Interrupting and Resuming Scans With Yaptest

As of yaptest v0.0.7 it is possible to interrupt scans and resume them later without duplicating lots of the scanning you’ve already completed.  This feature is intended primarily for multi-day pentests where you need to stop your scan at the end of each day, then resume where you left off the next morning.

This page explains how to use the feature.

How do I run my scans so that I can resume them later?

Basically, you don’t need to anything special.  As of version 0.0.7 yaptest remembers which commands it has run against which hosts and avoids running the same commands twice.

By way of an example, say you’ve finished your TCP port scans and start running nikto:

$ yaptest-nikto.pl

… some scanning …

Now suppose that you need to interrupt the scan.  You hit CTRL-C and leave some nikto scans completed, some interrupted part way through and some not even started.  You can resume your scan simply by running yaptest-nikto.pl again:

$ yaptest-nikto.pl

… some more scanning …

Yaptest will not run nikto against anything that you successfully scanned before.  It will only run against those web servers which had their scan interrupted or those for which the scan wasn’t even started.

And this works for all yaptest scripts?

Well, sort of.  It works for all scripts that use the run_test API, which is the vast majority.   The only two exceptions as of v0.0.7 are:

  • yaptest-arp-scan-local-network.pl
  • yaptest-snmpwalk.pl

What about if I actually WANT to re-run a test for some reason?

There are occasions when you might want to run a scan twice.  One situtation is when you kick off yaptest without first configuring your IP stack properly.  Yaptest will think that the tests concerned have finished successfully, but you know different.  You need to make yaptest forget that certain commands have been run.

Lets stick with the nikto example and assume that we need to rerun all of our nikto scans.  First find out the command_id that yaptest has used to “remember” that nikto has been run.  Yaptest-progress.pl will show you all the command_id’s:

$ yaptest-progress.pl list

**************************************************************************
*                      Starting yaptest-progress.pl                      *
*  [ Using yaptest v0.0.7 – http://pentestmonkey.net/projects/yaptest ]  *
**************************************************************************

command_id      command_template
———-      —————-
1       nbtscan -b 32000 -v -f ::IPFILE::
2       nice nmap -sU -P0 -n -O -v -oA nmap-udp-::IP::.out ::IP::
3       nbtscan -h -b 32000 -v -f ::IPFILE::
4       ike-scan -f ::IPFILE::
5       yapscan -sI -r 5 -i vmnet8 -b 200000 -t – -f ::IPFILE::
6       onesixtyone -c /home/x/tools/dictionaries/snmp-communities.txt -i ::IPFILE::
7       sudo nmap -sO -P0 -n -v -oA nmap-ip-protocols-::IP::.out ::IP::
8       amap -u -b ::IP:: ::PORTLIST-SPACE::
9       yapscan -sS -r 2 -i vmnet8 -b 1000000 -P known -f ::IPFILE::
10      rpcinfo -p ::IP::
11      showmount -e ::IP::
12      showmount -a ::IP::
13      rup -d ::IP::
14      rusers -l ::IP::
15      nxscan ::IP::
16      nmap -sS -P0 -n -O -v -A –version-all -oA nmap-tcp-::IP::.out -p ::PORTLIST:: ::IP::
17      bannergrab ::IP:: ::PORT::
18      amap -b ::IP:: ::PORTLIST-SPACE::
19      nikto.pl -nolookup 127.0.0.1 -h ::IP:: -p ::PORT::
20      dcetest ::IP::

We can see the nikto command towards the end of the output above with command_id 19.  Now we’ll use this id to delete some entries form yaptest’s progress table to make it forget that it’s run nikto before:

$ yaptest-progress.pl reset 19

That’s it.  Next time your rerun yaptest-nikto.pl, it’ll scan all web server because yaptest has forgotten that it scanned them.

What it I only want to re-run part of a test, not all of it?

There are some options you can pass to yaptest-progress.pl if you only want to rescan some hosts, but not all.  Here are some examples:

$ yaptest-progress.pl reset 19 -i 10.0.0.1
$ yaptest-progress.pl reset 19 -i 10.0.0.1 -p 8000

$ yaptest-progress.pl reset 19 -p 8000

 


Leave a Reply