SensePost-Yeti

From aldeid
Jump to: navigation, search

Description

Yeti, developed by SensePost, enables to process requests from a given domain name. In the current release, the features are:

  • Domain discovery (TLD expansion)
  • Forward lookup brute forcing
  • Reverse lookups
  • Bing searching (IP: and SITE: searches)
  • SSL Certificate scraping
  • Web Spider
  • Exporting results to XLS format

Installation and configuration

Prerequisites

First install Java and Nmap.

Installation

$ cd /data/src/
$ wget http://www.sensepost.com/cms/resources/labs/tools/misc/jyeti-dist.tar.bz2
$ mkdir -p /pentest/enumeration/www/
$ tar -C /pentest/enumeration/www/ -xjvf jyeti-dist.tar.bz2

Configuration

Start Yeti

$ cd /pentest/enumeration/www/jyeti-dist/
$ java -jar JYeti.jar

You should be presented with a similar screen:

General

This tab enables to download and specify the path to following stuff:

Yeti-configuration-general.png

Domain expansion

This tab enables to specify the path to the TLD list file, initially located in the tlddata/ directory of your installation.

Yeti-configuration-domain-expansion.png

Forward/Reverse lookups

The installation comes with a dictionary containing a list of directories/files for brute forcing operations.

Yeti-configuration-forward-reverse-lookups.png

Cert stripping

Yeti-configuration-cert-stripping.png

Usage

Start Yeti

$ java -jar JYeti.jar

Domain Expand

This feature will look for valid domains from a provided root term (e.g. sensepost), by requesting a TLD file (initially in tlddata/tld (FullList).txt).

.
.med.ht
.sch.zm
.idv.tw
.gov.tn
.nsw.au
.gov.to
.wy.us
.name.et
...

Sensepost-yeti-domain-expand.png

Forward Lookup

Based on a list of words grouped by themes (colors, animals, ...), this feature enables to bruteforce the discovery of valid hosts from a domain name. For each entry, it displays the type of record (NS, MX, A)

Sensepost-yeti-forward-lookup.png

Cert Extraction

This feature extracts the information from certificates (https).

Sensepost-yeti-cert-extraction.png

Reverse Lookup

Do a reverse lookup of a group of IP addresses:

Sensepost-yeti-reverse-lookup.png

Bing Search

Uses the Bing API to request Bing search engine from a given domain or IP address.

Sensepost-yeti-bing-search.png

Web Spider

This feature parses a page and returns all domains contained in that page:

Sensepost-yeti-web-spider.png

Comments