cgivti.V2.pl

cgivti.V2.pl: Posted Aug 29, 2002; Authored by Lawrence Lavigne | Site neoerudition.net; This scanner searches for vulnerable web servers for Common Gateway Interface and Vermeer Technology Incorporated services. Version 2 allows for Class C IP generation done "On The Fly" and a timeout scheme added thanks to MaB of Efnets #programmers.; tags | web, cgi; systems | unix; SHA-256 | 77770362b50cb7fe074dde751149a9cfecd9db1fbc1b7b09fc46c9ec41d2715f; Download | Favorite | View

cgivti.V2.pl

# Thanks to MaB of Efnets #programmers for helping clean up my code and reduce my 20 line Class C IP Generator
# to 10 lines of "On The Fly" code and his timeout scheme. 
 
print<<__MENU;

               NeoErudition Technologies
                 CGI VTI Mass Scanner
               
                 By: Lawrence Lavigne
                          MaB
               
               
__MENU

use strict;
use diagnostics;
use warnings;
use LWP::UserAgent;
my $hostsfile;
my $host;
my @hosts;
my $userresp;
my $url;
my $class;
my $x;
my @checks = (  "http://HOST/_vti_pvt/service.grp",
    "http://HOST/_vti_pvt/authors.pwd",
    "http://HOST/cgi-bin/password.txt",
    "http://HOST/_vti_pvt/service.pwd",
    "http://HOST/_vti_pvt/users.pwd",
    "http://HOST/_vti_pvt/administrator.pwd",
    "http://HOST/_vti_pvt/administrators.pwd",
    "http://HOST/cgi-win/uploader.exe",
    "http://HOST/cgi-bin/upload.pl",
    "http://HOST/cgi-bin/whois_raw.cgi?",
    "http://HOST/cgi-bin/passwd",
    "http://HOST/cgi-bin/passwd.txt",
    "http://HOST/cgi-bin/handler.cgi",
    "http://HOST/cgi-bin/handler",
    "http://HOST/cgi-bin/files.pl",
    "http://HOST/msadc/Samples/SELECTOR/showcode.asp",
    "http://HOST/msadc/Samples/selector/showcode.asp",
    "http://HOST/session/adminlogin?");
my $ua = LWP::UserAgent->new(agent => "VTI Scan", env_proxy => 1, keep_alive => 1,timeout => 5);

print "Class C Range To Be Scanned (ie 10.1.101): ";
$class = <STDIN>;
chomp($class);
if ($class =~ /\d+\.\d+\.\d+/) {
  print "Adding $class.* to hosts list...\n\n";
  for ($x = 1; $x < 255; $x++) {
    push @hosts, "$class.$x";
  }
} else {
  print "Error: Invalid class syntax.";
  exit;
}

print qq(CGI/VTI Scan Initiated..\n);
print qq(Output Saved To CGIVTI.log.\n\n);
foreach $host (@hosts) {
  foreach (@checks) {
    $url = $_;
    $url =~ s/HOST/$host/;
    print qq(:: Checking $url...\n);
    my $response = $ua->get($url);
    if ($response->is_success) {
      print $response->content;
      open(OUT, ">>CGIVTI.log");
      print OUT $url;
      close OUT;
    } else {
      print qq(Not Vulnerable..\n\n);
    }
  }
}
<>

Top Authors In Last 30 Days

Red Hat 227 files
Ubuntu 96 files
Gentoo 33 files
Debian 23 files
Google Security Research 19 files
Mirabbas Agalarov 17 files
indoushka 15 files
Apple 9 files
CraCkEr 9 files
Ivan Fratric 8 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,776)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,626)
UNIX (9,236)
UnixWare (186)
Windows (6,555)
Other

cgivti.V2.pl

cgivti.V2.pl

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

cgivti.V2.pl

Share This

cgivti.V2.pl

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems