YaptestFE Overview

Overview

YaptestFE is a Web Frontend for Yaptest.  As of version 0.9 it allows viewing of much of the information in the database used by Yaptest.

The Frontend is designed to complement the command line interface.  Sometimes it’s more convenient to browse the database using this web interface.  Other times it’s more appropriate the use the command line utilities to grep and cut the data required.

The Frontend is optional: it is not required in order to use Yaptest.

yaptestfe2

 

yaptestfe3

Features

YaptestFE v0.9 allows searching of IP addresses, hostnames, ports, port information, host information, passwords, usernames, password hashes, group memberships, issues and most other entities stored in the backend database.

Data is displayed in tables and can be sorted and filtered.

Limitations

YaptestFE only allows viewing of data.  You can’t use it to run a scan.

Download

YaptestFE v1.1 Tarball

 

 

Update: Use the google code SVN instead.  It’s more up to date.

Prerequisites

You basically need to install ruby on rails and the appropriate version of Yaptest:

  • Yaptest v0.2.1 is required.  The frontend won’t work on databases created by earier versions of yaptest.
  • Ruby on Rails.  Install this via your package manager.  Package name is “dev-ruby/rails” on Gentoo.

If I left anything out, please mail me: penetstmonkey at pentestmonkey dot net.

The Web Interface is best viewed in Firefox 3.  Opera seems to work OK, but some of the JavaScript features and rendering don’t work too well in Konqueror 4.1.

Installation

$ tar xfz yaptestfe-X.Y.tar.gz

$ cd yaptestfe-X.Y

$ ./yaptestfe.rb -d yourdbname

Use the database name that you specified when initialising your Yaptest scan.

Usage

When you start YaptestFE, it will tell you the URL to connect to: (http://127.0.0.1:3000 in this case):

$ ./yaptestfe.rb -d abc_co
=> Booting WEBrick...
=> Rails application started on http://127.0.0.1:3000
=> Ctrl-C to shutdown server; call with --help for options
[2008-08-10 15:56:26] INFO  WEBrick 1.3.1
[2008-08-10 15:56:26] INFO  ruby 1.8.6 (2008-03-03) [x86_64-linux]
[2008-08-10 15:56:26] INFO  WEBrick::HTTPServer#start: pid=16463 port=3000

There are other options if you need to tweak the databse connection parameters for any reason:

$ ./yaptestfe.rb --help
Usage: ruby yaptestfe.rb -d dbname [options]
    -d, --dbname=name                Database name used by Yaptest.  A database name is MANDATORY.
                                     Default: none
    -i, --ip=ip                      IP address of backend database.
                                     Default: 127.0.0.1
    -p, --port=port                  TCP port for backend database.
                                     Default: 5432
    -u, --username=user              Username for backend database.
                                     Default: yaptest_user
    -P, --password=pwd               Password for backend database (not needed for postgres local trust)
                                     Default: pass
    -t, --type=type                  Type of databse backend ('postgresql', 'mysql', etc.)
                                     Default: postgresql
    -w, --webport=port               TCP port for web server to bind to.
                                     Default: 3000
    -I, --webip=ip                   IP Address for web server to bind to.
                                     Default: 127.0.0.1
    -h, --help                       Show this help message.

Now simply browse to the web interface and you should see all your test data:

$ firefox http://127.0.0.1:3000


Leave a Reply