TSScgi.sh is a shell script which scans for vulnerable cgi scripts with the help of netcat.
66bd2915c38a890ba8c7d2a3ab7606b858d64e2c6618d0afe8f6502f11efa8e4
# TSScgi.sh
# usage : sh TSScgi.sh localhost 80
#
# Dedicated to my dog (Pleun) who doesn't feel well these
# days.... love you.
# -------------------------------------------------------
# Use at own risk!! You will not remain anonymous!!!!
#
# requires NetCat!!! (available at http://www.team-tss.org)
# -------------------------------------------------------
# Written by : GrAzEr1 of Team-TSS : GrAzEr1@team-tss.org
# -------------------------------------------------------
#!/bin/sh
logfile="log.txt"
cgi1=" /cgi-bin/phf"
cgi2=" /index.html"
cgi3=" /cgi-bin/test-cgi"
cgi4="/cgi-bin/nph-test-cgi"
cgi5=" /cgi-bin/finger"
cgi6=" /cgi-bin/campas"
cgi7="/_vti_pvt/service.pwd"
cgi8=" /cgi-bin/htmlscript"
# update vuln cgi's yourself
function check {
if grep 404 $logfile > /dev/null; then # only checks for 404, so found
echo " not found " # found warning may be wrong.
else echo " found!!"
fi
rm $logfile
}
echo "-[GrAzEr1 ::: Team - TSS CGI Scanner]-"
echo "-[ http://www.team-tss.org ]-"
echo "-[ #TSS IRCnet ]- "
sleep 3
echo
echo -n " Checking for: $cgi2 : "
(echo GET $cgi2) | nc $1 $2 > $logfile
check
echo -n " Checking for: $cgi3 : "
(echo GET $cgi3) | ((telnet $1 $2 > $logfile) > /dev/null)
check
echo -n " checking for: $cgi4 : "
(echo GET $cgi4) | nc $1 $2 > $logfile
check
echo -n " Checking for: $cgi5 : "
(echo GET $cgi5) | nc $1 $2 > $logfile
check
echo -n " Checking for: $cgi6 : "
(echo GET $cgi6) | nc $1 $2 > $logfile
check
echo -n " Checking for: $cgi7 : "
(echo GET $cgi7) | nc $1 $2 > $logfile
check
echo -n " Checking for: $cgi8 : "
(echo GET $cgi8) | nc $1 $2 > $logfile
check
echo ""
echo "-[ -- Scan Complete -- ]-"
echo ""