Yaptest Installation
Some brief instructions on how to install the latest version of yaptest…
Download
Download yaptest-0.2.1.tar.gz. Also see the CHANGELOG.
Update: The google code SVN is more up to date.
MD5 and SHA1 checksums are the packages can be downloaded. They’re based on the package name (below v.v.v represents the version, e.g. 0.0.3):
http://pentestmonkey.net/tools/yaptest/yaptest-v.v.v-beta.tar.gz.md5
http://pentestmonkey.net/tools/yaptest/yaptest-v.v.v-beta.tar.gz.sha1
Prerequisites
Currently, yaptest has only be tested on Gentoo Linux, but will probably work on other distos or even other *NIXs. It will need some modification before running under Windows because of the way environment variables are set (and possibly other stuff).
Ensure that you have the following installed:
- PERL (tested on v5.8.8)
- PostgresSQL (tested on v8.0.15)
- make, install
The following PERL modules are also required:
- DBD::Pg (tested on v1.49)
- Parallel::ForkManager (tested on v0.7.5)
- Data::Dumper
- File::Temp (tested on v0.18)
- File::Basename
- Getopt::Long
- Template
- XML::Simple
- Digest::MD4
- IO::Pty
Optional Prerequsites
There are scripts within the yaptest distribution that use the following programs. It is recommended that you install the following programs for to yaptest work, but if you just want to use the yaptest framework to run a different set of tools, you need not install these:
- yapscan (tested withv0.7.3-beta)
- arp-scan (tested with v1.6)
- nmap (tested with v4.53)
- dcetest
- ldapsearch
- nbtscan
- showmount
- nikto
- ntpq
- ntptrace
- hydra
- medusa
- nxscan
- onesixtyone
- rpcinfo
- rup
- rusers
- tnscmd.pl
- ike-scan
- amap
- enum4linux
- sshprobe
- tftpbrute
- metasploit
- John the Ripper
- rcrack
- bannergrab-ng (tested on v3.5)
- sslscan (tested on v1.7)
- hoppy (tested on v1.5)
- httprint (tested on v0.301)
- smtpscan
- http-dir-enum
- tftp
- telnet
Checking Dependencies
You probably want to start by checking if you’ve installed the PERL modules and other external programs that yaptest uses:
Unpack the distribution tar ball:
# tar xfz yaptest-x.y.z.tar.gz # cd yaptest-x.y.z
Check the dependencies:
# make checkdep
This will list any missing PERL modules and external programs which yaptest uses. It also gives you some advice on how to install them.
It is possible to install yaptest without installing all the of the external programs and modules, but some yaptest scripts won’t work (e.g. if you don’t install metasploit, then yaptest scripts that use metasploit won’t work).
Installation
First start the postgres database server. The command for your disto is probably similar to:
# /etc/init.d/postgresql start
Unpack the distribution tar ball (if you haven’t done already):
# tar xfz yaptest-x.y.z.tar.gz # cd yaptest-x.y.z
Install the “yaptest_template” template database. This will be the database on which all test-databases will be based:
# make database
If you run into problem install the database on Mac these notes will help.
Install the yaptest program and database files:
# make install
At this stage, it’s a good idea to configure some default parameters for your scans. Create the file ~/.yaptestrc and paste the following into it:
nessus_config_template = /usr/local/share/yaptest/nessusrc-template nessusd_ip = 127.0.0.1 nessusd_password = nessus nessusd_port = 1241 nessusd_username = nessus yaptest_dbhost = 127.0.0.1 yaptest_dbpassword = yaptest_dbport = 5432 yaptest_dbtemplate = yaptest_template yaptest_dbuser = yaptest_user yaptest_debug = 0 yaptest_interface = eth0 dict_ftp_passwords = /home/u/dicts/ftp-passwords.txt dict_ftp_usernames = /home/u/dicts/ftp-usernames.txt dict_mssql_passwords = /home/u/dicts/mssql-passwords.txt dict_mssql_usernames = /home/u/dicts/mssql-usernames.txt dict_rlogin_passwords = /home/u/dicts/rlogin-passwords.txt dict_rlogin_usernames = /home/u/dicts/rlogin-usernames.txt dict_smb_passwords = /home/u/dicts/smb-passwords.txt dict_smb_shares = /home/u/dicts/smb_shares.txt dict_smb_usernames = /home/u/dicts/smb-usernames.txt dict_snmp = /home/u/dicts/snmp.txt dict_ssh_passwords = /home/u/dicts/ssh-passwords.txt dict_ssh_usernames = /home/u/dicts/ssh-usernames.txt dict_tftp_files = /home/u/dicts/tftp-files.txt yaptest_john_command = /usr/bin/john yaptest_john_pot = /home/u/.john/john.pot yaptest_dictionaries = /home/u/dicts/ httprint_sig_file = /home/u/src/httprint_301/linux/signatures.txt hoppy_keyword_file = /home/u/src/hoppy/response-keywords hoppy_method_file = /home/u/src/hoppy/http-methods
The settings will be used as the defaults for all scans. Edit them now to point to your own dictionary files, network interface, database, etc. They can be changed on a scan-by-scan basis using the yaptest-config.pl command if necessary.
Next consult the Yaptest User Guide to see how to run the newly installed framework.
Leave a Reply
You must be logged in to post a comment.