So after another 2 weeks of slaving away at work we finally have another minor release out.
Now before I go on I just need to put out a big shout-out for Rob Fuller and the gang at Hak5.org. After the last release Rob sent me a LIST of some pointers and feedback and while I know that this release doesn't nearly cover everything in that list, the feedback was greatly appreciated. Needless to say, I'll be attempting to address everything that was mentioned, not just from Rob, but from everybody.
So to Rob, Hak5 and everybody that has been supporting us with comments and feedback, thank you, and keep them coming :)
Now, for this release most of the changes were subtle GUI enhancements, but the idea was to make things a bit more usable and straight forward. Yes, there are still some glaring issues, but I'm working on that :)
Download here...
Oh yes, we also added some new tutorials and I'll be adding another one today on how to use the GeoIP locations, KML and Google Maps. More fun than useful, but keep an eye out for that one.
Thank you for the support, and please keep those comments coming!
./w
Yeti - the new SensePost project in the space of network footprinting
Tuesday, March 15, 2011
Wednesday, March 2, 2011
Why don't apps have a "Make it better" menu option?
Well that means more work for the developers :) I actually got that off a tweet @mubix, and that kinda stuck with me. I'm building Yeti to work in a way to solve a problem that I've got, and in turn I'm sharing it with the world, however, I doubt that the way I like things are the same as most other @people out there.
So to compromise, instead of adding a menu option I've decided to add a weekly poll, so that people out there, meaning you, can choose how I spend my free time. (Note option 4 :P)
Also, I would like people using Yeti, to tell me the single most annoying feature of the app, and if what they like to be done to it. Trust me, I'll get round to it ... eventually.
./w
So to compromise, instead of adding a menu option I've decided to add a weekly poll, so that people out there, meaning you, can choose how I spend my free time. (Note option 4 :P)
Also, I would like people using Yeti, to tell me the single most annoying feature of the app, and if what they like to be done to it. Trust me, I'll get round to it ... eventually.
./w
Release 0.5b (we have version numbers now)
Hi Everybody,
Sorry we've been so quiet, but we've be sorting some gremlins and doing training, well in short we've been training to earn our keep here at SensePost....
But I've got a new release out today with some nice fixes on the ForwardLookup (hostname brute forcing) it should go a lot faster plus you can now do large lists of domains in a single go. I just did a test on brute forcing about 2000 domains in a single go, it took some time but the app handled it with no problems :)
There are some other bug fixes, minor tweaks here and there, so check out the First releasenotes.txt file that shipped with the application.
Some highlights in the next release to look out for will be a custom data exporter and some custom search engine searches, so in short, watch this space.
O and by the way I'll be pushing out a new tutorial a bit later this week.
As always, have some fun!
./w
Sorry we've been so quiet, but we've be sorting some gremlins and doing training, well in short we've been training to earn our keep here at SensePost....
But I've got a new release out today with some nice fixes on the ForwardLookup (hostname brute forcing) it should go a lot faster plus you can now do large lists of domains in a single go. I just did a test on brute forcing about 2000 domains in a single go, it took some time but the app handled it with no problems :)
There are some other bug fixes, minor tweaks here and there, so check out the First releasenotes.txt file that shipped with the application.
Some highlights in the next release to look out for will be a custom data exporter and some custom search engine searches, so in short, watch this space.
O and by the way I'll be pushing out a new tutorial a bit later this week.
As always, have some fun!
./w
Thursday, February 17, 2011
Something new...
As this tool is growing some new features keeps creeping in. Like the "Web spider" function that is now available as a brand new button on the menubar...
In short, what this little button does, is to allow you to ad a list of hosts/urls...
and Yeti will go along and attempt to spider all the hosts/urls in the list, and extract links/src items from the html, parse out the host name and domains from these links and will then attempt to perform a "whois" query on the found domains...
I think this is a cute little feature that lays the foundation from many more possibilities, so if you can think of some cool stuff that we can do with this, please send me a mail/message and we'll take it from there.
Thanx for the support so far
./w
Thanx for the support so far
./w
Java au lait, por favor?
A thunk hit me this morning when I realised that Java is slowly entrenching itself into a lot of things we do at SensePost. Now, the lads have been known to churn out little snippets of brilliance over the years - you know - Wikto, Suru, reDuh etc - and lately the conversion of these tools to Java.
Apart from Yeti, we have jCertChecker (SSL miner) as well as J-Baah (the Java port of the Crowbar http fuzzer) and reDuh. Incidentally, the writer of J-Baah, Mr Ian de Villiers, has been confirmed as a trainer on the SensePost HBN - Combat Edition, at Black Hat Barcelona. It's a tough course, but it's worth it.
And last, but not least, ./w just pumped me in the ribs to say the Java port of Scully, an MSSQL/MySQL client interface, should be out in the week.
So, as you can see, lots of cross platform love. :-)
Enjoy, and play nice.
Apart from Yeti, we have jCertChecker (SSL miner) as well as J-Baah (the Java port of the Crowbar http fuzzer) and reDuh. Incidentally, the writer of J-Baah, Mr Ian de Villiers, has been confirmed as a trainer on the SensePost HBN - Combat Edition, at Black Hat Barcelona. It's a tough course, but it's worth it.
And last, but not least, ./w just pumped me in the ribs to say the Java port of Scully, an MSSQL/MySQL client interface, should be out in the week.
So, as you can see, lots of cross platform love. :-)
Enjoy, and play nice.
Sunday, February 13, 2011
Why network footprinting?
Since our initial release of Yeti (once again, thank you for all the support thus far) we have had a number of suggestions, bug reports and critiques from keen users, all of this is greatly appreciated by the team at SensePost.
A number of you have asked us "why bother?, why bother writing yet another network footprinting tool?"
This is a great question, especially in an industry where numerous tools exist that do the same job.
We believe in the necessity to have good, solid Internet intelligence gatherers is on the increase. For small companies, such as a mom and pop shop, the requirement is much less than a multinational company with presence all over the Internet.
Cloud computing is compounding this necessity. Developers are embracing the instant availability of uncountable cycles of processing and storage, to serve up hot gourmet applications and services. But how much of this is officially sanctioned and comply with company security policies?
This is a question we often get asked by risk managers, and with Yeti we can give them solid answers. In short, many companies don't understand what they have out there on the Internet.
An example of this was when recently, we performed a footprinting exercise for a client, that focused heavily on the WHOIS data. We broke the results down into its most granular form, even focusing on the registrant and registrar data. This particular client then picked up that a rogue business unit was operating outside of senior management control and knowledge and leveraging off the parent company's name and brand.
This was picked up through the registrant email being different from the rest. Small detail but increasingly significant.
Secondly, we at SensePost believe in the most effective way of performing a task. Sure, you can do what Yeti achieves using command line techniques, but let's be honest here and admit this process is tedious and laborious. One shouldn't struggle in getting the data - one should rather put effort into analysing the results and applying them to the problem at hand.
Remember, technology scales - people don't. There is no shame in making use of technology to do manual labour.
Thirdly, at SensePost, the necessity was also driven by a depreciated Bidiblah. The 'Blah' was the flagship tool for fingerprinting for many years and, at the time, ahead in its class. But recently it has had problems walking up stairs and we now feel it's time for it to spend long days playing cards in a retirement home.
A question that hasn't been asked of us yet is: "Why should we follow the blog?, I don't care about your product!". Simply put, we will be using this blog to keep you updated about all aspects of Yeti's development, techniques that can be used and any other interesting tips we think you'd enjoy knowing about. Several of the techniques used in Yeti consist of rudimentary command line driven derivatives and these techniques will be discussed at a future date.
So there you have it, our approach at SensePost to footprinting is now available as a tool for the community.
Happy digging.
Tuesday, February 8, 2011
New tutorial added...
Added a tutorial on "Domain Expansion". Please read it, and let me know what you think, both of the tutorial as well as Yeti's functionality.
./w
./w
Subscribe to:
Posts (Atom)