Yaptest Update: v0.2.1

Version 0.2.1 of yaptest is now available.  Download it here.

This is quite a major update.  The most notable improvements are support for running Nessus and/or OpenVAS.  At present Nessus and OpenVAS are automatically run against  any open ports with Safe Checks enabled.

As with any major update one or two bugs might have crept in.  Please mail pentestmonkey at pentestmonkey dot net if you find anything’s broken.

The complete changelog is included below:


2008-11-26 yaptest v0.2.1

* Added yaptest-ssh-keyscan.pl to gather SSH host keys
* Lots more parsing of enum4linux to support the 'Windows info'
  feature of YaptestFE.
* Added yaptest-parse-dcetest.pl to parse windows hostnames
* yaptest-db-ips.sh now checks if you're root before running.
* yaptest-parse-ntpq.pl parsed NTP OS disclosure issue and stores
  OS in host_info table.
* Timeout for nmap UDP scans can be set with yaptest-config.pl
* Changed issue name insec_proto_rdp to rdp_mitm
* Added yaptest-smb-version.pl to get version info via
  metasploit's auxiliary/scanner/smb/version module.
* Bug fix: "yaptest-ports.pl query --test_area foo" works
* API change: insert_issue will now add ports into database if
              and only if the host already in the database.
* API change: insert_port will not add new hosts
* API change: ::PORT:: can be specified in output file even if
              it wasn't specified in the command.
* Amap is now used to find SSL ports in addition to nmap.
* Added yaptest-nessus3.pl and yaptest-nessus-wrapper.pl to
  to run Nessus v3 against hosts in backend database.
* Netmask is now parsed from ICMP and SNMP data and stored in the
  interfaces tables.  This will support better network maps in
  YaptestFE in future.
* Added yaptest-openvas.pl to run OpenVAS against hosts in the
  backend datbases.
* Output of nmap is parsed to identify hosts support SSHv1.
* Added yaptest-ldapuserenum.pl to run ldapuserenum.py against
  LDAP servers.  Usernames are parsed into the database.
* Backgrounded nikto scans because the take a long time
* yaptest-nmap-udp.pl now additionally tests all open UDP ports
  to make double sure we have version info for each one.

Leave a Reply