forked from pentestmonkey/yaptest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
472 lines (430 loc) · 19.4 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
2014-10-13 yaptest v0.2.2
* All available yaptest-* tools will be installed
* Tweaked web-check to check for perl on UNIX systems
* Dependencies updated
* yaptest-parse-onesixtyone.pl will now recognise snmpds with
ACLs on the accessible OID
* yaptest.pm will now honour the system wide defaults
* Added some expected documents, required by autoconf
* Install now performed using autoconf with support for
--prefix
* Added debian/
2008-11-26 yaptest v0.2.1
* Added yaptest-ssh-keyscan.pl to gather SSH host keys
* Lots more parsing of enum4linux to support the 'Windows info'
feature of YaptestFE
* Added yaptest-parse-dcetest.pl to parse windows hostnames
* yaptest-db-ips.sh now checks if you're root before running
* yaptest-parse-ntpq.pl parsed NTP OS disclosure issue and stores
OS in host_info table
* Timeout for nmap UDP scans can be set with yaptest-config.pl
* Changed issue name insec_proto_rdp to rdp_mitm
* Added yaptest-smb-version.pl to get version info via
metasploit's auxiliary/scanner/smb/version module
* Bug fix: "yaptest-ports.pl query --test_area foo" works
* API change: insert_issue will now add ports into database if
and only if the host already in the database
* API change: insert_port will not add new hosts
* API change: ::PORT:: can be specified in output file even if
it wasn't specified in the command
* Amap is now used to find SSL ports in addition to nmap
* Added yaptest-nessus3.pl and yaptest-nessus-wrapper.pl to
to run Nessus v3 against hosts in backend database
* Netmask is now parsed from ICMP and SNMP data and stored in the
interfaces tables. This will support better network maps in
YaptestFE in future
* Added yaptest-openvas.pl to run OpenVAS against hosts in the
backend datbases
* Output of nmap is parsed to identify hosts support SSHv1
* Added yaptest-ldapuserenum.pl to run ldapuserenum.py against
LDAP servers. Usernames are parsed into the database
* Backgrounded nikto scans because the take a long time
* yaptest-nmap-udp.pl now additionally tests all open UDP ports
to make double sure we have version info for each one
2008-10-31 yaptest v0.2.0
* yaptest-dns.pl now tries additional DNS queries
Bind version disclosure issue parsed automatically
* yaptest-kcmsd-fileread.pl added to get credential information
from hosts via metasploit 2 kcmsd exploit
* yaptest-config.pl must be used set "exploit_ok = yes"
before exploitation scripts will run (rexd, kcmsd)
* yaptest-config.pl must be used set "unsafe_ok = yes"
any unsafe exploits / checks are run (ms08-067)
* yaptest-parse-rpcinfo.pl inserts additional issues
* Added yaptest-udp-proto-scanner.pl to run udp-proto-scanner
for better UDP service detection
* yaptest-nxscan.pl automatically parses issues
* Bug fix: "yaptest-progress.pl reset" works for port-related
progress as well as host-related progress
* yaptest-telnet-fuser.pl changed to use metasploit 3. Now
automatically grabs credentials when possible
2008-10-26 yaptest v0.1.9
* Created "modules" directory to make ebuild creation easier
* yaptest-parse-yapscan-tcp.pl now parses TTL info
* yaptest-parse-traceroute.pl now parses hop number
* Bug fix: Negative hop number from yaptest-parse-ping-r.pl
* yaptest-parse-bannergrab.pl parses usernames guessed by
the "finger" probes
* Add the following support username guessing against finger
daemons using finger-user-enum.pl:
- yaptest-finger-user-enum.pl
- yaptest-parse-finger-user-enum.pl
- finger-users.txt
NB: Only tested against one Linux and one Solaris finger
daemon so far
* Added yaptest-password-guess-mysql.pl
* Added API for parseing BSD MD5 hashes from john.pot
* Added yaptest-rexd.pl to get credential information from
hosts running rexd
* "yaptest-progress.pl reset" takes multiple args
* Improved parsing of /etc/groups by yaptest-groups.pl
* yaptest-credentials.pl parses issues about DES-based
hashes and cleartext passwords in /etc/passwd
2008-09-18 yaptest v0.1.7
* These scripts can now export query results in XML format
for importing into 3rd party tools:
- yaptest-issues.pl
- yaptest-hosts.pl
- yaptest-ports.pl
- yaptest-port-info.pl
- yaptest-host-info.pl
* yaptest-issues.pl has an 'insecgen' option to generate issues
about insecure protocols being used
* Added yaptest-parse-nikto.pl to parse a few issues from
nikto output
* yaptest-parse-ping-r.pl now parses hop number into backend
database
* yaptest-parse-oscanner.pl generates issues about weak logins
* yaptest-sslscan.pl now has a timeout
* Bug fix: yaptest-issues.pl can now search on test_area
* Bug fix: yaptest-port-info.pl can now search on value
* Bug fix: Stopped yaptest-parse-nmap-xml.pl from parsing
closed TCP ports into the database
* Bug fix: yaptest-snmp-user-enum.pl does better pattern
matching to determine hosts to run against
* Bug fix: Traceroute output file now contains IP addr
2008-09-06 yaptest v0.1.6
* Added yaptest-x-open.pl to run commands against open
X11 servers
* Added yaptest-fpdns.pl to fingerprint any DNS servers
found
* Added yaptest-ident-user-enum.pl to grab usernames if the
ident/auth service is running on 113/TCP
* Added yaptest-vessl.pl - contributed by deanx
Performs verious checks on SSL certs and adds corresponding
issues to database
* run_test now supports markup to use port_info, e.g
::PORTINFO-ldap_namingcontext::
* yaptest-ldapsearch.pl modified to run a query using each
naming context found as a base DN
* run_test's port filter can now select a range of ports
* The run_test 'command' markup for ports can handle
subtraction, e.g. ::PORT-6000:: for X11 tests
* run_test's port_info filter can now use <, >
* run_test's filter can now be applied to only a subset of
hosts using the host_filter argument
* Bug fix: yaptest-issues.pl can delete port-issues
* Bug fix: Permission problem on icmp_names table
* Bug fix: yaptest-password-guess-smb.pl works now
* Bug fix: yaptest-parse-nmap-xml.pl is better at parsing
the nmap_os_guess host_info field
* Bug fix: view_insecure_protos no long contains ssl ports
* Bug fix: view_host_info no longer contains null rows
* yaptest-issue.pl parses a few more issues from nessus
* yaptest-parse-enum4linux.pl parses user enumeration
issues
* Added yaptest-dns.pl and yaptest-parse-dns.pl to check
for recursive lookups. May do more in future
* Schema update: added primary keys back
* Schema update: support for holding network topology info
(initially used only by YaptestFE v0.9.1)
* Schema update: Added speed-up indexes to the credentials table
* yaptest-parse-nmap-xml.pl modified to parse topology
info from TCP traceroutes which are done automatically by
later versions of nmap
* yaptest-traceroute.pl and yaptest-ping-r.pl added to
collect network topology information
* Actually added yaptest-host-info.pl to the tar ball!
* yaptest-parse-snmpwalk.pl now parses the interface IPs
into the "interfaces" table. Helps to identify multi-homed
hosts for the network map
* Added yaptest-parse-tnscmd.pl to parse port_info and issues
about oracle services
2008-08-10 yaptest v0.1.5
* The following scripts now insert more "issues":
yaptest-parse-yapscan-icmp.pl
yaptest-issues.pl
yaptest-parse-enum4linux.pl
yaptest-parse-sslscan.pl (new script)
yaptest-parse-dcetest.pl (new script)
Note that support for "issues" is still quite rundentary
in this release. There are no issue descriptions, title,
risk ratings, etc. yet
* Semaphores implemented to solve race conidition which
caused postgres error message
* Lots of database schema changes to support YaptestFE
2008-07-19 yaptest v0.1.4
* Nikto output filenames contain the protocol (http / https)
* Made some error messages more verbose
* Can no longer accidentially add a network instead of an
IP via yaptest-hosts.pl (e.g. 192.168.0.0/24)
* Bug fix: Uppercase letters converted to lowercase in
database name (backend doesn't allow ucase)
* Bug fix: Test areas can contain '-' now
* Bug fix: Semaphore implemented to prevent multiple processes
(name yaptest-bannergrab.pl) from creating port_keys
at the same time
* yaptest-parse-nmap-xml.pl will now parse MAC addresses out
(if present) and associate them with the IP in the backend db
* yaptest-parse-nmap-xml.pl will now parse the top OS guess
and store it as host_info in the backend db
* DB schema altered to prevent yaptest_user owning tables
* Dropped uniqueness constraint on port_info table to prevent
yaptest-parse-bannergrab.pl causing the the following error:
DBD::Pg::st execute failed: ERROR: index row size 4100
exceeds btree maximum, 2713
* run_test API now supports filtering based on host_info
* Duration of quick UDP scan stored in host_info table
* yaptest-nmap-udp.pl will now do a full UDP scan of any
hosts that complete their quick UDP scan in less than
10 seconds (e.g. Windows boxes)
* yaptest-credentials.pl now allows searching on username
and password fields using the special words NOTNULL and
NOTEMPTY - useful to list accounts you know the password
for
* Altered some database field names:
icmp.type => icmp.icmp_type
icmp.code => icmp.icmp_code
2008-05-15 yaptest v0.1.3
* Global settings (for all users) can now be configured in
/etc/yaptest.conf - useful if lots of pentesters use a
shared server
* Lines in config files starting with # are treated as
comments
* Included some example dictionaries. These get installed
in /usr/local/yaptest. You want to replace these
with some good dicts or select a different dict using
/etc/yaptest.conf
* Created yaptest-db-ips-mac.sh for mac users. It's basically
the same as yaptest-db-ips.sh but doesn't run yapscan
(yapscan doesn't work on mac)
* Changed usage of "yaptest-hosts.pl delete" to be like
"yaptest-hosts.pl add"
* Bug fix: yaptest-parse-nmap-xml.pl now copes when extra
XML has been appended to an existing results file
2008-05-12 yaptest v0.1.2
* yaptest-nmap-tcp.pl now parallelises scans - accidentally
removed in previous version
2008-04-20 yaptest v0.1.1
* command_log table created. Each time yaptest runs an
external command, it will log the time the command is
run to the command_log table. End time is also recorded
* API improvement. Forked process can now communicate with
backend database. This was required for new logging
feature
* yaptest-wizard.pl now reminds you to run yaptest-db-ips.sh
* dns-grind, medusa, oscanner, snmpwalk added to dependency list
* hoppy output now saved via -S option. Hoppy v1.5+ required
* yaptest-ldap.pl renamed to yaptest-ldapsearch.pl
* ldapsearch explicitly specifies -x for simple auth. The
default on mac seems to be not to use simple auth
* LDAP namingContexts stored in the port_info table
* Added yaptest-port-info.pl for viewing information stored
about each port
* HTTP script now run against "nmap_service like http" instead
of "nmap_service = http". Proxy ports were being missed
* Bug fix: A couple of scripts were still using perl -w
This breaks on linux where #!/usr/bin/env perl -w is used
Added "use warnings" instead
* API improvement. "OR" queries for port_info, e.g
nmap_service_name is "oracle" OR oracle_tns. See
yaptest-tnscmd.pl for an example
* yaptest-bannergrab-ng.pl renamed to yaptest-bannergrab.pl
* Output from bannergrab now stored in the database
* sslscan is now run against SMTP servers supporting
STARTTLS. sslscan v3.6+ required
* smtp-user-enum.pl is run against SMTP servers which
bannergrab identifies has allowing user enumeration
Usernames are auto-parsed into credentials database
2008-04-06 yaptest v0.1.0
* #!/usr/bin/perl changed to #!/usr/bin/env perl
This allows users to change to a different perl
interpreter just by changing their path
* Cheers to deanx for the following bug reports / feature
requests:
* Bug fix: -i option now works for "yaptest-hosts.pl query"
* Bug fix: yaptest.conf now quotes the env var, so yaptest
still works when you have spaces in your path
* yaptest_interface is now set to en0 by default on OSX
and remains eth0 by default on Linux.
2008-04-01 yaptest v0.0.9
* Added yaptest-issues.pl to keep track of which
security issues are associated with which IPs / ports
* Added yaptest-oscanner.pl to run the Oracle password
gussing script on all ports identified as Oracle by
nmap
* Added yaptest-dns-grind.pl to get DNS PTR hostnames
for all IPs and store them in the database
* yaptest-parse-arp-scan-local-network.pl now stores the
NIC vendor as host-info (use yaptest-host-info.pl to
query)
* yaptest-password-guess-ssh.pl now runs against all
ports nmap identifies as ssh, not simply against port
22
* Added missing yaptest-parse-nbtscan.pl. Oops
* OSX users can install more easily using:
make databasemac
make installmac
* Debug messages removed from yaptest-progress.pl
* "make install" will check for PERL syntax errors while
installing. This is more to avoid bugs in releases
than to help end users, though
2008-03-31 yaptest v0.0.8
* Install scripts tweaked to be more compatible with OSX
Extra notes updated in the script comments
* yaptest-nmap-tcp.pl can now be called on just the open
port (as before) or on all IP addresses (new). Nmap
can therefore be used instead of yapscan
2008-03-30 yaptest v0.0.7
* Interrupt tests and resume them later
run_test API now remembers what it has scanned and avoids
re-scanning it. This allows tests to be resumed
relatively efficiently if they're interrupted
* Auto-parse scan results into the database
run_test API now has an option to specify a parser that
will be run on on the output file. These script now
auto-parse, so the parsers aren't called from
yaptest-db-ips.sh:
yaptest-yapscan-icmp.pl
yaptest-yapscan-tcp.pl
yaptest-rpcinfo.pl
yaptest-onesixtyone.pl
yaptest-enum4linux.pl
yaptest-snmpwalk.pl
yaptest-password-guess-ftp.pl
yaptest-password-guess-mssql.pl
yaptest-password-guess-rlogin.pl
yaptest-password-guess-smb.pl
yaptest-password-guess-ssh.pl
yaptest-arp-scan-local-network.pl
* Added yaptest-host-info.pl. This can be used to store
arbitrary info about a host in key/value format. Currently
used for tracking OS, Windows domain, Domain controllers,
Device type, SNMP system description
* "make checkdep" is now supported to check for missing
external programs and PERL modules
* yaptest-yapscan-tcp.pl now breaks scans into chunks and
run scans on custom port ranges. The smaller chunks help
to resume scans more efficiently
* Added yaptest-password-guess-mysql.pl to guess passwords
against any mysql servers found
* Most password guessing is not turned off in
yaptest-db-ips.sh to avoid locking accounts out
* yaptest-enum4linux.pl now uses version 0.8.0 which takes
different command line args and does more thorough enumeration
* yaptest-groups.pl can now parse group info from enum4linux
output. This is incredibly helpful when attacking large
Windows domains
* yaptest-ports.pl now support querying of ports based on
nmap version string (e.g. 'Apache')
* yaptest-parse-onesixtyone.pl now stores system descrition
as "host-info" and recognises jetdirect systems as having
device_type = printer
* rpcinfo-based tests use RPC number instead of name incase
users don't have a good /etc/rpc file
* Optimised yaptest-db-ips.sh to do the interesting stuff
first
* Nmap TCP scans use --version-all so nmap does a better job
of identifying strange ports. This is slower, but is
important because so many scripts rely on what nmap finds
* Lots of schema enhancements to support current and future
features
* yaptest-parse-nbtscan.pl added to store hostname,
domain membership and domain controller info in backend
database
* Added ASCII art to yaptest-wizard.pl :-)
2007-12-22 yaptest v0.0.6
* Added yaptest-groups.pl to keep track of group memberships
for Unix system. No Windows support yet, though
* Added yaptest-bannergrab-ng.pl which runs bannergrab-ng on
every TCP port
* Added yaptest-sslscan.pl which runs sslscan on all the
TCP ports which nmap thinks are SSL ports
* Added yaptest-httprint.pl which runs httprint on all
HTTP and HTTPS ports
* Added yaptest-hoppy.pl which runs hoppy on all
HTTP and HTTPS ports
* Fixed bug in yaptest-wizard.pl. It was creating test areas
as subdirs other test areas
* Fixed bug which prevented proper parsing of NTLM hashes from
the john.pot file
* Added support for cracking NTLM hashes using NTLM rainbow
tables via rcrack. See yaptest-credentials.pl for details
* Bug fix: yaptest-parse-hydra.pl can now deal with blank passwords
2007-11-03 yaptest v0.0.5
* Added rcrack support for cracking LANMAN hashes to
yaptest-credentials.pl
* Added test-setup script yaptest-wizard.pl
* Significant speed-ups for database performance while password
cracking. It can still be slow, but now usable for ~3000 accounts
* Support for cracking NTLM hashes with john the ripper
* Support for specifying a john command line. Edit yaptest.conf
Useful for using a copy that is not in the path or starting
the MPI version of john with mpiexec
* Enum4linux now cycles through more RIDs to try and avoid missing
accounts
* Yaptest-hosts.pl can add a list of hosts from the command
line - instead of one at a time like before
* Yaptest-hosts.pl can delete hosts
2007-07-29 yaptest v0.0.4
* Generally cleaned up output to remove debug messages and
standardise usage messages
* yaptest-parse-snmpwalk.pl added. Parses usernames from Windows
systems into the credentials database. Also parses unix users
from process listing
* yaptest-parse-enum4linux.pl added. Parses username info if
target has settings equivelant to RestrictAnonymous=0 or 1
* yaptest-parse-hydra.pl added. Guessed usernames and passwords
are now added to credentials database by yaptest-db-ips.sh
Use "yaptest-credentials.pl query" for list of creds found
* yaptest-ports.pl can now search on nmap service type and nmap
service version so you can easily search for all HTTP servers
or all Apache servers for example
* yaptest-icmp.pl added for querying which hosts respond to ICMP
* yaptest-password-guess-smb.pl now uses hydra instead
of medusa
* Bug fix: SNMP community strings are now displayed by
yaptest-credentials.pl, and used properly by
yaptest-snmpwalk.pl
* Bug fix: Uniquness constraint when parsing slightly different
nmap results
* Mostly removed support for environment variable in favour of
yaptest.conf and ~/.yaptestrc configuration files
* Added yaptest-config.pl
2007-07-15 yaptest v0.0.3
* yaptest-db-ips.sh added to kick off most supported tests on all the
IPs in the database
* Extra scripts:
yaptest-amap-udp.pl
yaptest-credentials.pl
yaptest-enum4linux.pl
yaptest-snmpwalk.pl
yaptest-sshprobe.pl
yaptest-tftp.pl
yaptest-veritas-file-download.pl
* Renamed yaptest-nfs.pl to yaptest-showmount.pl
* Deprecated yaptest-add-ips.pl in favour of yaptest-hosts.pl
* Deprecated yaptest-os-usernames.pl in favour of yaptest-credentials.pl
* Schema changes to support resuming of scans - still under development
* yaptest-ports.pl supports "-t test_area" option
* Bug fix: -t option to yaptest-hosts.pl now works
* Scripts that "use yaptest" now print out a standard banner on startup
* Targets are now printed for each test without the use of Data::Dumper
2007-07-03 Yaptest v0.0.2
* Support for ::PORTLIST-SPACE:: markup tag
* Extra scripts:
yaptest-amap-tcp.pl
yaptest-ike-scan.pl
yaptest-tnscmd.pl
2007-07-01 Yaptest v0.0.1
* Initial public release