ChangeLog

2014-10-13 yaptest v0.2.2

* All available yaptest-* tools will be installed
* Tweaked web-check to check for perl on UNIX systems
* Dependencies updated
* yaptest-parse-onesixtyone.pl will now recognise snmpds with
  ACLs on the accessible OID
* yaptest.pm will now honour the system wide defaults
* Added some expected documents, required by autoconf
* Install now performed using autoconf with support for
  --prefix
* Added debian/

2008-11-26 yaptest v0.2.1

* Added yaptest-ssh-keyscan.pl to gather SSH host keys
* Lots more parsing of enum4linux to support the 'Windows info'
  feature of YaptestFE
* Added yaptest-parse-dcetest.pl to parse windows hostnames
* yaptest-db-ips.sh now checks if you're root before running
* yaptest-parse-ntpq.pl parsed NTP OS disclosure issue and stores
  OS in host_info table
* Timeout for nmap UDP scans can be set with yaptest-config.pl
* Changed issue name insec_proto_rdp to rdp_mitm
* Added yaptest-smb-version.pl to get version info via 
  metasploit's auxiliary/scanner/smb/version module
* Bug fix: "yaptest-ports.pl query --test_area foo" works
* API change: insert_issue will now add ports into database if
              and only if the host already in the database
* API change: insert_port will not add new hosts
* API change: ::PORT:: can be specified in output file even if
              it wasn't specified in the command
* Amap is now used to find SSL ports in addition to nmap
* Added yaptest-nessus3.pl and yaptest-nessus-wrapper.pl to
  to run Nessus v3 against hosts in backend database
* Netmask is now parsed from ICMP and SNMP data and stored in the
  interfaces tables.  This will support better network maps in
  YaptestFE in future
* Added yaptest-openvas.pl to run OpenVAS against hosts in the
  backend datbases
* Output of nmap is parsed to identify hosts support SSHv1
* Added yaptest-ldapuserenum.pl to run ldapuserenum.py against
  LDAP servers.  Usernames are parsed into the database
* Backgrounded nikto scans because the take a long time
* yaptest-nmap-udp.pl now additionally tests all open UDP ports
  to make double sure we have version info for each one

2008-10-31 yaptest v0.2.0

* yaptest-dns.pl now tries additional DNS queries
  Bind version disclosure issue parsed automatically
* yaptest-kcmsd-fileread.pl added to get credential information 
  from hosts via metasploit 2 kcmsd exploit
* yaptest-config.pl must be used set "exploit_ok = yes"
  before exploitation scripts will run (rexd, kcmsd)
* yaptest-config.pl must be used set "unsafe_ok = yes"
  any unsafe exploits / checks are run (ms08-067)
* yaptest-parse-rpcinfo.pl inserts additional issues
* Added yaptest-udp-proto-scanner.pl to run udp-proto-scanner
  for better UDP service detection
* yaptest-nxscan.pl automatically parses issues
* Bug fix: "yaptest-progress.pl reset" works for port-related
           progress as well as host-related progress
* yaptest-telnet-fuser.pl changed to use metasploit 3.  Now
  automatically grabs credentials when possible

2008-10-26 yaptest v0.1.9

* Created "modules" directory to make ebuild creation easier
* yaptest-parse-yapscan-tcp.pl now parses TTL info
* yaptest-parse-traceroute.pl now parses hop number
* Bug fix: Negative hop number from yaptest-parse-ping-r.pl
* yaptest-parse-bannergrab.pl parses usernames guessed by
  the "finger" probes
* Add the following support username guessing against finger
  daemons using finger-user-enum.pl:
  - yaptest-finger-user-enum.pl
  - yaptest-parse-finger-user-enum.pl
  - finger-users.txt
  NB: Only tested against one Linux and one Solaris finger 
  daemon so far
* Added yaptest-password-guess-mysql.pl
* Added API for parseing BSD MD5 hashes from john.pot
* Added yaptest-rexd.pl to get credential information from
  hosts running rexd
* "yaptest-progress.pl reset" takes multiple args
* Improved parsing of /etc/groups by yaptest-groups.pl
* yaptest-credentials.pl parses issues about DES-based
  hashes and cleartext passwords in /etc/passwd

2008-09-18 yaptest v0.1.7

* These scripts can now export query results in XML format
  for importing into 3rd party tools:
  - yaptest-issues.pl
  - yaptest-hosts.pl
  - yaptest-ports.pl
  - yaptest-port-info.pl
  - yaptest-host-info.pl
* yaptest-issues.pl has an 'insecgen' option to generate issues
  about insecure protocols being used
* Added yaptest-parse-nikto.pl to parse a few issues from 
  nikto output
* yaptest-parse-ping-r.pl now parses hop number into backend
  database
* yaptest-parse-oscanner.pl generates issues about weak logins
* yaptest-sslscan.pl now has a timeout
* Bug fix: yaptest-issues.pl can now search on test_area
* Bug fix: yaptest-port-info.pl can now search on value
* Bug fix: Stopped yaptest-parse-nmap-xml.pl from parsing
           closed TCP ports into the database
* Bug fix: yaptest-snmp-user-enum.pl does better pattern
           matching to determine hosts to run against
* Bug fix: Traceroute output file now contains IP addr

2008-09-06 yaptest v0.1.6

* Added yaptest-x-open.pl to run commands against open
  X11 servers
* Added yaptest-fpdns.pl to fingerprint any DNS servers
  found
* Added yaptest-ident-user-enum.pl to grab usernames if the
  ident/auth service is running on 113/TCP
* Added yaptest-vessl.pl - contributed by deanx
  Performs verious checks on SSL certs and adds corresponding
  issues to database
* run_test now supports markup to use port_info, e.g
  ::PORTINFO-ldap_namingcontext::
* yaptest-ldapsearch.pl modified to run a query using each 
  naming context found as a base DN
* run_test's port filter can now select a range of ports
* The run_test 'command' markup for ports can handle 
  subtraction, e.g. ::PORT-6000:: for X11 tests
* run_test's port_info filter can now use <, >
* run_test's filter can now be applied to only a subset of
  hosts using the host_filter argument
* Bug fix: yaptest-issues.pl can delete port-issues
* Bug fix: Permission problem on icmp_names table
* Bug fix: yaptest-password-guess-smb.pl works now
* Bug fix: yaptest-parse-nmap-xml.pl is better at parsing
           the nmap_os_guess host_info field
* Bug fix: view_insecure_protos no long contains ssl ports
* Bug fix: view_host_info no longer contains null rows
* yaptest-issue.pl parses a few more issues from nessus
* yaptest-parse-enum4linux.pl parses user enumeration 
  issues
* Added yaptest-dns.pl and yaptest-parse-dns.pl to check
  for recursive lookups.  May do more in future
* Schema update: added primary keys back
* Schema update: support for holding network topology info
                 (initially used only by YaptestFE v0.9.1)
* Schema update: Added speed-up indexes to the credentials table
* yaptest-parse-nmap-xml.pl modified to parse topology
  info from TCP traceroutes which are done automatically by
  later versions of nmap
* yaptest-traceroute.pl and yaptest-ping-r.pl added to 
  collect network topology information
* Actually added yaptest-host-info.pl to the tar ball!
* yaptest-parse-snmpwalk.pl now parses the interface IPs
  into the "interfaces" table.  Helps to identify multi-homed
  hosts for the network map
* Added yaptest-parse-tnscmd.pl to parse port_info and issues
  about oracle services

2008-08-10 yaptest v0.1.5

* The following scripts now insert more "issues":
   yaptest-parse-yapscan-icmp.pl
   yaptest-issues.pl
   yaptest-parse-enum4linux.pl
   yaptest-parse-sslscan.pl (new script)
   yaptest-parse-dcetest.pl (new script)
  Note that support for "issues" is still quite rundentary
  in this release.  There are no issue descriptions, title,
  risk ratings, etc. yet
* Semaphores implemented to solve race conidition which 
  caused postgres error message
* Lots of database schema changes to support YaptestFE

2008-07-19 yaptest v0.1.4

* Nikto output filenames contain the protocol (http / https)
* Made some error messages more verbose
* Can no longer accidentially add a network instead of an 
  IP via yaptest-hosts.pl (e.g. 192.168.0.0/24)
* Bug fix: Uppercase letters converted to lowercase in
           database name (backend doesn't allow ucase)
* Bug fix: Test areas can contain '-' now
* Bug fix: Semaphore implemented to prevent multiple processes
           (name yaptest-bannergrab.pl) from creating port_keys
	   at the same time
* yaptest-parse-nmap-xml.pl will now parse MAC addresses out
  (if present) and associate them with the IP in the backend db
* yaptest-parse-nmap-xml.pl will now parse the top OS guess
  and store it as host_info in the backend db
* DB schema altered to prevent yaptest_user owning tables
* Dropped uniqueness constraint on port_info table to prevent
  yaptest-parse-bannergrab.pl causing the the following error:
   DBD::Pg::st execute failed: ERROR:  index row size 4100 
   exceeds btree maximum, 2713
* run_test API now supports filtering based on host_info
* Duration of quick UDP scan stored in host_info table
* yaptest-nmap-udp.pl will now do a full UDP scan of any 
  hosts that complete their quick UDP scan in less than
  10 seconds (e.g. Windows boxes)
* yaptest-credentials.pl now allows searching on username
  and password fields using the special words NOTNULL and
  NOTEMPTY - useful to list accounts you know the password
  for
* Altered some database field names:
    icmp.type => icmp.icmp_type
    icmp.code => icmp.icmp_code

2008-05-15 yaptest v0.1.3

* Global settings (for all users) can now be configured in
  /etc/yaptest.conf - useful if lots of pentesters use a
  shared server
* Lines in config files starting with # are treated as 
  comments
* Included some example dictionaries.  These get installed
  in /usr/local/yaptest.  You want to replace these
  with some good dicts or select a different dict using
  /etc/yaptest.conf
* Created yaptest-db-ips-mac.sh for mac users.  It's basically
  the same as yaptest-db-ips.sh but doesn't run yapscan
  (yapscan doesn't work on mac)
* Changed usage of "yaptest-hosts.pl delete" to be like
  "yaptest-hosts.pl add"
* Bug fix: yaptest-parse-nmap-xml.pl now copes when extra
  XML has been appended to an existing results file

2008-05-12 yaptest v0.1.2

* yaptest-nmap-tcp.pl now parallelises scans - accidentally
  removed in previous version

2008-04-20 yaptest v0.1.1

* command_log table created.  Each time yaptest runs an 
  external command, it will log the time the command is
  run to the command_log table.  End time is also recorded
* API improvement.  Forked process can now communicate with
  backend database.  This was required for new logging 
  feature
* yaptest-wizard.pl now reminds you to run yaptest-db-ips.sh
* dns-grind, medusa, oscanner, snmpwalk added to dependency list
* hoppy output now saved via -S option.  Hoppy v1.5+ required
* yaptest-ldap.pl renamed to yaptest-ldapsearch.pl
* ldapsearch explicitly specifies -x for simple auth.  The 
  default on mac seems to be not to use simple auth
* LDAP namingContexts stored in the port_info table
* Added yaptest-port-info.pl for viewing information stored
  about each port
* HTTP script now run against "nmap_service like http" instead
  of "nmap_service = http".  Proxy ports were being missed
* Bug fix: A couple of scripts were still using perl -w
  This breaks on linux where #!/usr/bin/env perl -w is used
  Added "use warnings" instead
* API improvement.  "OR" queries for port_info, e.g
  nmap_service_name is "oracle" OR oracle_tns.  See
  yaptest-tnscmd.pl for an example
* yaptest-bannergrab-ng.pl renamed to yaptest-bannergrab.pl
* Output from bannergrab now stored in the database
* sslscan is now run against SMTP servers supporting
  STARTTLS.  sslscan v3.6+ required
* smtp-user-enum.pl is run against SMTP servers which 
  bannergrab identifies has allowing user enumeration
  Usernames are auto-parsed into credentials database

2008-04-06 yaptest v0.1.0

* #!/usr/bin/perl changed to #!/usr/bin/env perl
  This allows users to change to a different perl 
  interpreter just by changing their path
* Cheers to deanx for the following bug reports / feature
  requests:
* Bug fix: -i option now works for "yaptest-hosts.pl query"
* Bug fix: yaptest.conf now quotes the env var, so yaptest
  still works when you have spaces in your path
* yaptest_interface is now set to en0 by default on OSX
  and remains eth0 by default on Linux.  

