#!/usr/bin/perl
################################################################
# cgiscanner.pl
#!/usr/bin/perl
################################################################
# #
# CGI scanner realizado en perl #
# Realizado por: Radikall (
# Hackers Mexico Team http://www.hackers-mexico.org #
# Basado en version C #
# #
################################################################
use Socket;
@cgi_scripts = ("GET /cgi-bin/unlg1.1 HTTP/1.0\n\n","GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n",
"GET /cgi-bin/phf HTTP/1.0\n\n","GET /cgi-bin/Count.cgi HTTP/1.0\n\n",
"GET /cgi-bin/test-cgi HTTP/1.0\n\n","GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n",
"GET /cgi-bin/nph-publish HTTP/1.0\n\n","GET /cgi-bin/php.cgi HTTP/1.0\n\n",
"GET /cgi-bin/handler HTTP/1.0\n\n","GET /cgi-bin/webgais HTTP/1.0\n\n",
"GET /cgi-bin/websendmail HTTP/1.0\n\n","GET /cgi-bin/webdist.cgi HTTP/1.0\n\n",
"GET /cgi-bin/faxsurvey HTTP/1.0\n\n","GET /cgi-bin/htmlscript HTTP/1.0\n\n",
"GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n","GET /cgi-bin/perl.exe HTTP/1.0\n\n",
"GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n","GET /cgi-bin/www-sql HTTP/1.0\n\n",
"GET /cgi-bin/view-source HTTP/1.0\n\n","GET /cgi-bin/campas HTTP/1.0\n\n",
"GET /cgi-bin/aglimpse HTTP/1.0\n\n","GET /cgi-bin/glimpse HTTP/1.0\n\n",
"GET /cgi-bin/man.sh HTTP/1.0\n\n","GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n",
"GET /cgi-bin/filemail.pl HTTP/1.0\n\n","GET /cgi-bin/maillist.pl HTTP/1.0\n\n",
"GET /cgi-bin/jj HTTP/1.0\n\n","GET /cgi-bin/info2www HTTP/1.0\n\n",
"GET /cgi-bin/files.pl HTTP/1.0\n\n","GET /cgi-bin/finger HTTP/1.0\n\n",
"GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n","GET /cgi-bin/survey.cgi HTTP/1.0\n\n",
"GET /cgi-bin/AnyForm2 HTTP/1.0\n\n","GET /cgi-bin/textcounter.pl HTTP/1.0\n\n",
"GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n","GET /cgi-bin/environ.cgi HTTP/1.0\n\n",
"GET /cgi-bin/wrap HTTP/1.0\n\n","GET /cgi-bin/cgiwrap HTTP/1.0\n\n",
"GET /cgi-bin/guestbook.cgi HTTP/1.0\n\n","GET /cgi-bin/edit.pl HTTP/1.0\n\n",
"GET /cgi-bin/perlshop.cgi HTTP/1.0\n\n","GET /cgi-bin/anyboard.cgi HTTP/1.0\n\n",
"GET /cgi-bin/webbbs.cgi HTTP/1.0\n\n","GET /cgi-bin/environ.cgi HTTP/1.0\n\n",
"GET /cgi-bin/whois_raw.cgi HTTP/1.0\n\n","GET /_vti_inf.html HTTP/1.0\n\n",
"GET /_vti_pvt/service.pwd HTTP/1.0\n\n","GET /_vti_pvt/users.pwd HTTP/1.0\n\n",
"GET /_vti_pvt/authors.pwd HTTP/1.0\n\n","GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n",
"GET /_vti_bin/shtml.dll HTTP/1.0\n\n","GET /_vti_bin/shtml.exe HTTP/1.0\n\n",
"GET /cgi-dos/args.bat HTTP/1.0\n\n","GET /cgi-win/uploader.exe HTTP/1.0\n\n",
"GET /cgi-bin/rguest.exe HTTP/1.0\n\n","GET /cgi-bin/wguest.exe HTTP/1.0\n\n",
"GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n","GET /scripts/CGImail.exe HTTP/1.0\n\n",
"GET /scripts/tools/newdsn.exe HTTP/1.0\n\n","GET /scripts/fpcount.exe HTTP/1.0\n\n",
"GET /scripts/counter.exe HTTP/1.0\n\n","GET /cgi-bin/visadmin.exe HTTP/1.0\n\n",
"GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n",
"GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n",
"GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n","GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n",
"GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n","GET /search97.vts HTTP/1.0\n\n",
"GET /carbo.dll HTTP/1.0\n\n");
@cgi_names = ("UnlG - backdoor ","THC - backdoor ",
"phf ","Count.cgi ","test-cgi ","nph-test-cgi ",
"nph-publish ","php.cgi ","handler ","webgais ",
"websendmail ","webdist.cgi ","faxsurvey ","htmlscript ",
"pfdisplay ","perl.exe ","wwwboard.pl ","www-sql ",
"view-source ","campas ","aglimpse ","glimpse ",
"man.sh ","AT-admin.cgi ","filemail.pl ","maillist.pl ",
"jj ","info2www ","files.pl ","finger ",
"bnbform.cgi ","survey.cgi ","AnyForm2 ","textcounter.pl ",
"classifields.cgi","environ.cgi ","wrap ","cgiwrap ",
"guestbook.cgi ","edit.pl ","perlshop.cgi ","anyboard.cgi ",
"webbbs.cgi ","environ.cgi ","whois_raw.cgi ","_vti_inf.html ",
"service.pwd ","users.pwd ","authors.pwd ","administrators ",
"shtml.dll ","shtml.exe ","args.bat ","uploader.exe ",
"rguest.exe ","wguest.exe ","bdir - samples ","CGImail.exe ",
"newdsn.exe ","fpcount.exe ","counter.exe ","visadmin.exe ",
"openfile.cfm ","exprcalc.cfm ","dispopenedfile ","sendmail.cfm ",
"codebrws.asp ","codebrws.asp 2 ","showcode.asp ","search97.vts ",
"carbo.dll ");
print "Scanner de CGI [en Perl] v1.1\n\n";
print "Host: ";
chomp($remote=<STDIN>);
print "HTTP Puerto [80]: ";
chomp($port=<STDIN>);
if($port eq "")
{
$port=80;
}
print "Guardar Log?(y/n)";
$yn=<STDIN>;
if($yn =~ /y/i)
{
$log = 1;
$logfile="$remote".".scan";
print "Guardar Log[$logfile]: ";
$file=<STDIN>;
chop($file) if $file =~ /\n$/;
if($file ne "")
{
$logfile=$file;
}
open(LOG,">>$logfile") || die("No se puede crear$logfile!");
print LOG "Scanning $remote port $port\n\n";
}
print "Presiona [enter] para chekar la version del httpd...\n";
$blah=<STDIN>;
$submit = "HEAD / HTTP/1.0\r\n\r\n";
if($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
&error("Puerto NO especificado.") unless $port;
$iaddr = inet_aton($remote) || &error("Fallo al buscar el Host: $remote");
$paddr = sockaddr_in($port, $iaddr) || &error("Ke chingados paso!");
$proto = getprotobyname('tcp') || &error("Imposible ir por protocall!");
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Fallo al abrir el socket: $!");
connect(SOCK, $paddr) || &error("No se puede conectar: $!");
send(SOCK,$submit,0);
while(<SOCK>)
{
print $_;
print LOG $_ if $log==1;
}
close(SOCK);
print "Presiona [enter] para chekar vulnerabilidades en CGI...\n";
$blah=<STDIN>;
$i=0;
foreach $cgi_script(@cgi_scripts)
{
print "Searching for @cgi_names[$i] : ";
print LOG "Searching for @cgi_names[$i] : " if $log==1;
$submit=$cgi_script;
&connect_n_check;
$i++;
}
if($bad_security>0)
{
print "Este Server tiene muchas vulnerabilidades.\n";
print LOG "Este Server tiene muchas vulnerabilidades.\n\n" if $log==1;
}
else
{
print "No se encontraron vulnerabilidades.\n";
print LOG "No hay vulnerabilidad de ningun CGI.\n\n" if $log==1;
}
close(LOG) if $log==1;
exit;
sub connect_n_check
{
if($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
&error("No port specified.") unless $port;
$iaddr = inet_aton($remote) || &error("Failed to find host: $remote");
$paddr = sockaddr_in($port, $iaddr) || &error("Some fucking thing!");
$proto = getprotobyname('tcp') || &error("Unable to get protocall!");
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
connect(SOCK, $paddr) || &error("No se puede Conectar: $!");
send(SOCK,$submit,0);
$check=<SOCK>;
($http,$code,$blah) = split(/ /,$check);
if($code == 200)
{
print "Found!\n";
print LOG "Found!\n" if $log==1;
$bad_security++;
}
else
{
print "No se encontro\n";
print LOG "No se econtro\n" if $log==1;
}
close(SOCK);
}
sub error
{
$error = shift(@_);
print "Error - $error\n";
print LOG "Error - $error\n\n" if $log==1;
close(LOG) if $log==1;
exit;
}����������������������������������������������������