage: yaptest-issues.pl query [ --ip ip ] [ -p port ] [ --trans tcp|udp ] [ --issue name ] [ --test test_area ]
       yaptest-issues.pl parse file [ file ... ]
       yaptest-issues.pl add --issue name -i ip [ -p port --trans tcp|udp ]
       yaptest-issues.pl delete --issue name -i ip [ -p port --trans tcp|udp ]

query mode:
        Display issues related to hosts or ports from the backend database.

parse mode
        Attempts to automatically parse a file and extract security issues.
        Currently parses nessus nbe files for a few exploitable issues and
        the output of nxscan and tnscmd.pl.

add mode:
        Associate an issue with a host or port.

delete mode:
        Un-Associate an issue with a host or port.  It is recommended that you
        ALWAYS specify an issue name.  It's not manditatory though, and it IS
        possible to delete all the issues for a host, or even simply delete
        ALL the issues.

Parsing Issues From Other Tools

Yaptest is able to parse security issues from a small number of other tools as of version 0.0.9 so you can keep a summary of the vulnerability found all in one place.

$ yaptest-issues.pl parse nessus.nbe
$ yaptest-issues.pl parse nxscan.out
$ yaptest-issues.pl parse tnscmd-10.0.0.1.out

You’ll get lots of lines starting with “PARSED: …” if everything working correctly.

Note that yaptest-issues.pl does NOT parse all vulnerabilities from nessus.  It only parses the ones I thought were interesting at the time of writing it.  The idea I had in mind is that yaptest should store a list of the vulnerabilities that would help you actually “demonstrate risk” to your client, without clutting the database with issues about Web Server disclosing their software version or hosts responding to ICMP Timestamp requests.  These lower risk issues are all fine, but they’re not going to help you penetrate hosts more quickly, and that’s the major goal of yaptest.

Querying the Issues Database

To list all issues in the database along with their associated host (and port if appropriate):

 $ yaptest-issues.pl query
test_area_name  ip_address      port    transport_protocol_name issue
--------------  ----------      ----    ----------------------- -----

a1 10.0.0.5 null null MS04-007
a1 10.0.0.5 null null MS04-011
a1 10.0.0.5 null null MS05-027
a1 10.0.0.5 null null MS00-078
a1 10.0.0.5 null null MS02-020
a1 10.0.0.5 null null MS03-043
a1 10.0.0.5 null null MS04-007
a1 10.0.0.9 null null MS02-061
a1 10.0.0.9 null null MS03-043
a1 10.0.0.9 null null MS04-007
a1 10.0.0.9 null null MS04-011
a1 10.0.0.9 null null MS04-022
a1 10.0.0.9 null null MS05-027
a1 10.0.0.9 null null MS05-039
a1 10.0.0.9 null null MS05-051
a1 10.0.0.6 null null MS05-027
a1 10.0.011 23 TCP telnet_fuser

To list the issue associated with a single host:

 $ yaptest-issues.pl query --ip 10.0.0.5
test_area_name  ip_address      port    transport_protocol_name issue
--------------  ----------      ----    ----------------------- -----
a1      10.0.0.5    null    null    MS04-007
a1      10.0.0.5    null    null    MS04-011
a1      10.0.0.5    null    null    MS05-027
a1      10.0.0.5    null    null    MS00-078
a1      10.0.0.5    null    null    MS02-020
a1      10.0.0.5    null    null    MS03-043
a1      10.0.0.5    null    null    MS04-007
To list all the hosts (or hosts and ports) assoicated with a particular issue:

To list the issue associated with a single host:

$ yaptest-issues.pl query --issue MS04-011
test_area_name  ip_address      port    transport_protocol_name issue
--------------  ----------      ----    ----------------------- -----
a1      10.0.0.5    null    null    MS04-011
a1      10.0.0.9    null    null    MS04-011

Manually Associating Issues with Hosts

This is as easy as making up a name for the issue and typing in the corresponding IP address:

$ yaptest-issues.pl add --ip 10.0.0.1 --issue telnet_ttyprompt

That pretty much it.  Refer to the previous section for how to query your newly added issue.


Leave a Reply