Yeti, developed by SensePost, enables to process requests from a given domain name. In the current release, the features are:
- Domain discovery (TLD expansion)
- Forward lookup brute forcing
- Reverse lookups
- Bing searching (IP: and SITE: searches)
- SSL Certificate scraping
- Web Spider
- Exporting results to XLS format
Installation and configuration
First install Java and Nmap.
$ cd /data/src/ $ wget http://www.sensepost.com/cms/resources/labs/tools/misc/jyeti-dist.tar.bz2 $ mkdir -p /pentest/enumeration/www/ $ tar -C /pentest/enumeration/www/ -xjvf jyeti-dist.tar.bz2
$ cd /pentest/enumeration/www/jyeti-dist/ $ java -jar JYeti.jar
You should be presented with a similar screen:
This tab enables to download and specify the path to following stuff:
This tab enables to specify the path to the TLD list file, initially located in the tlddata/ directory of your installation.
The installation comes with a dictionary containing a list of directories/files for brute forcing operations.
$ java -jar JYeti.jar
This feature will look for valid domains from a provided root term (e.g. sensepost), by requesting a TLD file (initially in tlddata/tld (FullList).txt).
. .med.ht .sch.zm .idv.tw .gov.tn .nsw.au .gov.to .wy.us .name.et ...
Based on a list of words grouped by themes (colors, animals, ...), this feature enables to bruteforce the discovery of valid hosts from a domain name. For each entry, it displays the type of record (NS, MX, A)
This feature extracts the information from certificates (https).
Do a reverse lookup of a group of IP addresses:
Uses the Bing API to request Bing search engine from a given domain or IP address.
This feature parses a page and returns all domains contained in that page: