Some notes on how to actually use yaptest…
\n<\/p>\n
This page covers how to setup a new test using yaptest and run some supported tools to begin a pentest.\u00a0 Also see the Installation page<\/a> .<\/p>\n This guide assumes you’re using Linux and have PostgreSQL installed locally and that the database server allows you to connect as any user without a password (the default on gentoo).<\/p>\n Disclaimer: This configuration is bad from a security perspective unless:<\/p>\n It is also assumed that:<\/p>\n First start the postgresql backend.\u00a0 The command is normally something like:<\/p>\n Use yaptest-wizard.pl to create a new database and a new directory to hold all your test data.\u00a0 This design is used to avoid mixing data from two clients either at the file-system level or at the database-level.\u00a0 If you don’t like interactive wizards use the tools yaptest-new-db.pl and yaptest-new-test-area.pl instead.<\/p>\n Select 1 to create a new database.\u00a0 Give it a name like “abc_company”.\u00a0 This is also used for a directory which should be used to store all your tool output.<\/p>\n Next you’ll need to create at least on test area.\u00a0 In this context a “test area” is a pair of location-of-pentest-lappy and target-network.\u00a0 The following example test areas illustrate the meaning of “test area”:<\/p>\n The larger the pentest, the more important it is that you choose sensible names.\u00a0 For small tests, anything will do.\u00a0 We’ll go with “external”:<\/p>\n Follow the “important” instructions above:<\/p>\n Any yaptest scripts you run will now:<\/p>\n NB: If you forget to “source env.sh” all the yaptest script will throw an error like:<\/p>\n You can create new test areas later on using the wizard.\u00a0 To view a list of test areas either use the wizard or the command:<\/p>\n In the next section we’ll do some scanning.\u00a0 Once you’ve finished a test area and need to move to the next one it’s important that you move to the corresponding directory and “source” the env.sh file:<\/p>\n For this section we’ll assume that we’re testing the local network segment so we can demonstrate the use of ARP for host-discovery.<\/p>\n The first thing you’d normally do when running yaptest is to add all the IP addresses you want to test into the backend database.\u00a0 First we need to find a list of live hosts.<\/p>\n We need to be root to run arp-scan<\/a> , so the use of sudo is recommended.\u00a0 However if you can’t be bothered configuring sudo<\/a> to preserve the right parts of your environment do this:<\/p>\n Check that yaptest knows the correct network interface to use. And set it if not. The help message describes how to do this:<\/p>\n Start the scan…<\/p>\n Note that if you run this command twice a different output file will be used to avoid clobbering the first.<\/p>\n The output from arp-scan will be automatically parsed by yaptest-parse-arp-scan.pl (as of yaptest 0.0.7).\u00a0 If for any reason you need to parse the output of an old arp-scan, you can do this manually:<\/p>\n Once this is done, our backend database will be populated with a list of hosts to scan.<\/p>\n You can remove any hosts that you don’t want scanned:<\/p>\n The other tools can then draw on this information to perform further testing.\u00a0 Note that you can also add a list of hosts to scan using the script yaptest-hosts.pl (for those occassions when ARP scanning isn’t appropriate).<\/p>\n At this point, you’d probably just run yaptest-db-ips.sh to run a whole load of different pre-configured tests.\u00a0 However, for the purposes of this tutorial, we’ll run some of the commands from yaptest-db-ips.sh manually.<\/p>\nAssumptions<\/h3>\n
\n
\n
Starting a New Test<\/h3>\n
# \/etc\/init.d\/postgresql start<\/pre>\n
$ yaptest-wizard.pl\r\n\r\n**************************************************************************\r\n*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Starting yaptest-wizard.pl\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 *\r\n*\u00a0 [ Using yaptest v0.0.7 - http:\/\/pentestmonkey.net\/projects\/yaptest ]\u00a0 *\r\n**************************************************************************\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __\u00a0 __\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 __\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/ \/___ _____\u00a0 \/ \/____\u00a0 _____\/ \/_\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \/ __ `\/ __ \/ __\/ _ \/ ___\/ __\/\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/ \/ \/_\/ \/ \/_\/ \/ \/_\/\u00a0 __(__\u00a0 ) \/_\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/_\/__,_\/ .___\/__\/___\/____\/__\/\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/_\/\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Doing the tedious bits so you don't have to\r\n\r\n\u00a0\u00a0\u00a0 THIS WIZARD CURRENLTY ONLY DEALS WITH THE CREATION OF NEW DATABASES\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AND TEST AREAS\r\n=========================================================================\r\nDatabase Configuration\r\n\r\nYou are currenlty not configured to use a database.\r\n\r\nOptions:\r\n\u00a0 1: Create a new database\r\n\u00a0 q: Quit\r\n\r\nNB: If you previously created a database and want to use it,\r\n\u00a0\u00a0\u00a0 quit, change to the corresponding directory,\r\n\u00a0\u00a0\u00a0 'source env.sh', then re-run this wizard.\r\n\r\nEnter option (1, q):<\/pre>\n
Enter option (1, q): 1<\/pre>\n
-------------------------------------------------------------------------\r\n=========================================================================\r\nCreate New Database<\/pre>\n
Enter a name for the new database.\u00a0 A subdirectory of the same name will\r\nbe created at the same time.<\/pre>\n
Current Directory: \/home\/u\r\nEnter name for new yaptest database (or CTRL-C to quit): abc_company\r\n-------------------------------------------------------------------------\r\nDatabase name: abc_company\r\nCreating directory 'abc_company'...done\r\nCreating database 'abc_company'\r\nConfig file: \/home\/u\/abc_company\/yaptest.conf\r\nWriting to config file \/home\/u\/abc_company\/yaptest.conf\r\nCreating file env.sh\r\nRestarting wizard with new configuration<\/pre>\n
...\r\n=========================================================================\r\nDatabase Configuration\r\nYou are currently configured to use:\r\n\u00a0 Database:\u00a0\u00a0\u00a0 abc_company\r\n\u00a0 Test Dir:\u00a0\u00a0\u00a0 \/home\/u\/abc_company\r\nThe following test areas exist in this database:\r\n\u00a0 <none>\r\nOptions:\r\n\u00a0 1: Create a new test area in above database\r\n\u00a0 2: Create a new database\r\n\u00a0 q: Quit<\/pre>\n
NB: If you previously created different database and want\r\n\u00a0\u00a0\u00a0 to use it, quit, change to the corresponding directory,\r\n\u00a0\u00a0\u00a0 'source env.sh', then re-run this wizard.\r\nEnter option (1, 2, q):<\/pre>\n
\n
Enter option (1, 2, q): 1<\/pre>\n
-------------------------------------------------------------------------\r\n=========================================================================\r\nCreate New Test Area\r\nTo create a new test area (internal, vlan100, network123, etc.) enter the\r\ntest area name below.\u00a0 A directory of the name name will be created at\r\nsame time.<\/pre>\n
Current Directory: \/home\/u\/abc_company\r\nEnter name for new test area (or CTRL-C to quit): external\r\n-------------------------------------------------------------------------\r\nDatabase name: external\r\nCreating directory 'external'...done\r\nCreating test area 'external'\r\nWriting to config file yaptest.conf\r\nCreating file env.sh\r\n-------------------------------------------------------------------------\r\n=========================================================================\r\nNow quit the wizard with q:\r\nEnter option (1, 2, q): q\r\n-------------------------------------------------------------------------\r\nIMPORTANT: To use your newly created test areas you must first:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $ cd abc_company\/yourtestarea\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $ source env.sh<\/pre>\n