2008-04-01 yaptest v0.0.9

* Added yaptest-issues.pl to keep track of which
  security issues are associated with which IPs / ports
* Added yaptest-oscanner.pl to run the Oracle password
  gussing script on all ports identified as Oracle by
  nmap
* Added yaptest-dns-grind.pl to get DNS PTR hostnames
  for all IPs and store them in the database
* yaptest-parse-arp-scan-local-network.pl now stores the
  NIC vendor as host-info (use yaptest-host-info.pl to
  query)
* yaptest-password-guess-ssh.pl now runs against all
  ports nmap identifies as ssh, not simply against port
  22
* Added missing yaptest-parse-nbtscan.pl.  Oops
* OSX users can install more easily using:
     make databasemac
     make installmac
* Debug messages removed from yaptest-progress.pl
* "make install" will check for PERL syntax errors while
  installing.  This is more to avoid bugs in releases
  than to help end users, though

2008-03-31 yaptest v0.0.8

* Install scripts tweaked to be more compatible with OSX
  Extra notes updated in the script comments
* yaptest-nmap-tcp.pl can now be called on just the open
  port (as before) or on all IP addresses (new).  Nmap
  can therefore be used instead of yapscan

2008-03-30 yaptest v0.0.7

* Interrupt tests and resume them later
  run_test API now remembers what it has scanned and avoids
  re-scanning it.  This allows tests to be resumed 
  relatively efficiently if they're interrupted
* Auto-parse scan results into the database
  run_test API now has an option to specify a parser that
  will be run on on the output file.  These script now
  auto-parse, so the parsers aren't called from 
  yaptest-db-ips.sh:
        yaptest-yapscan-icmp.pl
        yaptest-yapscan-tcp.pl
        yaptest-rpcinfo.pl
        yaptest-onesixtyone.pl
        yaptest-enum4linux.pl
        yaptest-snmpwalk.pl
        yaptest-password-guess-ftp.pl
        yaptest-password-guess-mssql.pl
        yaptest-password-guess-rlogin.pl
        yaptest-password-guess-smb.pl
        yaptest-password-guess-ssh.pl
        yaptest-arp-scan-local-network.pl
* Added yaptest-host-info.pl.  This can be used to store 
  arbitrary info about a host in key/value format.  Currently
  used for tracking OS, Windows domain, Domain controllers,
  Device type, SNMP system description
* "make checkdep" is now supported to check for missing 
  external programs and PERL modules
* yaptest-yapscan-tcp.pl now breaks scans into chunks and
  run scans on custom port ranges.  The smaller chunks help
  to resume scans more efficiently
* Added yaptest-password-guess-mysql.pl to guess passwords 
  against any mysql servers found
* Most password guessing is not turned off in 
  yaptest-db-ips.sh to avoid locking accounts out
* yaptest-enum4linux.pl now uses version 0.8.0 which takes
  different command line args and does more thorough enumeration
* yaptest-groups.pl can now parse group info from enum4linux
  output.  This is incredibly helpful when attacking large
  Windows domains
* yaptest-ports.pl now support querying of ports based on
  nmap version string (e.g. 'Apache')
* yaptest-parse-onesixtyone.pl now stores system descrition
  as "host-info" and recognises jetdirect systems as having
  device_type = printer
* rpcinfo-based tests use RPC number instead of name incase 
  users don't have a good /etc/rpc file
* Optimised yaptest-db-ips.sh to do the interesting stuff
  first
* Nmap TCP scans use --version-all so nmap does a better job
  of identifying strange ports.  This is slower, but is 
  important because so many scripts rely on what nmap finds
* Lots of schema enhancements to support current and future
  features
* yaptest-parse-nbtscan.pl added to store hostname,
  domain membership and domain controller info in backend
  database
* Added ASCII art to yaptest-wizard.pl :-)

