Yaptest Installation

Some brief instructions on how to install the latest version of yaptest…

Download

Download yaptest-0.2.1.tar.gz. Also see the CHANGELOG.

Update: The google code SVN is more up to date.

MD5 and SHA1 checksums are the packages can be downloaded.  They’re based on the package name (below v.v.v represents the version, e.g. 0.0.3):
http://pentestmonkey.net/tools/yaptest/yaptest-v.v.v-beta.tar.gz.md5
http://pentestmonkey.net/tools/yaptest/yaptest-v.v.v-beta.tar.gz.sha1

Prerequisites

Currently, yaptest has only be tested on Gentoo Linux, but will probably work on other distos or even other *NIXs.  It will need some modification before running under Windows because of the way environment variables are set (and possibly other stuff).

Ensure that you have the following installed:

  • PERL (tested on v5.8.8)
  • PostgresSQL (tested on v8.0.15)
  • make, install

The following PERL modules are also required:

  • DBD::Pg (tested on v1.49)
  • Parallel::ForkManager  (tested on v0.7.5)
  • Data::Dumper
  • File::Temp (tested on v0.18)
  • File::Basename
  • Getopt::Long
  • Template
  • XML::Simple
  • Digest::MD4
  • IO::Pty

Optional Prerequsites

There are scripts within the yaptest distribution that use the following programs.  It is recommended that you install the following programs for to yaptest work, but if you just want to use the yaptest framework to run a different set of tools, you need not install these:

Checking Dependencies

You probably want to start by checking if you’ve installed the PERL modules and other external programs that yaptest  uses:

Unpack the distribution tar ball:

# tar xfz yaptest-x.y.z.tar.gz
# cd yaptest-x.y.z

Check the dependencies:

# make checkdep

This will list any missing PERL modules and external programs which yaptest uses.  It also gives you some advice on how to install them.

It is possible to install yaptest without installing all the of the external programs and modules, but some yaptest scripts won’t work (e.g. if you don’t install metasploit, then yaptest scripts that use metasploit won’t work).

Installation

First start the postgres database server.  The command for your disto is probably similar to:

# /etc/init.d/postgresql start

Unpack the distribution tar ball (if you haven’t done already):

# tar xfz yaptest-x.y.z.tar.gz
# cd yaptest-x.y.z

Install the “yaptest_template” template database.  This will be the database on which all test-databases will be based:

# make database

If you run into problem install the database on Mac these notes will help.

Install the yaptest program and database files:

# make install

At this stage, it’s a good idea to configure some default parameters for your scans.  Create the file ~/.yaptestrc and paste the following into it:

nessus_config_template = /usr/local/share/yaptest/nessusrc-template
nessusd_ip = 127.0.0.1
nessusd_password = nessus
nessusd_port = 1241
nessusd_username = nessus
yaptest_dbhost = 127.0.0.1
yaptest_dbpassword =
yaptest_dbport = 5432
yaptest_dbtemplate = yaptest_template
yaptest_dbuser = yaptest_user
yaptest_debug = 0
yaptest_interface = eth0
dict_ftp_passwords = /home/u/dicts/ftp-passwords.txt
dict_ftp_usernames = /home/u/dicts/ftp-usernames.txt
dict_mssql_passwords = /home/u/dicts/mssql-passwords.txt
dict_mssql_usernames = /home/u/dicts/mssql-usernames.txt
dict_rlogin_passwords = /home/u/dicts/rlogin-passwords.txt
dict_rlogin_usernames = /home/u/dicts/rlogin-usernames.txt
dict_smb_passwords = /home/u/dicts/smb-passwords.txt
dict_smb_shares = /home/u/dicts/smb_shares.txt
dict_smb_usernames = /home/u/dicts/smb-usernames.txt
dict_snmp = /home/u/dicts/snmp.txt
dict_ssh_passwords = /home/u/dicts/ssh-passwords.txt
dict_ssh_usernames = /home/u/dicts/ssh-usernames.txt
dict_tftp_files = /home/u/dicts/tftp-files.txt
yaptest_john_command = /usr/bin/john
yaptest_john_pot = /home/u/.john/john.pot
yaptest_dictionaries = /home/u/dicts/
httprint_sig_file = /home/u/src/httprint_301/linux/signatures.txt
hoppy_keyword_file = /home/u/src/hoppy/response-keywords
hoppy_method_file = /home/u/src/hoppy/http-methods

The settings will be used as the defaults for all scans.  Edit them now to point to your own dictionary files, network interface, database, etc.  They can be changed on a scan-by-scan basis using the yaptest-config.pl command if necessary.

Next consult the Yaptest User Guide to see how to run the newly installed framework.


Leave a Reply