YaptestFE Overview
Overview YaptestFE is a Web Frontend for Yaptest. As of version 0.9 it allows viewing of much of the information in the database used by Yaptest. The Frontend is designed to complement the command line interface. Sometimes it’s more convenient to browse the database using this web interface. Other times it’s more appropriate the use […]
Web Frontend for Yaptest Released: YaptestFE v0.9
I just released the first version of YaptestFE , a web frontend that allows you to browse the backend database used by Yaptest. Visit the YaptestFE Project Page for the download and further information. Here’s a screenshot so you can see what it’s all about:
If you’d like to contact me about anything on the site email me at pentestmonkey at pentestmonkey dot net.
Update to Postgres SQL Injection Cheat Sheet
Reiners spotted that I hadn’t included any info about writing files via SLQ injection in PostgreSQL. I’ve update the Postgres Cheat Sheet accordingly. Thanks Reiners. He’s also written some detailed blogs about SQL injection in MySQL that are worth reading: MySQL Table and Column Names MySQL Into Outfile
Yaptest Update: v0.1.4
Version 0.1.4 of Yaptest is now available. This release adds a couple of new features and fixes some bugs and usability problems (a big thanks to deanx for reporting these). It’s now possible for the run_test API to filter based on the host_info table. This feature is used by yaptest-nmap-udp.pl to run a full UDP […]
Unix-privesc-check Update: v1.2
I’ve just released version 1.2 of unix-privesc-check. Download it here. The following improvements have been made over version 1.1: * Added check of library dirs (/etc/ld.so.conf) for Linux * Crude check of programs called from shell scripts * Check of libraries used by each binary program (using ldd) * Check of hard-coded paths within binaries […]
Yaptest Update: v0.1.3
The new version of yaptest can be downloaded here. Here’s the change log: * Global settings (for all users) can now be configured in /etc/yaptest.conf – useful if lots of pentesters use a shared server. * Lines in config files starting with # are treated as comments. * Included some example dictionaries. These get installed […]
Tennable to Charge for Nessus from August 2008
It seems that Tennable are going to start charging to use Nessus commercially. The Carnal0wnage blog does a good job of highlighting the pros and cons to this, so I won’t repeat those views here. Maybe now would be a good time for the pentest community to get behind OpenVAS – an open source fork […]
Yaptest Update: v0.1.2
Yaptest v0.1.2 contains a minor bugfix. Download it here. * yaptest-nmap-tcp.pl now parallelises scans – accidentally removed in previous version.