CGI Scanner v1.1: A simple script to scan for CGI scripts with known vulnerabilities. Based on cgichk1.51.1.c by su1d sh3ll. This time written in REBOL
9856b18025bfb6e650d4d69f489a1fef169777a80b4fd692bb39699f23962f81
REBOL [
Title: "CGI Scanner"
Author: "Epicurus"
Date: 10-June-1999
File: %cgichk.r
Purpose: {To scan a domain for CGI scripts with known vulnerabilities.}
]
secure none
print "CGI Scanner [in Rebol] v1.1"
prin "Host: "
remote: input
scripts: [
%/cgi-bin/unlg1.1
%/cgi-bin/rwwwshell.pl
%/cgi-bin/phf
%/cgi-bin/Count.cgi
%/cgi-bin/test-cgi
%/cgi-bin/nph-test-cgi
%/cgi-bin/nph-publish
%/cgi-bin/php.cgi
%/cgi-bin/handler
%/cgi-bin/webgais
%/cgi-bin/websendmail
%/cgi-bin/webdist.cgi
%/cgi-bin/faxsurvey
%/cgi-bin/htmlscript
%/cgi-bin/pfdispaly.cgi
%/cgi-bin/perl.exe
%/cgi-bin/wwwboard.pl
%/cgi-bin/www-sql
%/cgi-bin/view-source
%/cgi-bin/campas
%/cgi-bin/aglimpse
%/cgi-bin/glimpse
%/cgi-bin/man.sh
%/cgi-bin/AT-admin.cgi
%/cgi-bin/filemail.pl
%/cgi-bin/maillist.pl
%/cgi-bin/jj
%/cgi-bin/info2www
%/cgi-bin/files.pl
%/cgi-bin/finger
%/cgi-bin/bnbform.cgi
%/cgi-bin/survey.cgi
%/cgi-bin/AnyForm2
%/cgi-bin/textcounter.pl
%/cgi-bin/classifieds.cgi
%/cgi-bin/environ.cgi
%/cgi-bin/wrap
%/cgi-bin/cgiwrap
%/cgi-bin/guestbook.cgi
%/cgi-bin/edit.pl
%/cgi-bin/perlshop.cgi
%/cgi-bin/anyboard.cgi
%/cgi-bin/webbbs.cgi
%/cgi-bin/environ.cgi
%/cgi-bin/whois_raw.cgi
%/_vti_inf.html
%/_vti_pvt/service.pwd
%/_vti_pvt/users.pwd
%/_vti_pvt/authors.pwd
%/_vti_pvt/administrators.pwd
%/_vti_bin/shtml.dll
%/_vti_bin/shtml.exe
%/cgi-dos/args.bat
%/cgi-win/uploader.exe
%/cgi-bin/rguest.exe
%/cgi-bin/wguest.exe
%/scripts/issadmin/bdir.htr
%/scripts/CGImail.exe
%/scripts/tools/newdsn.exe
%/scripts/fpcount.exe
%/scripts/counter.exe
%/cgi-bin/visadmin.exe
%/cfdocs/expelval/openfile.cfm
%/cfdocs/expelval/exprcalc.cfm
%/cfdocs/expelval/displayopenedfile.cfm
%/cfdocs/expelval/sendmail.cfm
%/iissamples/exair/howitworks/codebrws.asp
%/iissamples/sdk/asp/docs/codebrws.asp
%/msads/Samples/SELECTOR/showcode.asp
%/search97.vts
%/carbo.dll
]
script_names: [
%"UnlG - backdoor "
%"THC - backdoor "
%"phf "
%"Count.cgi "
%"test-cgi "
%"nph-test-cgi "
%"nph-publish "
%"php.cgi "
%"handler "
%"webgais "
%"websendmail "
%"webdist.cgi "
%"faxsurvey "
%"htmlscript "
%"pfdisplay "
%"perl.exe "
%"wwwboard.pl "
%"www-sql "
%"view-source "
%"campas "
%"aglimpse "
%"glimpse "
%"man.sh "
%"AT-admin.cgi "
%"filemail.pl "
%"maillist.pl "
%"jj "
%"info2www "
%"files.pl "
%"finger "
%"bnbform.cgi "
%"survey.cgi "
%"AnyForm2 "
%"textcounter.pl "
%"classifields.cgi"
%"environ.cgi "
%"wrap "
%"cgiwrap "
%"guestbook.cgi "
%"edit.pl "
%"perlshop.cgi "
%"anyboard.cgi "
%"webbbs.cgi "
%"environ.cgi "
%"whois_raw.cgi "
%"_vti_inf.html "
%"service.pwd "
%"users.pwd "
%"authors.pwd "
%"administrators "
%"shtml.dll "
%"shtml.exe "
%"args.bat "
%"uploader.exe "
%"rguest.exe "
%"wguest.exe "
%"bdir - samples "
%"CGImail.exe "
%"newdsn.exe "
%"fpcount.exe "
%"counter.exe "
%"visadmin.exe "
%"openfile.cfm "
%"exprcalc.cfm "
%"dispopenedfile "
%"sendmail.cfm "
%"codebrws.asp "
%"codebrws.asp 2 "
%"showcode.asp "
%"search97.vts "
%"carbo.dll "
]
i: 0
set '++ func ['word] [set word (get word) + 1]
for where 1 70 1 [
found: exists? the_url: join http:// [ remote pick scripts where ]
prin ["Searching for " pick script_names where " : "]
if found == yes [ print "Found!" ++ i]
if found == no [ print "Not Found"]
]
print ["Finished searching. Found " i " possible vulnerabilities."]