Tuesday, October 7, 2008

Yaptest - Automating Pentesting tasks

I was reading my rss feeds and i stumble across "Yaptest", a tool that aims to make it easy for a pentester to automate parts of testing on the fly. In the tool website the author gives some examples like:
  • Run nikto on anything nmap thinks is an HTTP service
  • Run hydra on every host with TCP port 21 open
  • Attempt upload a file to any TFTP servers found
  • Run onesixtyone on all hosts that are up
  • Try metasploit's solaris_kcms_readfile exploit against any hosts running kcmsd
Im thinking right now in thousand of more uses.  I like this kind of tools oriented in the automation of tedious work,  boosting productivity and cutting time from assessment projects.

Now there is a Yaptest front end, and it look amazing:

The tools is developed in perl and the frontend in Ruby. I'm not too fan of perl, but i will give a try to the tool asap.


CMM
By -

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...

  • Scan for shellshock with wfuzz
    In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
  • Wfuzz 2.1 released !
    I'm pleased to announce  a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
  • Scanning ports through SSH Port Forwarding
    In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...