Jip it's that time of the year again, and Yeti made it into the BlackHat arsenal! So we'll be doing some live demo's and talking to people, and overall just have some fun.
So if you are going to BlackHat popin and have a chat.
See you there.
./w
Yeti - the new SensePost project in the space of network footprinting
Tuesday, July 19, 2011
Wednesday, June 1, 2011
Release 0.6a (This is a big one!)
Let me start off by saying that this is a fairly big release for yeti, in the sense that there has been some mayor changes made. Most of these changes have been on the back of suggestions and feedback from users and for that I say "big up" and thanx a stack!
What we tried to do in this release was to make it easier to use, and that starts right at the start when you start up yeti for the first time. All the configs are ready to go so there is no need go and look for files and directories. The only thing left is the pesky Bing Application Id or API Key, sorry I can't really do much about that.
The next big thing is the fact that all results are now stored in a database, and that you can do multiple footprints in the same database, the reason for this is so that we can start doing some interesting comparisons across footprints, but more on that a bit laterer :)
Also is that new scripting API, the JSR-223 standard got implemented, so scripting languages like Groovy, Jython, JRuby etc are now supported. I'll start adding the tutorial section on the API in due course. The main reason for this is to allow anybody to generate their own reports or even scanning/data collection engines. Also it makes it easy to do really cool things without compiling and releasing an entire new app :)
So please, take it for a spin and let us know!
Good hunting...
./w
What we tried to do in this release was to make it easier to use, and that starts right at the start when you start up yeti for the first time. All the configs are ready to go so there is no need go and look for files and directories. The only thing left is the pesky Bing Application Id or API Key, sorry I can't really do much about that.
The next big thing is the fact that all results are now stored in a database, and that you can do multiple footprints in the same database, the reason for this is so that we can start doing some interesting comparisons across footprints, but more on that a bit laterer :)
Also is that new scripting API, the JSR-223 standard got implemented, so scripting languages like Groovy, Jython, JRuby etc are now supported. I'll start adding the tutorial section on the API in due course. The main reason for this is to allow anybody to generate their own reports or even scanning/data collection engines. Also it makes it easy to do really cool things without compiling and releasing an entire new app :)
So please, take it for a spin and let us know!
Good hunting...
./w
Saturday, May 14, 2011
... if silence is golden then ducktape must be silver ...
Ok, we've not been as active as we've wanted to, and I'm sure that my KPI's will suffer :) but this post is just to prepare you for something. After the first couple of releases we received some comments and suggestions, and seeing that some of these were really actually very useful we started on the long path of implementing them. This turned out to be way more work, and as we kept on making changes, we started adding more "cool" stuff, because adding new things is way better than fixing stuff :)
So within the next couple of days we will be putting version 0.6a out and here are some highlights:
* Working out the box, thats right, no more adding paths and stuff, unzip, start and go
* Scripting interface, API documents will also follow soon
* Fingerprinting service
* Hopefully a cleaner UI
* And as always, plenty more bugs to fix later
Watch this space...
So within the next couple of days we will be putting version 0.6a out and here are some highlights:
* Working out the box, thats right, no more adding paths and stuff, unzip, start and go
* Scripting interface, API documents will also follow soon
* Fingerprinting service
* Hopefully a cleaner UI
* And as always, plenty more bugs to fix later
Watch this space...
Tuesday, March 15, 2011
Release 0.5c (we have clickable links now!)
So after another 2 weeks of slaving away at work we finally have another minor release out.
Now before I go on I just need to put out a big shout-out for Rob Fuller and the gang at Hak5.org. After the last release Rob sent me a LIST of some pointers and feedback and while I know that this release doesn't nearly cover everything in that list, the feedback was greatly appreciated. Needless to say, I'll be attempting to address everything that was mentioned, not just from Rob, but from everybody.
So to Rob, Hak5 and everybody that has been supporting us with comments and feedback, thank you, and keep them coming :)
Now, for this release most of the changes were subtle GUI enhancements, but the idea was to make things a bit more usable and straight forward. Yes, there are still some glaring issues, but I'm working on that :)
Download here...
Oh yes, we also added some new tutorials and I'll be adding another one today on how to use the GeoIP locations, KML and Google Maps. More fun than useful, but keep an eye out for that one.
Thank you for the support, and please keep those comments coming!
./w
Now before I go on I just need to put out a big shout-out for Rob Fuller and the gang at Hak5.org. After the last release Rob sent me a LIST of some pointers and feedback and while I know that this release doesn't nearly cover everything in that list, the feedback was greatly appreciated. Needless to say, I'll be attempting to address everything that was mentioned, not just from Rob, but from everybody.
So to Rob, Hak5 and everybody that has been supporting us with comments and feedback, thank you, and keep them coming :)
Now, for this release most of the changes were subtle GUI enhancements, but the idea was to make things a bit more usable and straight forward. Yes, there are still some glaring issues, but I'm working on that :)
Download here...
Oh yes, we also added some new tutorials and I'll be adding another one today on how to use the GeoIP locations, KML and Google Maps. More fun than useful, but keep an eye out for that one.
Thank you for the support, and please keep those comments coming!
./w
Wednesday, March 2, 2011
Why don't apps have a "Make it better" menu option?
Well that means more work for the developers :) I actually got that off a tweet @mubix, and that kinda stuck with me. I'm building Yeti to work in a way to solve a problem that I've got, and in turn I'm sharing it with the world, however, I doubt that the way I like things are the same as most other @people out there.
So to compromise, instead of adding a menu option I've decided to add a weekly poll, so that people out there, meaning you, can choose how I spend my free time. (Note option 4 :P)
Also, I would like people using Yeti, to tell me the single most annoying feature of the app, and if what they like to be done to it. Trust me, I'll get round to it ... eventually.
./w
So to compromise, instead of adding a menu option I've decided to add a weekly poll, so that people out there, meaning you, can choose how I spend my free time. (Note option 4 :P)
Also, I would like people using Yeti, to tell me the single most annoying feature of the app, and if what they like to be done to it. Trust me, I'll get round to it ... eventually.
./w
Release 0.5b (we have version numbers now)
Hi Everybody,
Sorry we've been so quiet, but we've be sorting some gremlins and doing training, well in short we've been training to earn our keep here at SensePost....
But I've got a new release out today with some nice fixes on the ForwardLookup (hostname brute forcing) it should go a lot faster plus you can now do large lists of domains in a single go. I just did a test on brute forcing about 2000 domains in a single go, it took some time but the app handled it with no problems :)
There are some other bug fixes, minor tweaks here and there, so check out the First releasenotes.txt file that shipped with the application.
Some highlights in the next release to look out for will be a custom data exporter and some custom search engine searches, so in short, watch this space.
O and by the way I'll be pushing out a new tutorial a bit later this week.
As always, have some fun!
./w
Sorry we've been so quiet, but we've be sorting some gremlins and doing training, well in short we've been training to earn our keep here at SensePost....
But I've got a new release out today with some nice fixes on the ForwardLookup (hostname brute forcing) it should go a lot faster plus you can now do large lists of domains in a single go. I just did a test on brute forcing about 2000 domains in a single go, it took some time but the app handled it with no problems :)
There are some other bug fixes, minor tweaks here and there, so check out the First releasenotes.txt file that shipped with the application.
Some highlights in the next release to look out for will be a custom data exporter and some custom search engine searches, so in short, watch this space.
O and by the way I'll be pushing out a new tutorial a bit later this week.
As always, have some fun!
./w
Thursday, February 17, 2011
Something new...
As this tool is growing some new features keeps creeping in. Like the "Web spider" function that is now available as a brand new button on the menubar...
In short, what this little button does, is to allow you to ad a list of hosts/urls...
and Yeti will go along and attempt to spider all the hosts/urls in the list, and extract links/src items from the html, parse out the host name and domains from these links and will then attempt to perform a "whois" query on the found domains...
I think this is a cute little feature that lays the foundation from many more possibilities, so if you can think of some cool stuff that we can do with this, please send me a mail/message and we'll take it from there.
Thanx for the support so far
./w
Thanx for the support so far
./w
Java au lait, por favor?
A thunk hit me this morning when I realised that Java is slowly entrenching itself into a lot of things we do at SensePost. Now, the lads have been known to churn out little snippets of brilliance over the years - you know - Wikto, Suru, reDuh etc - and lately the conversion of these tools to Java.
Apart from Yeti, we have jCertChecker (SSL miner) as well as J-Baah (the Java port of the Crowbar http fuzzer) and reDuh. Incidentally, the writer of J-Baah, Mr Ian de Villiers, has been confirmed as a trainer on the SensePost HBN - Combat Edition, at Black Hat Barcelona. It's a tough course, but it's worth it.
And last, but not least, ./w just pumped me in the ribs to say the Java port of Scully, an MSSQL/MySQL client interface, should be out in the week.
So, as you can see, lots of cross platform love. :-)
Enjoy, and play nice.
Apart from Yeti, we have jCertChecker (SSL miner) as well as J-Baah (the Java port of the Crowbar http fuzzer) and reDuh. Incidentally, the writer of J-Baah, Mr Ian de Villiers, has been confirmed as a trainer on the SensePost HBN - Combat Edition, at Black Hat Barcelona. It's a tough course, but it's worth it.
And last, but not least, ./w just pumped me in the ribs to say the Java port of Scully, an MSSQL/MySQL client interface, should be out in the week.
So, as you can see, lots of cross platform love. :-)
Enjoy, and play nice.
Sunday, February 13, 2011
Why network footprinting?
Since our initial release of Yeti (once again, thank you for all the support thus far) we have had a number of suggestions, bug reports and critiques from keen users, all of this is greatly appreciated by the team at SensePost.
A number of you have asked us "why bother?, why bother writing yet another network footprinting tool?"
This is a great question, especially in an industry where numerous tools exist that do the same job.
We believe in the necessity to have good, solid Internet intelligence gatherers is on the increase. For small companies, such as a mom and pop shop, the requirement is much less than a multinational company with presence all over the Internet.
Cloud computing is compounding this necessity. Developers are embracing the instant availability of uncountable cycles of processing and storage, to serve up hot gourmet applications and services. But how much of this is officially sanctioned and comply with company security policies?
This is a question we often get asked by risk managers, and with Yeti we can give them solid answers. In short, many companies don't understand what they have out there on the Internet.
An example of this was when recently, we performed a footprinting exercise for a client, that focused heavily on the WHOIS data. We broke the results down into its most granular form, even focusing on the registrant and registrar data. This particular client then picked up that a rogue business unit was operating outside of senior management control and knowledge and leveraging off the parent company's name and brand.
This was picked up through the registrant email being different from the rest. Small detail but increasingly significant.
Secondly, we at SensePost believe in the most effective way of performing a task. Sure, you can do what Yeti achieves using command line techniques, but let's be honest here and admit this process is tedious and laborious. One shouldn't struggle in getting the data - one should rather put effort into analysing the results and applying them to the problem at hand.
Remember, technology scales - people don't. There is no shame in making use of technology to do manual labour.
Thirdly, at SensePost, the necessity was also driven by a depreciated Bidiblah. The 'Blah' was the flagship tool for fingerprinting for many years and, at the time, ahead in its class. But recently it has had problems walking up stairs and we now feel it's time for it to spend long days playing cards in a retirement home.
A question that hasn't been asked of us yet is: "Why should we follow the blog?, I don't care about your product!". Simply put, we will be using this blog to keep you updated about all aspects of Yeti's development, techniques that can be used and any other interesting tips we think you'd enjoy knowing about. Several of the techniques used in Yeti consist of rudimentary command line driven derivatives and these techniques will be discussed at a future date.
So there you have it, our approach at SensePost to footprinting is now available as a tool for the community.
Happy digging.
Tuesday, February 8, 2011
New tutorial added...
Added a tutorial on "Domain Expansion". Please read it, and let me know what you think, both of the tutorial as well as Yeti's functionality.
./w
./w
Friday, February 4, 2011
progress report...
Hi, like Evert said, some gremlins did creep in, in the last release. Sorry about that.
I've spend some time now to try and sort out as many issues as possible, but for now here is a list of some of the changes what was made:
From the next release on Monday 7th, '11 I will start including proper release notes with a detailed description of changes that was made.
Hope you are having fun so far.
./w
I've spend some time now to try and sort out as many issues as possible, but for now here is a list of some of the changes what was made:
- Improved forward lookups, it should be noticeably faster now
- I've you click the view button on the job progress panel, it will switch tabs for you now
- "Clear" button on the result screen is fixed
- "Check all" checkbox is also fixed now
- You can now save your footprints as SQLite db files and reopen them
From the next release on Monday 7th, '11 I will start including proper release notes with a detailed description of changes that was made.
Hope you are having fun so far.
./w
Thursday, February 3, 2011
The joys of putting it out there
So, thanks to Blogspot's "would you like Google to index this site automagically" we have had a couple of hits on the site. And a couple of downloads. And with that a couple of suggestions. Several of them were about the ForwardLookup module that seems to be flaky.
Embarrassing yes but this is the nature of everyday software development. The only difference is that on the Internet, the issues can be highlighted so much quicker.
But never fear, ./w is on it - I am hearing mutterings about netbeans and the such but a good carpenter never criticizes his tools :). We will blog when a fix is available.
Happy digging.
Wednesday, February 2, 2011
And another thing ...
Added the link to the BING API key download site, to the "Getting Started" page. You really would want to add this to your Yeti configuration.
Bug fix #1
Hi just a quick post, there was a performance issue with the "Domain expand" function, managed to sort that out and in the process got a 400% speed increase. Jip you can blame that one on me!
The file is up so. download it, and let me know...
The file is up so. download it, and let me know...
Tuesday, February 1, 2011
First tutorial - Getting started
The first tutorial page has been added "Getting started" deals with the setup and startup of the Yeti application.
Please check it out, and let us know if you found it useful/useless and what might be missing
./w
Please check it out, and let us know if you found it useful/useless and what might be missing
./w
... and here we go!!!
It's FINALLY here, the first beta version of the JYeti client, it's been awhile coming but here it is.
This version contains the basic set of functionality that we require for doing footprint, these include
...
Some stuff that got left out of this release is the Netblocks editor, vitality scanner and the GeoLocations, this will be in the next release that is ear marked for next week.
Some things to keep in mind...
When you start the app for the firt time it will present you with a config screen where you need to fill in some information
As for bug/special behavior, please report them directly to me (./w or willem@sensepost.com) or (Evetar or evert@sensepost.com) and we will try and sort them out as soon as non-humanly possible.
As for help files/tutorials, there isn't currently any, HOWEVER, over the course of the next couple of days I will be releasing some clips/tutorials that will deal with every aspect of the application, so don't despair, just bookmark the feed :)
As for feature requests, all of them will be welcomed and considered.
So here we go, grab the file from here [download] and have a ton of fun
./w
This version contains the basic set of functionality that we require for doing footprint, these include
...
- Top level domain expansion (tld expand)
- Forward lookups (mx,ns,a,cname and zone transfers)
- Reverse lookups (ptr records)
- Cert Extraction (getting the common name, and domain from ssl cert)
- Bing IP/Site searches
Some stuff that got left out of this release is the Netblocks editor, vitality scanner and the GeoLocations, this will be in the next release that is ear marked for next week.
Some things to keep in mind...
When you start the app for the firt time it will present you with a config screen where you need to fill in some information
- Microsoft BING api key, you need to grab 1 from the Bing developers site http://www.bing.com/developers/appids.aspx
- The forward bruteforce lookup files, in the tar.bz2 file you download you find a directory named "bruteforcedata" just add the path to that directory
- The tld expand tld list is also supplied inside the tar.bz2 file and it can be located under the "tlddata"
- Java Runtime 1.6 yip, this is a java app so sadly you are going to have to install it
As for bug/special behavior, please report them directly to me (./w or willem@sensepost.com) or (Evetar or evert@sensepost.com) and we will try and sort them out as soon as non-humanly possible.
As for help files/tutorials, there isn't currently any, HOWEVER, over the course of the next couple of days I will be releasing some clips/tutorials that will deal with every aspect of the application, so don't despair, just bookmark the feed :)
As for feature requests, all of them will be welcomed and considered.
So here we go, grab the file from here [download] and have a ton of fun
./w
Monday, January 31, 2011
Count down...
We are almost there, some slight little niggles here and there cause some minor delays. But if all goes well, and some sales people provides me with a price on that cute little app that I need to go live, we should roll out the first version of our community addition within the next day or 2.
So please hold on tight, the ride is about to start...
So please hold on tight, the ride is about to start...
Tuesday, January 25, 2011
First Post
Welcome to the Yeti blogspot. For the next number of months, years even, we will entertain you with the growing pains of putting a new tool in the market-space AS WELL AS interesting tit-bits about Internet Intelligence Gathering.
The immediate concern for me is the logo - branding is paramount. It is interesting to note that companies like Nike, Playboy, Starbucks and Apple have one thing in common - no name with their logos. Something to live for. Probably cheaper to have logos without a name. Saving on ink and printing and all that.
But I digress. Yeti will be an exercise in utilising search engines, Java, sql reporting, plugins, cloud computing, the works. Exciting stuff.
Lets dig.
Subscribe to:
Posts (Atom)