REBOL [
	Title: "CGI Scanner"
	Author: "Epicurus"
	Date:  10-June-1999
	File:  %cgichk.r
	Purpose: {To scan a domain for CGI scripts with known vulnerabilities.}
]
secure none
print "CGI Scanner [in Rebol] v1.1"
prin "Host: "
remote: input

scripts: [
	%/cgi-bin/unlg1.1
	%/cgi-bin/rwwwshell.pl
	%/cgi-bin/phf
	%/cgi-bin/Count.cgi
	%/cgi-bin/test-cgi
	%/cgi-bin/nph-test-cgi
	%/cgi-bin/nph-publish
	%/cgi-bin/php.cgi
	%/cgi-bin/handler
	%/cgi-bin/webgais
	%/cgi-bin/websendmail
	%/cgi-bin/webdist.cgi
	%/cgi-bin/faxsurvey
	%/cgi-bin/htmlscript
	%/cgi-bin/pfdispaly.cgi
	%/cgi-bin/perl.exe
	%/cgi-bin/wwwboard.pl
	%/cgi-bin/www-sql
	%/cgi-bin/view-source
	%/cgi-bin/campas
	%/cgi-bin/aglimpse
	%/cgi-bin/glimpse
	%/cgi-bin/man.sh
	%/cgi-bin/AT-admin.cgi
	%/cgi-bin/filemail.pl
	%/cgi-bin/maillist.pl
	%/cgi-bin/jj
	%/cgi-bin/info2www
	%/cgi-bin/files.pl
	%/cgi-bin/finger
	%/cgi-bin/bnbform.cgi
	%/cgi-bin/survey.cgi
	%/cgi-bin/AnyForm2
	%/cgi-bin/textcounter.pl
	%/cgi-bin/classifieds.cgi
	%/cgi-bin/environ.cgi
	%/cgi-bin/wrap
	%/cgi-bin/cgiwrap
	%/cgi-bin/guestbook.cgi
	%/cgi-bin/edit.pl
	%/cgi-bin/perlshop.cgi
	%/cgi-bin/anyboard.cgi
	%/cgi-bin/webbbs.cgi
	%/cgi-bin/environ.cgi
	%/cgi-bin/whois_raw.cgi
	%/_vti_inf.html
	%/_vti_pvt/service.pwd
	%/_vti_pvt/users.pwd
	%/_vti_pvt/authors.pwd
	%/_vti_pvt/administrators.pwd
	%/_vti_bin/shtml.dll
	%/_vti_bin/shtml.exe
	%/cgi-dos/args.bat
	%/cgi-win/uploader.exe
	%/cgi-bin/rguest.exe
	%/cgi-bin/wguest.exe
	%/scripts/issadmin/bdir.htr
	%/scripts/CGImail.exe
	%/scripts/tools/newdsn.exe
	%/scripts/fpcount.exe
	%/scripts/counter.exe
	%/cgi-bin/visadmin.exe
	%/cfdocs/expelval/openfile.cfm
	%/cfdocs/expelval/exprcalc.cfm
	%/cfdocs/expelval/displayopenedfile.cfm
	%/cfdocs/expelval/sendmail.cfm
	%/iissamples/exair/howitworks/codebrws.asp
	%/iissamples/sdk/asp/docs/codebrws.asp
	%/msads/Samples/SELECTOR/showcode.asp
	%/search97.vts
	%/carbo.dll
]

script_names: [
	%"UnlG - backdoor "
	%"THC - backdoor  "
	%"phf             "
	%"Count.cgi       "
	%"test-cgi        "
	%"nph-test-cgi    "
	%"nph-publish     "
	%"php.cgi         "
	%"handler         "
	%"webgais         "
	%"websendmail     "
	%"webdist.cgi     "
	%"faxsurvey       "
	%"htmlscript      "
	%"pfdisplay       "
	%"perl.exe        "
	%"wwwboard.pl     "
	%"www-sql         "
	%"view-source     "
	%"campas          "
	%"aglimpse        "
	%"glimpse         "
	%"man.sh          "
	%"AT-admin.cgi    "
	%"filemail.pl     "
	%"maillist.pl     "
	%"jj              "
	%"info2www        "
	%"files.pl        "
	%"finger          "
	%"bnbform.cgi     "
	%"survey.cgi      "
	%"AnyForm2        "
	%"textcounter.pl  "
	%"classifields.cgi"
	%"environ.cgi     "
	%"wrap            "
	%"cgiwrap         "
	%"guestbook.cgi   "
	%"edit.pl         "
	%"perlshop.cgi    "
	%"anyboard.cgi    "
	%"webbbs.cgi      "
	%"environ.cgi     "
	%"whois_raw.cgi   "
	%"_vti_inf.html   "
	%"service.pwd     "
	%"users.pwd       "
	%"authors.pwd     "
	%"administrators  "
	%"shtml.dll       "
	%"shtml.exe       "
	%"args.bat        "
	%"uploader.exe    "
	%"rguest.exe      "
	%"wguest.exe      "
	%"bdir - samples  "
	%"CGImail.exe     "
	%"newdsn.exe      "
	%"fpcount.exe     "
	%"counter.exe     "
	%"visadmin.exe    "
	%"openfile.cfm    "
	%"exprcalc.cfm    "
	%"dispopenedfile  "
	%"sendmail.cfm    "
	%"codebrws.asp    "
	%"codebrws.asp 2  "
	%"showcode.asp    "
	%"search97.vts    "
	%"carbo.dll       "
]

i: 0

set '++ func ['word] [set word (get word) + 1]

for where 1 70 1 [

found: exists? the_url: join http:// [ remote pick scripts where ]

prin ["Searching for " pick script_names where " : "]
if found == yes [ print "Found!" ++ i]
if found == no [ print "Not Found"]
]

print ["Finished searching. Found " i " possible vulnerabilities."]