Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- ################################################################
- # #
- # CGI scanner realizado en perl #
- # Realizado por: Radikall (Radikall@hackers-mexico.org) #
- # Hackers Mexico Team http://www.hackers-mexico.org #
- # Basado en version C #
- # #
- ################################################################
- use Socket;
- @cgi_scripts = ("GET /cgi-bin/unlg1.1 HTTP/1.0\n\n","GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n",
- "GET /cgi-bin/phf HTTP/1.0\n\n","GET /cgi-bin/Count.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/test-cgi HTTP/1.0\n\n","GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n",
- "GET /cgi-bin/nph-publish HTTP/1.0\n\n","GET /cgi-bin/php.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/handler HTTP/1.0\n\n","GET /cgi-bin/webgais HTTP/1.0\n\n",
- "GET /cgi-bin/websendmail HTTP/1.0\n\n","GET /cgi-bin/webdist.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/faxsurvey HTTP/1.0\n\n","GET /cgi-bin/htmlscript HTTP/1.0\n\n",
- "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n","GET /cgi-bin/perl.exe HTTP/1.0\n\n",
- "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n","GET /cgi-bin/www-sql HTTP/1.0\n\n",
- "GET /cgi-bin/view-source HTTP/1.0\n\n","GET /cgi-bin/campas HTTP/1.0\n\n",
- "GET /cgi-bin/aglimpse HTTP/1.0\n\n","GET /cgi-bin/glimpse HTTP/1.0\n\n",
- "GET /cgi-bin/man.sh HTTP/1.0\n\n","GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/filemail.pl HTTP/1.0\n\n","GET /cgi-bin/maillist.pl HTTP/1.0\n\n",
- "GET /cgi-bin/jj HTTP/1.0\n\n","GET /cgi-bin/info2www HTTP/1.0\n\n",
- "GET /cgi-bin/files.pl HTTP/1.0\n\n","GET /cgi-bin/finger HTTP/1.0\n\n",
- "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n","GET /cgi-bin/survey.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n","GET /cgi-bin/textcounter.pl HTTP/1.0\n\n",
- "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n","GET /cgi-bin/environ.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/wrap HTTP/1.0\n\n","GET /cgi-bin/cgiwrap HTTP/1.0\n\n",
- "GET /cgi-bin/guestbook.cgi HTTP/1.0\n\n","GET /cgi-bin/edit.pl HTTP/1.0\n\n",
- "GET /cgi-bin/perlshop.cgi HTTP/1.0\n\n","GET /cgi-bin/anyboard.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/webbbs.cgi HTTP/1.0\n\n","GET /cgi-bin/environ.cgi HTTP/1.0\n\n",
- "GET /cgi-bin/whois_raw.cgi HTTP/1.0\n\n","GET /_vti_inf.html HTTP/1.0\n\n",
- "GET /_vti_pvt/service.pwd HTTP/1.0\n\n","GET /_vti_pvt/users.pwd HTTP/1.0\n\n",
- "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n","GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n",
- "GET /_vti_bin/shtml.dll HTTP/1.0\n\n","GET /_vti_bin/shtml.exe HTTP/1.0\n\n",
- "GET /cgi-dos/args.bat HTTP/1.0\n\n","GET /cgi-win/uploader.exe HTTP/1.0\n\n",
- "GET /cgi-bin/rguest.exe HTTP/1.0\n\n","GET /cgi-bin/wguest.exe HTTP/1.0\n\n",
- "GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n","GET /scripts/CGImail.exe HTTP/1.0\n\n",
- "GET /scripts/tools/newdsn.exe HTTP/1.0\n\n","GET /scripts/fpcount.exe HTTP/1.0\n\n",
- "GET /scripts/counter.exe HTTP/1.0\n\n","GET /cgi-bin/visadmin.exe HTTP/1.0\n\n",
- "GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n",
- "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n",
- "GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n","GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n",
- "GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n","GET /search97.vts HTTP/1.0\n\n",
- "GET /carbo.dll HTTP/1.0\n\n");
- @cgi_names = ("UnlG - backdoor ","THC - backdoor ",
- "phf ","Count.cgi ","test-cgi ","nph-test-cgi ",
- "nph-publish ","php.cgi ","handler ","webgais ",
- "websendmail ","webdist.cgi ","faxsurvey ","htmlscript ",
- "pfdisplay ","perl.exe ","wwwboard.pl ","www-sql ",
- "view-source ","campas ","aglimpse ","glimpse ",
- "man.sh ","AT-admin.cgi ","filemail.pl ","maillist.pl ",
- "jj ","info2www ","files.pl ","finger ",
- "bnbform.cgi ","survey.cgi ","AnyForm2 ","textcounter.pl ",
- "classifields.cgi","environ.cgi ","wrap ","cgiwrap ",
- "guestbook.cgi ","edit.pl ","perlshop.cgi ","anyboard.cgi ",
- "webbbs.cgi ","environ.cgi ","whois_raw.cgi ","_vti_inf.html ",
- "service.pwd ","users.pwd ","authors.pwd ","administrators ",
- "shtml.dll ","shtml.exe ","args.bat ","uploader.exe ",
- "rguest.exe ","wguest.exe ","bdir - samples ","CGImail.exe ",
- "newdsn.exe ","fpcount.exe ","counter.exe ","visadmin.exe ",
- "openfile.cfm ","exprcalc.cfm ","dispopenedfile ","sendmail.cfm ",
- "codebrws.asp ","codebrws.asp 2 ","showcode.asp ","search97.vts ",
- "carbo.dll ");
- print "Scanner de CGI [en Perl] v1.1\n\n";
- print "Host: ";
- chomp($remote=<STDIN>);
- print "HTTP Puerto [80]: ";
- chomp($port=<STDIN>);
- if($port eq "")
- {
- $port=80;
- }
- print "Guardar Log?(y/n)";
- $yn=<STDIN>;
- if($yn =~ /y/i)
- {
- $log = 1;
- $logfile="$remote".".scan";
- print "Guardar Log[$logfile]: ";
- $file=<STDIN>;
- chop($file) if $file =~ /\n$/;
- if($file ne "")
- {
- $logfile=$file;
- }
- open(LOG,">>$logfile") || die("No se puede crear$logfile!");
- print LOG "Scanning $remote port $port\n\n";
- }
- print "Presiona [enter] para chekar la version del httpd...\n";
- $blah=<STDIN>;
- $submit = "HEAD / HTTP/1.0\r\n\r\n";
- if($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
- &error("Puerto NO especificado.") unless $port;
- $iaddr = inet_aton($remote) || &error("Fallo al buscar el Host: $remote");
- $paddr = sockaddr_in($port, $iaddr) || &error("Ke chingados paso!");
- $proto = getprotobyname('tcp') || &error("Imposible ir por protocall!");
- socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Fallo al abrir el socket: $!");
- connect(SOCK, $paddr) || &error("No se puede conectar: $!");
- send(SOCK,$submit,0);
- while(<SOCK>)
- {
- print $_;
- print LOG $_ if $log==1;
- }
- close(SOCK);
- print "Presiona [enter] para chekar vulnerabilidades en CGI...\n";
- $blah=<STDIN>;
- $i=0;
- foreach $cgi_script(@cgi_scripts)
- {
- print "Searching for @cgi_names[$i] : ";
- print LOG "Searching for @cgi_names[$i] : " if $log==1;
- $submit=$cgi_script;
- &connect_n_check;
- $i++;
- }
- if($bad_security>0)
- {
- print "Este Server tiene muchas vulnerabilidades.\n";
- print LOG "Este Server tiene muchas vulnerabilidades.\n\n" if $log==1;
- }
- else
- {
- print "No se encontraron vulnerabilidades.\n";
- print LOG "No hay vulnerabilidad de ningun CGI.\n\n" if $log==1;
- }
- close(LOG) if $log==1;
- exit;
- sub connect_n_check
- {
- if($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
- &error("No port specified.") unless $port;
- $iaddr = inet_aton($remote) || &error("Failed to find host: $remote");
- $paddr = sockaddr_in($port, $iaddr) || &error("Some fucking thing!");
- $proto = getprotobyname('tcp') || &error("Unable to get protocall!");
- socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
- connect(SOCK, $paddr) || &error("No se puede Conectar: $!");
- send(SOCK,$submit,0);
- $check=<SOCK>;
- ($http,$code,$blah) = split(/ /,$check);
- if($code == 200)
- {
- print "Found!\n";
- print LOG "Found!\n" if $log==1;
- $bad_security++;
- }
- else
- {
- print "No se encontro\n";
- print LOG "No se econtro\n" if $log==1;
- }
- close(SOCK);
- }
- sub error
- {
- $error = shift(@_);
- print "Error - $error\n";
- print LOG "Error - $error\n\n" if $log==1;
- close(LOG) if $log==1;
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement