cgivti.V2.pl

cgivti.V2.pl: Posted Aug 29, 2002; Authored by Lawrence Lavigne | Site neoerudition.net; This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services. Version 2 allows for Class C IP generation done "On The Fly" and a timeout scheme added thanks to MaB of Efnets #programmers.; tags | web, cgi; systems | unix; SHA-256 | 77770362b50cb7fe074dde751149a9cfecd9db1fbc1b7b09fc46c9ec41d2715f; Download | Favorite | View

cgivti.V2.pl

# Thanks to MaB of Efnets #programmers for helping clean up my code and reduce my 20 line Class C IP Generator
# to 10 lines of "On The Fly" code and his timeout scheme. 
 
print<<__MENU;

               NeoErudition Technologies
                 CGI VTI Mass Scanner
               
                 By: Lawrence Lavigne
                          MaB
               
               
__MENU

use strict;
use diagnostics;
use warnings;
use LWP::UserAgent;
my $hostsfile;
my $host;
my @hosts;
my $userresp;
my $url;
my $class;
my $x;
my @checks = (  "http://HOST/_vti_pvt/service.grp",
    "http://HOST/_vti_pvt/authors.pwd",
    "http://HOST/cgi-bin/password.txt",
    "http://HOST/_vti_pvt/service.pwd",
    "http://HOST/_vti_pvt/users.pwd",
    "http://HOST/_vti_pvt/administrator.pwd",
    "http://HOST/_vti_pvt/administrators.pwd",
    "http://HOST/cgi-win/uploader.exe",
    "http://HOST/cgi-bin/upload.pl",
    "http://HOST/cgi-bin/whois_raw.cgi?",
    "http://HOST/cgi-bin/passwd",
    "http://HOST/cgi-bin/passwd.txt",
    "http://HOST/cgi-bin/handler.cgi",
    "http://HOST/cgi-bin/handler",
    "http://HOST/cgi-bin/files.pl",
    "http://HOST/msadc/Samples/SELECTOR/showcode.asp",
    "http://HOST/msadc/Samples/selector/showcode.asp",
    "http://HOST/session/adminlogin?");
my $ua = LWP::UserAgent->new(agent => "VTI Scan", env_proxy => 1, keep_alive => 1,timeout => 5);

print "Class C Range To Be Scanned (ie 10.1.101): ";
$class = <STDIN>;
chomp($class);
if ($class =~ /\d+\.\d+\.\d+/) {
  print "Adding $class.* to hosts list...\n\n";
  for ($x = 1; $x < 255; $x++) {
    push @hosts, "$class.$x";
  }
} else {
  print "Error: Invalid class syntax.";
  exit;
}

print qq(CGI/VTI Scan Initiated..\n);
print qq(Output Saved To CGIVTI.log.\n\n);
foreach $host (@hosts) {
  foreach (@checks) {
    $url = $_;
    $url =~ s/HOST/$host/;
    print qq(:: Checking $url...\n);
    my $response = $ua->get($url);
    if ($response->is_success) {
      print $response->content;
      open(OUT, ">>CGIVTI.log");
      print OUT $url;
      close OUT;
    } else {
      print qq(Not Vulnerable..\n\n);
    }
  }
}
<>

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

cgivti.V2.pl

cgivti.V2.pl

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

cgivti.V2.pl

Share This

cgivti.V2.pl

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems