Associating Hosts with Security Issues in Yaptest
Version 0.0.9 of yaptest introduced yaptest-issues.pl. This script is responsible for storing associations between hosts and security issues that you (or yaptest) have identified (e.g. 10.0.0.1 has the “telnet -fuser” vulnerability).
This page illustrates how to use yaptest-issues.pl.
The Usage Message
Usage: yaptest-issues.pl query [ --ip ip ] [ -p port ] [ --trans tcp|udp ] [ --issue name ] [ --test test_area ]
yaptest-issues.pl parse file [ file ... ]
yaptest-issues.pl add --issue name -i ip [ -p port --trans tcp|udp ]
yaptest-issues.pl delete --issue name -i ip [ -p port --trans tcp|udp ]
query mode:
Display issues related to hosts or ports from the backend database.
parse mode
Attempts to automatically parse a file and extract security issues.
Currently parses nessus nbe files for a few exploitable issues and
the output of nxscan and tnscmd.pl.
add mode:
Associate an issue with a host or port.
delete mode:
Un-Associate an issue with a host or port. It is recommended that you
ALWAYS specify an issue name. It's not manditatory though, and it IS
possible to delete all the issues for a host, or even simply delete
ALL the issues.
Parsing Issues From Other Tools
Yaptest is able to parse security issues from a small number of other tools as of version 0.0.9 so you can keep a summary of the vulnerability found all in one place.
$ yaptest-issues.pl parse nessus.nbe
$ yaptest-issues.pl parse nxscan.out
$ yaptest-issues.pl parse tnscmd-10.0.0.1.out
You’ll get lots of lines starting with “PARSED: …” if everything working correctly.
Note that yaptest-issues.pl does NOT parse all vulnerabilities from nessus. It only parses the ones I thought were interesting at the time of writing it. The idea I had in mind is that yaptest should store a list of the vulnerabilities that would help you actually “demonstrate risk” to your client, without clutting the database with issues about Web Server disclosing their software version or hosts responding to ICMP Timestamp requests. These lower risk issues are all fine, but they’re not going to help you penetrate hosts more quickly, and that’s the major goal of yaptest.
Querying the Issues Database
To list all issues in the database along with their associated host (and port if appropriate):
$ yaptest-issues.pl query
test_area_name ip_address port transport_protocol_name issue -------------- ---------- ---- ----------------------- -----
a1 10.0.0.5 null null MS04-007
a1 10.0.0.5 null null MS04-011
a1 10.0.0.5 null null MS05-027
a1 10.0.0.5 null null MS00-078
a1 10.0.0.5 null null MS02-020
a1 10.0.0.5 null null MS03-043
a1 10.0.0.5 null null MS04-007
a1 10.0.0.9 null null MS02-061
a1 10.0.0.9 null null MS03-043
a1 10.0.0.9 null null MS04-007
a1 10.0.0.9 null null MS04-011
a1 10.0.0.9 null null MS04-022
a1 10.0.0.9 null null MS05-027
a1 10.0.0.9 null null MS05-039
a1 10.0.0.9 null null MS05-051
a1 10.0.0.6 null null MS05-027
a1 10.0.011 23 TCP telnet_fuser
To list the issue associated with a single host:
$ yaptest-issues.pl query --ip 10.0.0.5 test_area_name ip_address port transport_protocol_name issue -------------- ---------- ---- ----------------------- ----- a1 10.0.0.5 null null MS04-007 a1 10.0.0.5 null null MS04-011 a1 10.0.0.5 null null MS05-027 a1 10.0.0.5 null null MS00-078 a1 10.0.0.5 null null MS02-020 a1 10.0.0.5 null null MS03-043 a1 10.0.0.5 null null MS04-007
To list all the hosts (or hosts and ports) assoicated with a particular issue:
To list the issue associated with a single host:
$ yaptest-issues.pl query --issue MS04-011 test_area_name ip_address port transport_protocol_name issue -------------- ---------- ---- ----------------------- ----- a1 10.0.0.5 null null MS04-011 a1 10.0.0.9 null null MS04-011
Manually Associating Issues with Hosts
This is as easy as making up a name for the issue and typing in the corresponding IP address:
$ yaptest-issues.pl add --ip 10.0.0.1 --issue telnet_ttyprompt
That pretty much it. Refer to the previous section for how to query your newly added issue.
Leave a Reply
You must be logged in to post a comment.