Using

The Yaptest run_test API

This page documents how to use the run_test API from your own home-brew yaptest scripts.  

Associating Hosts with Security Issues in Yaptest

Version 0.0.9 of yaptest introduced yaptest-issues.pl.  This script is responsible for storing associations between hosts and security issues that you (or yaptest) have identified (e.g. 10.0.0.1 has the “telnet -fuser” vulnerability). This page illustrates how to use yaptest-issues.pl.

Getting Yaptest to work with Sudo

When you first install yaptest and try to use sudo you might get the following error: $ sudo yaptest-nmap-udp.pl ERROR: Environment variable YAPTEST_DBNAME is not set  at /usr/local/lib/site_perl/yaptest.pm line 126         yaptest::new(‘yaptest’) called at /usr/local/bin/yaptest-hosts.pl line 8         (in cleanup) Can’t call method “disconnect” on an undefined value at /usr/local/lib/site_perl/yaptest.pm line 3247. This is because […]

Storing Misc Host Information With Yaptest

As of version 0.0.7 yaptest is able to store arbitrary information about hosts.  This is particularly useful on large tests.  This page provides a few examples of how to use the yaptest-host-info.pl script.

Interrupting and Resuming Scans With Yaptest

As of yaptest v0.0.7 it is possible to interrupt scans and resume them later without duplicating lots of the scanning you’ve already completed.  This feature is intended primarily for multi-day pentests where you need to stop your scan at the end of each day, then resume where you left off the next morning. This page […]

Yaptest Configuration Wizard

Some users commented that the creation of new tests (i.e. databases and “test area”) was unnecessarily difficult.  Version 0.0.5 of yaptest now includes a interactive Wizard, yaptest-wizard.pl that takes users step by step through setting up a new test.  The old method using yaptest-new.pl and yaptest-new-test-area.pl is still supported. Thanks to all those who have […]

Managing Login Credentials with Yaptest

During larger pentests, it’s quite possible you’ll acquire logon credentials for tens, hundreds or even thousands of systems.  After a while it becomes hard to track which systems you know usernames for, which ones you’ve got passwords for, etc.  Yaptest can help you keep track of all your logon credentials.  Here are some of its […]

Yaptest User Guide

Some notes on how to actually use yaptest…