$ cd abc_company\/\r\n$ cd external\/\r\n$ source env.sh<\/pre>\n
\n
ERROR: Environment variable YAPTEST_DBNAME is not set...<\/pre>\n
$ yaptest-test-areas.pl query<\/pre>\n
$ cd ..\/external_gw2<\/pre>\n
$ source env.sh<\/pre>\n
Doing some scanning<\/h3>\n
$ su<\/pre>\n
# pwd<\/pre>\n
\/home\/u\/abc_company\/vlan1<\/pre>\n
# source env.sh<\/pre>\n
# yaptest-arp-scan-local-network.pl --help\r\n\r\nUsage: yaptest-arp-scan-local-network.pl\r\nARP scans the local network.\r\n\r\nThis script needs to know the Network Interface to use. This\r\nis found from the 'yaptest_interface' config option:\r\n$ yaptest-config.pl query yaptest_interface\r\n$ yaptest-config.pl set yaptest_interface eth0\r\n\r\nNB: This script relies on arp-scan being in the path<\/pre>\n
# yaptest-arp-scan-local-network.pl\r\n[PID 936] ------------------ Yaptest \"run_test\" executing command ... ---------------------\r\n[PID 936] Command ............. arp-scan -r 2 -I vmnet1 -l\r\n[PID 936] Output File ......... arp-scan.out.2\r\n[PID 936] ---------------------------------------------------------------------------------\r\n[PID 936] Interface: vmnet1, datalink type: EN10MB (Ethernet)\r\n[PID 936] Starting arp-scan 1.5 with 256 hosts (http:\/\/www.nta-monitor.com\/tools\/arp-scan\/)\r\n[PID 936] 172.16.16.4 00:0c:29:f3:6b:a8 VMware, Inc.\r\n[PID 936] 172.16.16.5 00:0c:29:09:8d:2e VMware, Inc.\r\n[PID 936] 172.16.16.6 00:0c:29:31:dc:1b VMware, Inc.\r\n[PID 936] 172.16.16.7 00:0c:29:3d:85:01 VMware, Inc.\r\n[PID 936] 172.16.16.8 00:0c:29:8b:2d:e3 VMware, Inc.\r\n[PID 936] 172.16.16.9 00:0c:29:f7:de:4e VMware, Inc.\r\n[PID 936] 172.16.16.10 00:0c:29:d6:64:c3 VMware, Inc.\r\n[PID 936] 172.16.16.254 00:50:56:ea:9d:d8 VMWare, Inc.\r\n[PID 936]\r\n[PID 936] 8 packets received by filter, 0 packets dropped by kernel\r\n[PID 936] Ending arp-scan 1.5: 256 hosts scanned in 1.283 seconds (199.53 hosts\/sec). 8 responded<\/pre>\n
# yaptest-parse-arp-scan.pl arp-scan.out.2\r\n\r\n**************************************************************************\r\n* Starting yaptest-parse-arp-scan.pl *\r\n* [ Using yaptest v0.0.4 - http:\/\/pentestmonkey.net\/projects\/yaptest ] *\r\n**************************************************************************\r\n\r\nProcessing arp-scan.out.2...\r\nInterface: vmnet1, datalink type: EN10MB (Ethernet)\r\nStarting arp-scan 1.5 with 256 hosts (http:\/\/www.nta-monitor.com\/tools\/arp-scan\/)\r\n172.16.16.4 00:0c:29:f3:6b:a8 VMware, Inc.\r\nPARSED: IP=172.16.16.4, MAC=00:0c:29:f3:6b:a8, DESC=VMware, Inc.\r\n172.16.16.5 00:0c:29:09:8d:2e VMware, Inc.\r\nPARSED: IP=172.16.16.5, MAC=00:0c:29:09:8d:2e, DESC=VMware, Inc.\r\n172.16.16.6 00:0c:29:31:dc:1b VMware, Inc.\r\nPARSED: IP=172.16.16.6, MAC=00:0c:29:31:dc:1b, DESC=VMware, Inc.\r\n...<\/pre>\n
# yaptest-hosts.pl query\r\nvlan1\u00a0 172.16.16.4\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.5\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.6\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.7\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.8\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.9\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.10\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.254\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nTotal records: 8<\/pre>\n
# yaptest-hosts.pl delete -i 172.16.16.254<\/pre>\n
Deleting 172.16.16.254<\/pre>\n
# yaptest-hosts.pl query\r\nvlan1\u00a0 172.16.16.4\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.5\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.6\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.7\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.8\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.9\u00a0\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nvlan1\u00a0 172.16.16.10\u00a0\u00a0\u00a0 null\u00a0\u00a0\u00a0 null\r\nTotal records: 7<\/pre>\n
# yaptest-hosts.pl add -f ips.txt<\/pre>\n