2007-12-22 yaptest v0.0.6

* Added yaptest-groups.pl to keep track of group memberships
  for Unix system.  No Windows support yet, though
* Added yaptest-bannergrab-ng.pl which runs bannergrab-ng on 
  every TCP port
* Added yaptest-sslscan.pl which runs sslscan on all the 
  TCP ports which nmap thinks are SSL ports
* Added yaptest-httprint.pl which runs httprint on all
  HTTP and HTTPS ports
* Added yaptest-hoppy.pl which runs hoppy on all
  HTTP and HTTPS ports
* Fixed bug in yaptest-wizard.pl.  It was creating test areas
  as subdirs other test areas
* Fixed bug which prevented proper parsing of NTLM hashes from
  the john.pot file
* Added support for cracking NTLM hashes using NTLM rainbow 
  tables via rcrack.  See yaptest-credentials.pl for details
* Bug fix: yaptest-parse-hydra.pl can now deal with blank passwords

2007-11-03 yaptest v0.0.5

* Added rcrack support for cracking LANMAN hashes to 
  yaptest-credentials.pl
* Added test-setup script yaptest-wizard.pl
* Significant speed-ups for database performance while password 
  cracking.  It can still be slow, but now usable for ~3000 accounts
* Support for cracking NTLM hashes with john the ripper
* Support for specifying a john command line.  Edit yaptest.conf
  Useful for using a copy that is not in the path or starting
  the MPI version of john with mpiexec
* Enum4linux now cycles through more RIDs to try and avoid missing
  accounts
* Yaptest-hosts.pl can add a list of hosts from the command
  line - instead of one at a time like before
* Yaptest-hosts.pl can delete hosts

2007-07-29 yaptest v0.0.4

* Generally cleaned up output to remove debug messages and 
  standardise usage messages
* yaptest-parse-snmpwalk.pl added.  Parses usernames from Windows
  systems into the credentials database.  Also parses unix users
  from process listing
* yaptest-parse-enum4linux.pl added.  Parses username info if 
  target has settings equivelant to RestrictAnonymous=0 or 1
* yaptest-parse-hydra.pl added.  Guessed usernames and passwords
  are now added to credentials database by yaptest-db-ips.sh
  Use "yaptest-credentials.pl query" for list of creds found
* yaptest-ports.pl can now search on nmap service type and nmap
  service version so you can easily search for all HTTP servers
  or all Apache servers for example
* yaptest-icmp.pl added for querying which hosts respond to ICMP
* yaptest-password-guess-smb.pl now uses hydra instead 
  of medusa
* Bug fix: SNMP community strings are now displayed by
           yaptest-credentials.pl, and used properly by
	   yaptest-snmpwalk.pl
* Bug fix: Uniquness constraint when parsing slightly different
           nmap results
* Mostly removed support for environment variable in favour of
  yaptest.conf and ~/.yaptestrc configuration files
* Added yaptest-config.pl

2007-07-15 yaptest v0.0.3

* yaptest-db-ips.sh added to kick off most supported tests on all the
  IPs in the database
* Extra scripts:
    yaptest-amap-udp.pl
    yaptest-credentials.pl
    yaptest-enum4linux.pl
    yaptest-snmpwalk.pl
    yaptest-sshprobe.pl
    yaptest-tftp.pl
    yaptest-veritas-file-download.pl
* Renamed yaptest-nfs.pl to yaptest-showmount.pl
* Deprecated yaptest-add-ips.pl in favour of yaptest-hosts.pl
* Deprecated yaptest-os-usernames.pl in favour of yaptest-credentials.pl
* Schema changes to support resuming of scans - still under development
* yaptest-ports.pl supports "-t test_area" option
* Bug fix: -t option to yaptest-hosts.pl now works
* Scripts that "use yaptest" now print out a standard banner on startup
* Targets are now printed for each test without the use of Data::Dumper

2007-07-03 Yaptest v0.0.2

* Support for ::PORTLIST-SPACE:: markup tag
* Extra scripts:
    yaptest-amap-tcp.pl
    yaptest-ike-scan.pl
    yaptest-tnscmd.pl

2007-07-01 Yaptest v0.0.1

* Initial public release