I just released an important update to exploit-suggester.  Download it here.

It seems that "showrev -p" sometimes lists multiple revisions for the same patch.  This caused exploit-suggester to return false-positives.

I reveived an interesting tip from Munish about how to prevent directories from being easily identified in IIS.  I've updated my original post about directory enumeration with the following info:

Setting the "Hidden" Attribite to Hide Files in ISS

Hiding directories in IIS seems to be as easy as setting the "hidden" attribute:

cd c:\Inetpub\wwwroot

attrib +h myprivatedirectory

Now when an attacker browses to http://yoursite/myprivatedirectory they will get a 404 "Not Found" message instead of a 403 "Directory Listing Denied".  However, files inside the directory are still accessible (e.g. http://yoursite/myprivatedirectory/somefile.htm).  This is a simple way to defeat directory enumeration attacks from tools such as http-dir-enum and DirBuster.

Yaptest v0.2.0 is now avaialble.  Download it here.

The main improvements are support for udp-proto-scanner to improve UDP service detection and support for ms08-067_check to automatically check for the most recent pentester-friendly MS vulnerability.

There are also minor improvements including DNS tests and more automatic issue-parsing.  Remember that you can use YaptestFE to view collected data if you get tired of using the CLI.

The complete changelog is below...

Release 0.1.9 of yaptest is now available.  Download here.

This release includes enumeration of users via the finger service (using finger-user-enum) and gathering of usernames and password hashes via rexd (Linux rexd client).  There are also important improvments to the gathering of topology information, which should make network diagrams generated in YaptestFE look nicer.

See below for the full change log...