#!/usr/bin/perl
# UNIX SCRIPTS ###################################################
@scripts_u = ("GET /cgi-bin/rwwwshell.pl HTTP/1.0\n\n","GET /cgi-bin/phf HTTP/1.0\n\n",
"GET /cgi-bin/Count.cgi HTTP/1.0\n\n","GET /cgi-bin/test-cgi HTTP/1.0\n\n",
"GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n","GET /cgi-bin/nph-publish HTTP/1.0\n\n",
"GET /cgi-bin/php.cgi HTTP/1.0\n\n","GET /cgi-bin/handler HTTP/1.0\n\n",
"GET /cgi-bin/webgais HTTP/1.0\n\n","GET /cgi-bin/websendmail HTTP/1.0\n\n",
"GET /cgi-bin/webdist.cgi HTTP/1.0\n\n","GET /cgi-bin/faxsurvey HTTP/1.0\n\n",
"GET /cgi-bin/htmlscript HTTP/1.0\n\n","GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n",
"GET /cgi-bin/perl.exe HTTP/1.0\n\n","GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n",
"GET /cgi-bin/www-sql HTTP/1.0\n\n","GET /cgi-bin/view-source HTTP/1.0\n\n",
"GET /cgi-bin/campas HTTP/1.0\n\n","GET /cgi-bin/aglimpse HTTP/1.0\n\n",
"GET /cgi-bin/glimpse HTTP/1.0\n\n","GET /cgi-bin/man.sh HTTP/1.0\n\n",
"GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n","GET /cgi-bin/filemail.pl HTTP/1.0\n\n",
"GET /cgi-bin/maillist.pl HTTP/1.0\n\n","GET /cgi-bin/jj HTTP/1.0\n\n",
"GET /cgi-bin/info2www HTTP/1.0\n\n","GET /cgi-bin/files.pl HTTP/1.0\n\n",
"GET /cgi-bin/finger HTTP/1.0\n\n","GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n",
"GET /cgi-bin/survey.cgi HTTP/1.0\n\n","GET /cgi-bin/AnyForm2 HTTP/1.0\n\n",
"GET /cgi-bin/textcounter.pl HTTP/1.0\n\n","GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n",
"GET /cgi-bin/environ.cgi HTTP/1.0\n\n","GET /cgi-bin/wrap HTTP/1.0\n\n",
"GET /cgi-bin/cgiwrap HTTP/1.0\n\n","GET /cgi-bin/guestbook.cgi HTTP/1.0\n\n",
"GET /cgi-bin/edit.pl HTTP/1.0\n\n","GET /cgi-bin/perlshop.cgi HTTP/1.0\n\n");

@names_u = ("THC - backdoor  ","phf             ","Count.cgi       ","test-cgi        ","nph-test-cgi    ",
"nph-publish     ","php.cgi         ","handler         ","webgais         ","websendmail     ",
"webdist.cgi     ","faxsurvey       ","htmlscript      ","pfdisplay       ","perl.exe        ",
"wwwboard.pl     ","www-sql         ","view-source     ","campas          ","aglimpse        ",
"glimpse         ","man.sh          ","AT-admin.cgi    ","filemail.pl     ","maillist.pl     ",
"jj              ","info2www        ","files.pl        ","finger          ","bnbform.cgi     ",
"survey.cgi      ","AnyForm2        ","textcounter.pl  ","classifields.cgi","environ.cgi     ",
"wrap            ","cgiwrap         ","guestbook.cgi   ","edit.pl         ","perlshop.cgi    ");
# Windows SCRIPTS ###################################################
@scripts_w = ("GET /_vti_inf.html HTTP/1.0\n\n","GET /_vti_pvt/service.pwd HTTP/1.0\n\n",
"GET /_vti_pvt/users.pwd HTTP/1.0\n\n","GET /_vti_pvt/authors.pwd HTTP/1.0\n\n",
"GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n","GET /_vti_bin/shtml.dll HTTP/1.0\n\n",
"GET /_vti_bin/shtml.exe HTTP/1.0\n\n","GET /cgi-dos/args.bat HTTP/1.0\n\n",
"GET /cgi-win/uploader.exe HTTP/1.0\n\n","GET /cgi-bin/rguest.exe HTTP/1.0\n\n",
"GET /cgi-bin/wguest.exe HTTP/1.0\n\n","GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n",
"GET /scripts/CGImail.exe HTTP/1.0\n\n","GET /scripts/tools/newdsn.exe HTTP/1.0\n\n",
"GET /scripts/fpcount.exe HTTP/1.0\n\n","GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n",
"GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n",
"GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n","GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n",
"GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n","GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n",
"GET /search97.vts HTTP/1.0\n\n","GET /carbo.dll HTTP/1.0\n\n");
@names_w = (
"_vti_inf.html   ","service.pwd     ","users.pwd       ","authors.pwd     ","administrators  ",
"shtml.dll       ","shtml.exe       ","args.bat        ","uploader.exe    ","rguest.exe      ",
"wguest.exe      ","bdir - samples  ","CGImail.exe     ","newdsn.exe      ","fpcount.exe     ",
"openfile.cfm    ","exprcalc.cfm    ","dispopenedfile  ","sendmail.cfm    ","codebrws.asp    ",
"codebrws.asp 2  ","showcode.asp    ","search97.vts    ","carbo.dll       ");
 $insecure = 0;
system "clear";
use IO::Socket;
my ($port, $sock,$server);
$size=0;
################################ SCAN ##########################
if(! $ARGV[0])
{
 &usage;
 exit;
} 

$server = $ARGV[0];
($s,$e) = split(/-/,$server);
($ia,$ib,$id,$ix) = split(/\./,$s);
print "[Scaning from $s to $ia.$ib.$id.$e]\n";
$port = $ARGV[1];
if(! $ARGV[1]) { $port = 80; }
for($i=$ix;$i<=$e;$i++)
 {
  $server = "$ia.$ib.$id.$i";
  &connect;
 }

print "[CGI Scanner by RapMaster2000]\n"; 


sub connect {
        #print "[Trying $server]\n";
	$sock = IO::Socket::INET->new(PeerAddr => $server,
				 	PeerPort => $port,
				 	Proto => 'tcp');
	if ($sock)	{
		print "[Connected to $server on $port]\n";
            $n=0;
            &version;
	    close(sock);
	      $size++;
      } else {
	
	}
}  
################################ VERSION ##########################
sub version {
 $ver = "HEAD / HTTP/1.0\n\n";
  my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!";
connect(SOCK, $paddr) || die "Error: $!"; 
send(SOCK, $ver, 0) || die "Can't to send packet: $!";
print "[Server version is]:\n[##############################]\n";
while(<SOCK>) 
{
 print;
} 
print "[##############################]\n";
 print "[It is Windows or UNIX?]\n[Windows-1,Unix-2,Quit-3]:";

 $n=0;
 chomp($type=<STDIN>);
 if($type eq 3)
 { print "Scan aborted!\n"; exit; }
 if($type eq 1)
  {
  foreach $scripts_w(@scripts_w)
{
	print "Searching for @names_w[$n] : ";
	$scw=$scripts_w;
      $name = @names_w[$n];
	&win_scan;
	$n++;
}	
  }
 else { 


foreach $scripts_u(@scripts_u)
{
	print "Searching for [@names_u[$n]] : ";
	$sc=$scripts_u;
      $name = @names_u[$n];
	&unix_scan;
	$n++;
}
  }
close(SOCK);
}
sub win_scan {
my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!"; 
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
connect(SOCK, $paddr) || &error("Unable to connect: $!");
send(SOCK,$scw,0);

	$check=<SOCK>;
	($http,$code,$blah) = split(/ /,$check);
	if($code == 200)
	{
		print "[Found!]\n";
		$insecure++;
	}
	else
	{
		print "[Not Found]\n";

	}
	close(SOCK);
}


sub unix_scan {

 my($iaddr,$paddr,$proto);
$iaddr = inet_aton($server) || die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
$proto = getprotobyname('tcp') || die "Error: $!"; 
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
connect(SOCK, $paddr) || &error("Unable to connect: $!");
send(SOCK,$sc,0);

	$check=<SOCK>;
	($http,$code,$blah) = split(/ /,$check);
	if($code == 200)
	{
		print "[Found!]\n";
		$insecure++;
	}
	else
	{
		print "[Not Found]\n";

	}
	close(SOCK);
}
################################ USAGE ##########################
sub usage {
        system "clear";
	print "[Usage: ./port IP-END PORT ]\n[Example: ./port 195.34.0.1-255 23]\n[Put first agument -s for single host scan]\n";
	exit(0); }
################################ END   ##########################
print "[Totaly found $size hosts with open $port port and $insecure buggy scripts]\n";