Tool for Cracking Passphrases on Encrypted SSH Keys
Phrasen|drescher is a tool for those pentests when you’re having trouble owning those last few *nix boxes. It was released in 2007 but I hadn’t had cause to try it out until recently. If you’ve already gained access to a few *nix boxes, but can’t get into the rest you’ll naturally start trying to enumerate […]
Yaptest Update: v0.0.9
Yaptest v0.0.9 is ready for download. The big changes in this release are: The addition of yaptest-issues.pl to allow you to associate hosts with security issues . yaptest-dns-grind.pl is now called to find hostnames from DNS PTR records and store them in the database. Finally, oscanner is now called on each Oracle TNS listener identified […]
Associating Hosts with Security Issues in Yaptest
Version 0.0.9 of yaptest introduced yaptest-issues.pl. This script is responsible for storing associations between hosts and security issues that you (or yaptest) have identified (e.g. 10.0.0.1 has the “telnet -fuser” vulnerability). This page illustrates how to use yaptest-issues.pl.
Yaptest Update: v0.0.8
This is a relatively minor yaptest update. Version 0.0.8 is available for download here. The install scripts have been updated to be more compatible with OSX. The incompabilities are better documented in comments. I’ve also update the original notes from Deanx with some more of his wisdom. I’ve completely rewritten yaptest-nmap-tcp.pl so that people who […]
Getting Yaptest to work with Sudo
When you first install yaptest and try to use sudo you might get the following error: $ sudo yaptest-nmap-udp.pl ERROR: Environment variable YAPTEST_DBNAME is not set at /usr/local/lib/site_perl/yaptest.pm line 126 yaptest::new(‘yaptest’) called at /usr/local/bin/yaptest-hosts.pl line 8 (in cleanup) Can’t call method “disconnect” on an undefined value at /usr/local/lib/site_perl/yaptest.pm line 3247. This is because […]
Storing Misc Host Information With Yaptest
As of version 0.0.7 yaptest is able to store arbitrary information about hosts. This is particularly useful on large tests. This page provides a few examples of how to use the yaptest-host-info.pl script.
Yaptest Update: v0.0.7
Yaptest has had a lot of new features added over the last few months and I’m stuggling to get them all written up and released. v0.0.7 is the first of several releases. Download yaptest v0.0.7 here . It is now possible to interrupt scans and resume them later. This is really handy for big multi-day […]
Interrupting and Resuming Scans With Yaptest
As of yaptest v0.0.7 it is possible to interrupt scans and resume them later without duplicating lots of the scanning you’ve already completed. This feature is intended primarily for multi-day pentests where you need to stop your scan at the end of each day, then resume where you left off the next morning. This page […]
Installing Yaptest on Mac
Deanx gave gave me some very useful hints on how to get yaptest working on Mac.
Importing OSVDB into a Postgres Database
I was looking at the Open Source Vulnerbility Database (OSVDB) recently. If you haven’t come across it before, it’s a source vulnerability information, similar to bugtraq or secunia. OSVDB has a good web frontend which is easy to search. I was investigating if the database could be downloaded and searched offline during onsite pentests when […]