Section: .. / UNIX / cgi-scanners /
| /// File Name: |
cst1_3.tar.gz |
Description:
|
CST contains a script scanner, that scans using a database of scripts (user editable). The sample databases included contains +700 possibly vulnerable scripts/dirs. You can scan with or without a proxy server. The scanner has 11 different Anti-IDS tactics (hex-values, double slashes, self-reference dirs, parameter hiding and session splicing), and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a wait time between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. A full and comprehensive manual is included.
| | Author: | Toxic Ocean | | Homepage: | http://www.blackhat.be | | File Size: | 21332 | | Last Modified: | Apr 24 20:21:19 2001 |
| MD5 Checksum: | 4956b51499007de6c31e5fd22699dbfe |
|
| /// File Name: |
cst1_4.tar.gz |
Description:
|
CST is a java based web scanner that scans using a database of scripts (user editable). The sample databases included contains +1600 possibly vulnerable scripts/dirs. You can scan with or without a proxy server. The scanner has 11 different Anti-IDS tactics and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a wait time between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. A full and comprehensive manual is included.
| | Author: | Toxic Ocean | | Homepage: | http://www.blackhat.be | | File Size: | 30076 | | Last Modified: | Dec 28 20:19:01 2002 |
| MD5 Checksum: | dd65552d1d225d11a0cddb0db3755a27 |
|
| /// File Name: |
cuinapache.c |
Description:
|
ChecaUserinApache - A utility that makes use of the 401 error page in Apache to verify whether or not a user exists on that system.
| | Author: | m4rc3l0 | | File Size: | 2556 | | Last Modified: | Sep 10 00:35:06 2002 |
| MD5 Checksum: | 241c60d5e695ce71f4548828fc12ccdd |
|
| /// File Name: |
exp.dat |
Description:
|
The new updated version of database exp.dat for CGI scanner voideye is out (109 buggy scripts onboard).
| | Homepage: | http://void.hs.ru/toolz/voideye/ | | File Size: | 5247 | | Last Modified: | Nov 3 23:37:25 1999 |
| MD5 Checksum: | 750a3f70fb15ac819a0d4a1a68c6cbee |
|
| /// File Name: |
flatline-0.75.tar.gz |
Description:
|
Flatline is a Web Server vulnerability scanner, beta version for linux, BSD. Options include mass host scanning, scanning through proxies, Detection evasion, quick banner grab scans, interactive mode to send specific url's. Also includes sample exploit database if a vulnerable file is found it will print a BugTraq ID or way to exploit the file. This is a semi beta release lots of new things to come.
| | Homepage: | http://www.c1sco.net/flatline | | File Size: | 6050 | | Last Modified: | Jan 15 00:51:39 2001 |
| MD5 Checksum: | 26277c6cc02b7186ba268a0b2ae46b3d |
|
| /// File Name: |
Guile-scan.c |
Description:
|
Cgi Scan v3.1: scans for vulnerable web servers. Based on Ech0's cgi scanner, modified and re-written by Guilecool (### - ircNET - ImperialS). Scans 44 known vulnerabilities.
| | File Size: | 8388 | | Last Modified: | Sep 29 16:03:11 1999 |
| MD5 Checksum: | bbc48a743d8c50f168c2a825604b1afc |
|
| /// File Name: |
hsh-gen.tar.gz |
Description:
|
hsh-gen is a script used to create shell wrappers to assist in exploitation of remote execution via directory traversal attacks on cgi scripts.
| | Author: | nummish | | Homepage: | http://www.0x90.org | | File Size: | 4259 | | Last Modified: | Jul 16 13:12:00 2004 |
| MD5 Checksum: | 32d966d86a9386fbf00c78e70f9a165a |
|
| /// File Name: |
HTTP-XpsScanner.tgz |
Description:
|
HTTP-XpsScanner scans a remote webserver for 77 vulnerable cgi scripts.
| | Author: | Wildcoyote | | File Size: | 4547 | | Last Modified: | Feb 25 15:29:43 2000 |
| MD5 Checksum: | 25ca587d113cca147b06c9fd950642bc |
|
| /// File Name: |
httpdtype-0.02.tar.gz |
Description:
|
httpdtype is a utility for finding out which type of web server is running on a given host.
| | Author: | Steffen Solyga. | | File Size: | 12020 | | Last Modified: | Aug 16 20:13:34 1999 |
| MD5 Checksum: | 019990003464692237b96a45c656e94f |
|
| /// File Name: |
httpdtype-0.05.tar.gz |
Description:
|
httpdtype v0.05 is a utility used to find out what type of web server a remote host is running.
| | Author: | Steffen Solyga. | | File Size: | 13295 | | Last Modified: | Aug 16 20:13:34 1999 |
| MD5 Checksum: | 9000f70fefe1bae26174ae5ecf0c6ef8 |
|
| /// File Name: |
httpdtype-0.07.tar.gz |
Description:
|
httpdtype v0.05 is a utility used to find out what type of web server a remote host is running.
| | Author: | Steffen Solyga. | | File Size: | 13704 | | Last Modified: | Aug 16 20:13:34 1999 |
| MD5 Checksum: | 4f09397e5b89c82849df0f62a4ef6d5f |
|
| /// File Name: |
httpscan-v200.c |
Description:
|
Httpscan scans web servers for version and server type. Takes input from a file. Changes for v2.01 some options for diferent ports and logging.
| | Author: | Skemet | | File Size: | 5120 | | Last Modified: | Oct 29 12:29:13 1999 |
| MD5 Checksum: | f835ca9a299f8b172f8fd5daa43ebd32 |
|
| /// File Name: |
httpscan.c |
Description:
|
Httpscan scans web servers for version and server type. Takes input from a file.
| | Author: | Skemet | | File Size: | 2893 | | Last Modified: | Oct 12 17:11:17 1999 |
| MD5 Checksum: | 5332ab0922498a9039142fd440602562 |
|
| /// File Name: |
httpservertype-0.01.tar.gz |
Description:
|
httpservertype is a utility used to determine (fingerprint) the type of web server a remote host is running (ala Netcraft.com).
| | Author: | Steffen Solyga. | | File Size: | 11555 | | Last Modified: | Aug 16 20:13:34 1999 |
| MD5 Checksum: | 0906feb1fb23fbba74d0f1d8a2875050 |
|
| /// File Name: |
httpver.c |
Description:
|
Unavailable.
| | File Size: | 1471 | | Last Modified: | Aug 16 20:13:34 1999 |
| MD5 Checksum: | 4d0bb114a3f53ea04ce34e92b41c0c3a |
|
| /// File Name: |
IISscan2002.pl |
Description:
|
IISscan2002.pl scans for over 97 IIS strings and gets past certain IIS 4 an IIS 5 unicode charter set hot fixes as well as the ability to get cmd.exe access on open IIS servers vulnerable to the unicode flaw.
| | Author: | Thomas O'Connor | | Homepage: | http://www.thomasoconnor.net | | File Size: | 14211 | | Last Modified: | Sep 5 02:25:03 2002 |
| MD5 Checksum: | 8e660cf2c10b6fc3f34c06024fbd8443 |
|
| /// File Name: |
iss.c |
Description:
|
This tool can be used to scan IIS servers for the unicode directory traversal vulnerability.
| | Author: | Rammstein | | File Size: | 7329 | | Last Modified: | Sep 25 17:40:51 2002 |
| MD5 Checksum: | 9992afec563d973be3af36bcfa97c9f1 |
|
| /// File Name: |
kamikaze.c |
Description:
|
Kamikaze.c is a simple and small HTTP scanning tool. It is customizable and takes its input from a config file.
| | Author: | Interstellar Overdrive | | File Size: | 3244 | | Last Modified: | Sep 12 23:19:01 2000 |
| MD5 Checksum: | 8f66f52caa7dc37c1f7ddb840ec366cc |
|
| /// File Name: |
libwhisker-1.3.tar.gz |
Description:
|
Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing.
| | Author: | RFP | | Homepage: | http://www.wiretrip.net/rfp/p/doc.asp/i7/d21.htm | | File Size: | 62681 | | Last Modified: | Mar 31 01:25:32 2002 |
| MD5 Checksum: | 321791a97018d7ea19009201f1d6f59c |
|
| /// File Name: |
libwhisker-1.6.tar.gz |
Description:
|
Libwhisker is a perl module for performing whisker CGI vulnerability checks. It adds a vast array of functionality and has robust functions that are geared toward network auditing. Function reference available here. Changelog available here.
| | Author: | RFP | | Homepage: | http://www.wiretrip.net | | Changes: | Major fixes - All users should upgrade. | | File Size: | 78668 | | Last Modified: | Dec 6 05:34:26 2002 |
| MD5 Checksum: | 06ac9f0f28d5269c893937e03d342c64 |
|
| /// File Name: |
libwhisker-pr3.tgz |
Description:
|
Libwhisker is a perl module for performing whisker CGI vulnerability checks. This is a preview release.
| | Author: | RFP | | Homepage: | http://www.wiretrip.net | | File Size: | 21334 | | Last Modified: | Jul 18 21:28:51 2001 |
| MD5 Checksum: | 859aeb6d3a54ca680487199d965afd49 |
|
| /// File Name: |
malice-7.0b.tar.gz |
Description:
|
Malice v7.0 beta is a perl CGI scanner with an updated CGI list. Includes many anti-IDS functions, IIS checks, and more.
| | Author: | Natas | | Changes: | New anti-IDS techniques, updated CGI's, and IIS checks. | | File Size: | 5462 | | Last Modified: | Jul 11 03:52:15 2001 |
| MD5 Checksum: | 24d2a43a74c2329edd48d1ee7722736b |
|
| /// File Name: |
malice2.tgz |
Description:
|
Malice v2 scans for over 150 cgi vulnerabilities and uses anti-IDS tactics as discussed in RFP's famous whitepaper. Written in perl.
| | Author: | Natas | | Homepage: | http://kickme.to/security666 | | File Size: | 5308 | | Last Modified: | Jul 13 02:58:27 2000 |
| MD5 Checksum: | 1ff2bb1f8d16d739d8ad3f976a38f866 |
|
| /// File Name: |
malice5.2.pl |
Description:
|
Malice v.5.2 scans for over 238 cgi vulnerabilities and uses anti-IDS tactics as discussed in RFP's famous whitepaper. Written in perl. Checks for known bugs and interesting directories.
| | Author: | Natas | | Homepage: | http://rsh.defacements.com | | File Size: | 20861 | | Last Modified: | Oct 30 18:53:58 2000 |
| MD5 Checksum: | a4d376fae0f655e944297a37c0873461 |
|
| /// File Name: |
mcgi.tar.gz |
Description:
|
Mass CGI scanner. From Guile Cool.
| | File Size: | 37746 | | Last Modified: | Jan 25 02:40:26 2001 |
| MD5 Checksum: | 771d290353c4888a83b230a32b6fb27f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
