Thursday, February 17, 2011

Something new...

As this tool is growing some new features keeps creeping in. Like the "Web spider" function that is now available as a brand new button on the menubar...
In short, what this little button does, is to allow you to ad a list of hosts/urls...
and Yeti will go along and attempt to spider all the hosts/urls in the list, and extract links/src items from the html, parse out the host name and domains from these links and will then attempt to perform a "whois" query on the found domains...
I think this is a cute little feature that lays the foundation from many more possibilities, so if you can think of some cool stuff that we can do with this, please send me a mail/message and we'll take it from there.
Thanx for the support so far
./w

Java au lait, por favor?

A thunk hit me this morning when I realised that Java is slowly entrenching itself into a lot of things we do at SensePost. Now, the lads have been known to churn out little snippets of brilliance over the years - you know - Wikto, Suru, reDuh etc - and lately the conversion of these tools to Java.

Apart from Yeti, we have jCertChecker (SSL miner) as well as J-Baah (the Java port of the Crowbar http fuzzer) and reDuh. Incidentally, the writer of J-Baah, Mr Ian de Villiers, has been confirmed as a trainer on the SensePost HBN - Combat Edition, at
Black Hat Barcelona. It's a tough course, but it's worth it.

And last, but not least, ./w just pumped me in the ribs to say the Java port of Scully, an MSSQL/MySQL client interface, should be out in the week.

So, as you can see, lots of cross platform love. :-)

Enjoy, and play nice.

Sunday, February 13, 2011

Why network footprinting?

Since our initial release of Yeti (once again, thank you for all the support thus far) we have had a number of suggestions, bug reports and critiques from keen users, all of this is greatly appreciated by the team at SensePost.
A number of you have asked us "why bother?, why bother writing yet another network footprinting tool?"
This is a great question, especially in an industry where numerous tools exist that do the same job.
We believe in the necessity to have good, solid Internet intelligence gatherers is on the increase. For small companies, such as a mom and pop shop, the requirement is much less than a multinational company with presence all over the Internet.
Cloud computing is compounding this necessity. Developers are embracing the instant availability of uncountable cycles of processing and storage, to serve up hot gourmet applications and services. But how much of this is officially sanctioned and comply with company security policies?
This is a question we often get asked by risk managers, and with Yeti we can give them solid answers. In short, many companies don't understand what they have out there on the Internet.
An example of this was when recently, we performed a footprinting exercise for a client, that focused heavily on the WHOIS data. We broke the results down into its most granular form, even focusing on the registrant and registrar data. This particular client then picked up that a rogue business unit was operating outside of senior management control and knowledge and leveraging off the parent company's name and brand.
This was picked up through the registrant email being different from the rest. Small detail but increasingly significant.
Secondly, we at SensePost believe in the most effective way of performing a task. Sure, you can do what Yeti achieves using command line techniques, but let's be honest here and admit this process is tedious and laborious. One shouldn't struggle in getting the data - one should rather put effort into analysing the results and applying them to the problem at hand.
Remember, technology scales - people don't. There is no shame in making use of technology to do manual labour.
Thirdly, at SensePost, the necessity was also driven by a depreciated Bidiblah. The 'Blah' was the flagship tool for fingerprinting for many years and, at the time, ahead in its class. But recently it has had problems walking up stairs and we now feel it's time for it to spend long days playing cards in a retirement home.
A question that hasn't been asked of us yet is: "Why should we follow the blog?, I don't care about your product!". Simply put, we will be using this blog to keep you updated about all aspects of Yeti's development, techniques that can be used and any other interesting tips we think you'd enjoy knowing about. Several of the techniques used in Yeti consist of rudimentary command line driven derivatives and these techniques will be discussed at a future date.
So there you have it, our approach at SensePost to footprinting is now available as a tool for the community.
Happy digging.

Tuesday, February 8, 2011

New tutorial added...

Added a tutorial on "Domain Expansion". Please read it, and let me know what you think, both of the tutorial as well as Yeti's functionality.

./w

Friday, February 4, 2011

progress report...

Hi, like Evert said, some gremlins did creep in, in the last release. Sorry about that.

I've spend some time now to try and sort out as many issues as possible, but for now here is a list of some of the changes what was made:
  1. Improved forward lookups, it should be noticeably faster now
  2. I've you click the view button on the job progress panel, it will switch tabs for you now
  3. "Clear" button on the result screen is fixed
  4. "Check all" checkbox is also fixed now
  5. You can now save your footprints as SQLite db files and reopen them
there were also tons of little fixes that I'm not going to mention here.
From the next release on Monday 7th, '11 I will start including proper release notes with a detailed description of changes that was made.

Hope you are having fun so far.

./w

Thursday, February 3, 2011

The joys of putting it out there


So, thanks to Blogspot's "would you like Google to index this site automagically" we have had a couple of hits on the site. And a couple of downloads. And with that a couple of suggestions. Several of them were about the ForwardLookup module that seems to be flaky.

Embarrassing yes but this is the nature of everyday software development. The only difference is that on the Internet, the issues can be highlighted so much quicker.

But never fear, ./w is on it - I am hearing mutterings about netbeans and the such but a good carpenter never criticizes his tools :). We will blog when a fix is available.

Happy digging.

Wednesday, February 2, 2011

And another thing ...

Added the link to the BING API key download site, to the "Getting Started" page. You really would want to add this to your Yeti configuration.

Comments open to all!!

Changed the settings so that Anonymous Comments are now allowed


./w

Bug fix #1

Hi just a quick post, there was a performance issue with the "Domain expand" function, managed to sort that out and in the process got a 400% speed increase. Jip you can blame that one on me!
The file is up so. download it, and let me know...

Tuesday, February 1, 2011

First tutorial - Getting started

The first tutorial page has been added "Getting started" deals with the setup and startup of the Yeti application.
Please check it out, and let us know if you found it useful/useless and what might be missing

./w

... and here we go!!!

It's FINALLY here, the first beta version of the JYeti client, it's been awhile coming but here it is.
This version contains the basic set of functionality that we require for doing footprint, these include
...
  • Top level domain expansion (tld expand)
  • Forward lookups (mx,ns,a,cname and zone transfers)
  • Reverse lookups (ptr records)
  • Cert Extraction (getting the common name, and domain from ssl cert)
  • Bing IP/Site searches
So this should be a good starting point

Some stuff that got left out of this release is the Netblocks editor, vitality scanner and the GeoLocations, this will be in the next release that is ear marked for next week.

Some things to keep in mind...
When you start the app for the firt time it will present you with a config screen where you need to fill in some information
  1. Microsoft BING api key, you need to grab 1 from the Bing developers site http://www.bing.com/developers/appids.aspx
  2. The forward bruteforce lookup files, in the tar.bz2 file you download you find a directory named "bruteforcedata" just add the path to that directory
  3. The tld expand tld list is also supplied inside the tar.bz2 file and it can be located under the "tlddata"
  4. Java Runtime 1.6 yip, this is a java app so sadly you are going to have to install it 
This is the short and basic info, I'm sure that in time there will be a lot more data and information added, so please come back.
As for bug/special behavior, please report them directly to me (./w or willem@sensepost.com) or (Evetar  or evert@sensepost.com) and we will try and sort them out as soon as non-humanly possible.
As for help files/tutorials, there isn't currently any, HOWEVER, over the course of the next couple of days I will be releasing some clips/tutorials that will deal with every aspect of the application, so don't despair, just bookmark the feed :)

As for feature requests, all of them will be welcomed and considered.

So here we go, grab the file from here [download] and have a ton of fun

./w