cgichk.r

`REBOL [  
Title: "CGI Scanner"  
Author: "Epicurus"  
Date: 29-May-1999  
File: %cgichk.r  
Purpose: {To scan a domain for CGI scripts with known vulnerabilities.}  
]  
secure none  
print "CGI Scanner [in Rebol] v1.0"  
prin "Host: "  
remote: input  
  
scripts: [  
%/cgi-bin/rwwwshell.pl  
%/cgi-bin/phf  
%/cgi-bin/Count.cgi  
%/cgi-bin/test-cgi  
%/cgi-bin/nph-test-cgi  
%/cgi-bin/nph-publish  
%/cgi-bin/php.cgi  
%/cgi-bin/handler  
%/cgi-bin/webgais  
%/cgi-bin/websendmail  
%/cgi-bin/webdist.cgi  
%/cgi-bin/faxsurvey  
%/cgi-bin/htmlscript  
%/cgi-bin/pfdispaly.cgi  
%/cgi-bin/perl.exe  
%/cgi-bin/wwwboard.pl  
%/cgi-bin/www-sql  
%/cgi-bin/view-source  
%/cgi-bin/campas  
%/cgi-bin/aglimpse  
%/cgi-bin/glimpse  
%/cgi-bin/man.sh  
%/cgi-bin/AT-admin.cgi  
%/cgi-bin/filemail.pl  
%/cgi-bin/maillist.pl  
%/cgi-bin/jj  
%/cgi-bin/info2www  
%/cgi-bin/files.pl  
%/cgi-bin/finger  
%/cgi-bin/bnbform.cgi  
%/cgi-bin/survey.cgi  
%/cgi-bin/AnyForm2  
%/cgi-bin/textcounter.pl  
%/cgi-bin/classifieds.cgi  
%/cgi-bin/environ.cgi  
%/cgi-bin/wrap  
%/cgi-bin/cgiwrap  
%/cgi-bin/guestbook.cgi  
%/cgi-bin/edit.pl  
%/cgi-bin/perlshop.cgi  
%/_vti_inf.html  
%/_vti_pvt/service.pwd  
%/_vti_pvt/users.pwd  
%/_vti_pvt/authors.pwd  
%/_vti_pvt/administrators.pwd  
%/_vti_bin/shtml.dll  
%/_vti_bin/shtml.exe  
%/cgi-dos/args.bat  
%/cgi-win/uploader.exe  
%/cgi-bin/rguest.exe  
%/cgi-bin/wguest.exe  
%/scripts/issadmin/bdir.htr  
%/scripts/CGImail.exe  
%/scripts/tools/newdsn.exe  
%/scripts/fpcount.exe  
%/cfdocs/expelval/openfile.cfm  
%/cfdocs/expelval/exprcalc.cfm  
%/cfdocs/expelval/displayopenedfile.cfm  
%/cfdocs/expelval/sendmail.cfm  
%/iissamples/exair/howitworks/codebrws.asp  
%/iissamples/sdk/asp/docs/codebrws.asp  
%/msads/Samples/SELECTOR/showcode.asp  
%/search97.vts  
%/carbo.dll  
]  
  
script_names: [  
%"THC - backdoor "  
%"phf "  
%"Count.cgi "  
%"test-cgi "  
%"nph-test-cgi "  
%"nph-publish "  
%"php.cgi "  
%"handler "  
%"webgais "  
%"websendmail "  
%"webdist.cgi "  
%"faxsurvey "  
%"htmlscript "  
%"pfdisplay "  
%"perl.exe "  
%"wwwboard.pl "  
%"www-sql "  
%"view-source "  
%"campas "  
%"aglimpse "  
%"glimpse "  
%"man.sh "  
%"AT-admin.cgi "  
%"filemail.pl "  
%"maillist.pl "  
%"jj "  
%"info2www "  
%"files.pl "  
%"finger "  
%"bnbform.cgi "  
%"survey.cgi "  
%"AnyForm2 "  
%"textcounter.pl "  
%"classifields.cgi"  
%"environ.cgi "  
%"wrap "  
%"cgiwrap "  
%"guestbook.cgi "  
%"edit.pl "  
%"perlshop.cgi "  
%"_vti_inf.html "  
%"service.pwd "  
%"users.pwd "  
%"authors.pwd "  
%"administrators "  
%"shtml.dll "  
%"shtml.exe "  
%"args.bat "  
%"uploader.exe "  
%"rguest.exe "  
%"wguest.exe "  
%"bdir - samples "  
%"CGImail.exe "  
%"newdsn.exe "  
%"fpcount.exe "  
%"openfile.cfm "  
%"exprcalc.cfm "  
%"dispopenedfile "  
%"sendmail.cfm "  
%"codebrws.asp "  
%"codebrws.asp 2 "  
%"showcode.asp "  
%"search97.vts "  
%"carbo.dll "  
]  
  
i: 0  
  
set '++ func ['word] [set word (get word) + 1]  
  
for where 1 64 1 [  
  
found: exists? the_url: join http:// [ remote pick scripts where ]  
  
prin "Searching for " prin pick script_names where prin " : "  
if found == yes [ print "Found!" ++ i]  
if found == no [ print "Not Found"]  
]  
  
prin "Finished searching. Found " prin i print " possible vulnerabilities."  
  
  
  
  
  
  
  
  
`