Yeti – Footprinting your Network

FootprintsFootprinting” is a technique to gather information about information systems. The goal is to collect as much information as possible and correlate them to build some kind of “business card” of the target. Relevant information are: DNS names, network topologies, software versions, localization and much more. To achieve footprinting, lot of different tools are used to collect the information but their usage is really boring while performed manually. And, as human, we  are all lazy 😉

Sensepost is a South-African company which offers security services but also develops in their lab free tools to help infosec people to do their job. For a while, Sensepost developed also a commercial tool called BiDiBLAH (A trial version was also available). The main problem of BiDiBLAH was the limited supported platforms: Windows only (it was developed using .Net). A new product will soon replace BiDiBLAH and is called Yeti. The current beta version is available for free as a “community edition”. It looks like it will distributed as Maltego with a community and a commercial edition.

The first major change is the software support. Yeti is developed in Java and run on all the well-known operating systems flavors. Yeti proposes the following features:

  • Domain expansion – Based on a domain names list, it gathers information for all the available TLD (read from a list). Ex: rootshell.be, rootshell.org, rootshell.eu, rootshell.com, etc. Whois information is gathered and filters can be applied to search for relevant information.
  • Forward lookup – Extracts information from domains (MX records, etc)
  • Certification extraction – Extracts the SSL certificates from web sites.
  • Reverse lookup – Performs reverse IP lookup from IP lists.
  • IP/Site scan – Using the Microsoft Bing API, it extracts information based on domain names or IP addresses.

The interface is clean and very intuitive:

Yeti Screenshot
(Click to enlarge)

Yeti is a perfect tool to perform the reconnaissance phase before a pentest or a security assessment. A nice feature is the use of a GeoIP database to look for IP addresses and display your network on a world map. Yeti grabs information publicly available on the Internet and does not perform any intrusive actions. Big companies may have a huge amount of devices and resources online with remote offices in several countries, several websites. If you host applications in the cloud, it could also discover what are your “neighbours” (who share the same IP addresses as you).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.