Yaptest Update: v0.0.7

Yaptest has had a lot of new features added over the last few months and I’m stuggling to get them all written up and released.  v0.0.7 is the first of several releases.  Download yaptest v0.0.7 here .

It is now possible to interrupt scans and resume them later.  This is really handy for big multi-day scans.

Most of the scripts now automatically parse their results straight into the backend database, so you don’t need to call the yaptest-parse-* script yourself.  Less typing makes for happier pentesters. 🙂

yaptest-groups.pl can now read the output from enum4linux and record group membership information in the backend database (see Managing Login Credentials page).  It is now much easier to programatically ask “which accounts will get me admin on box X?”, or “now i know the password for bob, which systems have I got admin on?”.  This will be a building block for future features in yaptest.

It’s possible to associate arbitrary information with hosts now in a key -> value format, e.g. os -> Solaris 8; or owned_it -> yes.  This information can be set or queried with the new yaptest-host-info.pl script .

I’ve updated the Yaptest User Guide with more detailed information about the yaptest-wizard.pl – this seems to be peoples preferred method for starting scans.

The Change Log for this release is:

* Interrupt tests and resume them later.
  run_test API now remembers what it has scanned and avoids
  re-scanning it.  This allows tests to be resumed
  relatively efficiently if they're interrupted.
* Auto-parse scan results into the database.
  run_test API now has an option to specify a parser that
  will be run on on the output file.  These script now
  auto-parse, so the parsers aren't called from
* Added yaptest-host-info.pl.  This can be used to store
  arbitrary info about a host in key/value format.  Currently
  used for tracking OS, Windows domain, Domain controllers,
  Device type, SNMP system description.
* "make checkdep" is now supported to check for missing
  external programs and PERL modules.
* yaptest-yapscan-tcp.pl now breaks scans into chunks and
  run scans on custom port ranges.  The smaller chunks help
  to resume scans more efficiently.
* Added yaptest-password-guess-mysql.pl to guess passwords
  against any mysql servers found.
* Most password guessing is not turned off in
  yaptest-db-ips.sh to avoid locking accounts out.
* yaptest-enum4linux.pl now uses version 0.8.0 which takes
  different command line args and does more thorough enumeration.
* yaptest-groups.pl can now parse group info from enum4linux
  output.  This is incredibly helpful when attacking large
  Windows domains.
* yaptest-ports.pl now support querying of ports based on
  nmap version string (e.g. 'Apache').
* yaptest-parse-onesixtyone.pl now stores system descrition
  as "host-info" and recognises jetdirect systems as having
  device_type = printer.
* rpcinfo-based tests use RPC number instead of name incase
  users don't have a good /etc/rpc file.
* Optimised yaptest-db-ips.sh to do the interesting stuff
* Nmap TCP scans use --version-all so nmap does a better job
  of identifying strange ports.  This is slower, but is
  important because so many scripts rely on what nmap finds.
* Lots of schema enhancements to support current and future
* yaptest-parse-nbtscan.pl added to store hostname,
  domain membership and domain controller info in backend
* Added ASCII art to yaptest-wizard.pl :-)

Leave a Reply