Yaptest Update: v0.0.7
Yaptest has had a lot of new features added over the last few months and I’m stuggling to get them all written up and released. v0.0.7 is the first of several releases. Download yaptest v0.0.7 here .
It is now possible to interrupt scans and resume them later. This is really handy for big multi-day scans.
Most of the scripts now automatically parse their results straight into the backend database, so you don’t need to call the yaptest-parse-* script yourself. Less typing makes for happier pentesters. 🙂
yaptest-groups.pl can now read the output from enum4linux and record group membership information in the backend database (see Managing Login Credentials page). It is now much easier to programatically ask “which accounts will get me admin on box X?”, or “now i know the password for bob, which systems have I got admin on?”. This will be a building block for future features in yaptest.
It’s possible to associate arbitrary information with hosts now in a key -> value format, e.g. os -> Solaris 8; or owned_it -> yes. This information can be set or queried with the new yaptest-host-info.pl script .
I’ve updated the Yaptest User Guide with more detailed information about the yaptest-wizard.pl – this seems to be peoples preferred method for starting scans.
The Change Log for this release is:
* Interrupt tests and resume them later.
run_test API now remembers what it has scanned and avoids
re-scanning it. This allows tests to be resumed
relatively efficiently if they're interrupted.
* Auto-parse scan results into the database.
run_test API now has an option to specify a parser that
will be run on on the output file. These script now
auto-parse, so the parsers aren't called from
yaptest-db-ips.sh:
yaptest-yapscan-icmp.pl
yaptest-yapscan-tcp.pl
yaptest-rpcinfo.pl
yaptest-onesixtyone.pl
yaptest-enum4linux.pl
yaptest-snmpwalk.pl
yaptest-password-guess-ftp.pl
yaptest-password-guess-mssql.pl
yaptest-password-guess-rlogin.pl
yaptest-password-guess-smb.pl
yaptest-password-guess-ssh.pl
yaptest-arp-scan-local-network.pl
* Added yaptest-host-info.pl. This can be used to store
arbitrary info about a host in key/value format. Currently
used for tracking OS, Windows domain, Domain controllers,
Device type, SNMP system description.
* "make checkdep" is now supported to check for missing
external programs and PERL modules.
* yaptest-yapscan-tcp.pl now breaks scans into chunks and
run scans on custom port ranges. The smaller chunks help
to resume scans more efficiently.
* Added yaptest-password-guess-mysql.pl to guess passwords
against any mysql servers found.
* Most password guessing is not turned off in
yaptest-db-ips.sh to avoid locking accounts out.
* yaptest-enum4linux.pl now uses version 0.8.0 which takes
different command line args and does more thorough enumeration.
* yaptest-groups.pl can now parse group info from enum4linux
output. This is incredibly helpful when attacking large
Windows domains.
* yaptest-ports.pl now support querying of ports based on
nmap version string (e.g. 'Apache').
* yaptest-parse-onesixtyone.pl now stores system descrition
as "host-info" and recognises jetdirect systems as having
device_type = printer.
* rpcinfo-based tests use RPC number instead of name incase
users don't have a good /etc/rpc file.
* Optimised yaptest-db-ips.sh to do the interesting stuff
first.
* Nmap TCP scans use --version-all so nmap does a better job
of identifying strange ports. This is slower, but is
important because so many scripts rely on what nmap finds.
* Lots of schema enhancements to support current and future
features.
* yaptest-parse-nbtscan.pl added to store hostname,
domain membership and domain controller info in backend
database.
* Added ASCII art to yaptest-wizard.pl :-)
Leave a Reply
You must be logged in to post a comment.