#!/usr/bin/perl # ------------------------------------------------------------------------ # ------------------------------------------------------------------------ # Infinity CGI Server Info Scanner v2.0 Beta # Copyright (C) 1999 Azrael, All Rights Reserved # ------------------------------------------------------------------------ # This script is to be used for educational use only. I (Azrael) accept # absolutely no responsibility for the information that may be possibly # attained through the use of this script and/or the actions that may # take place because of someone's usage of this script. # ------------------------------------------------------------------------ # Visit http://infinityproject.cjb.net for more updates on the scanner and/or # a better version available. # You can contact me at infinity@wwdg.com # ------------------------------------------------------------------------ # ------------------------------------------------------------------------ # # Don't forget to chmod this script 755 (u+rwx,g+rx,o+rx) # # # HTML Form to go on your website: # # Infinity Server Information Scanner v2.0 Beta

#

# Host: #

# #

# # ############################ # Setup Variables $yoursiteaddy = "www.yourdomain.com"; # Your website address # Customize the colors of the output. Remember, special characters like # @, ", | etc... need a \ before them. $bodycolors = ""; $specialcolors = "000000"; # colors of special text in the output $countscans = 1; # Turn this to 1 if you want to enable the scanner counter # If you enable countscans to 1, you must specify the location of the data file to use $counterlocation = "/pathto/serverinfo.txt"; # Blocked sites list # You must have the dontscan.cgi file installed on your site (Scanner Blocker) so # system administrators are able to block their sites from scans. $dontscanlocation = "/pathto/ds.txt"; $nslookuplocation = "/usr/bin/nslookup"; # Location of nslookup binary (which nslookup) # ############################ use Socket; $| = 1; print "$ENV{'SERVER_PROTOCOL'} 200 OK\n"; print "Server: $ENV{'SERVER_SOFTWARE'}\n"; print "Content-type: text/html\n\n"; print "$bodycolors"; print "[ Infinity Server Info Scanner 2.0 Beta ]

\n"; print "The Infinity Project: http://infinityproject.cjb.net\n"; print "
Script Written by Azrael

\n"; print "

Server Info Scanner hosted by: $yoursiteaddy\n

"; @values = split(/\&/,$ENV{'QUERY_STRING'}); foreach $i (@values) { ($varname, $mydata) = split(/=/,$i); $FORM{$varname} = $mydata; } $host = "$FORM{'host'}"; $host =~ tr/\%/a/; $host =~ tr/\;/b/; $host =~ tr/+/ /; $host =~ tr//d/; $host =~ tr/\|/e/; $host =~ tr/\&/f/; $host =~ tr/\^/g/; $host =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $badstring1 = "\.html"; $badstring2 = "http\://"; $badstring3 = "infinityzone.cjb.net"; $badstring4 = "cjb\.net"; $badstring5 = "infinityproject.cjb.net"; if(lc($host) =~ lc($badstring1)) { &dienice("The Scanner can't scan HTML files. There are no exploits for them!"); } if(lc($host) =~ lc($badstring2)) { &dienice("Don't Enter the http:// part of the server! Just enter foobar.com or www.foobar.com (substitute your server in for that)."); } if(lc($host) =~ lc($badstring3)) { &dienice("You best not be trying to scan [ The Infinity Zone ]!"); } if(lc($host) =~ lc($badstring4)) { &dienice("You are not allowed to scan cjb.net! Anyway, don't you realize that the subdomains in their network are not really on their network but rather its just a mask! Arg, some people!"); } if(lc($host) =~ lc($badstring5)) { &dienice("You best not be trying to scan [ The Infinity Project ]!"); } $hostname = `$nslookuplocation $host`; if(lc($hostname) =~ ".gov") { &dienice("No scanning .gov sites!"); } if(lc($hostname) =~ ".mil") { &dienice("No scanning .mil sites!"); } if(lc($hostname) =~ ".GOV") { &dienice("No scanning .GOV sites!"); } if(lc($hostname) =~ ".MIL") { &dienice("No scanning .MIL sites!"); } open(DONTSCAN, "$dontscanlocation") or &dienice("Couldn't open the list of sites to not scan.\n"); @dontscanlist = ; close(DONTSCAN); @hostnameresults = `$nslookuplocation $host`; foreach $badsite (@dontscanlist) { chomp($badsite); if(lc($host) =~ lc($badsite)) { &dienice("That site is protected from being scanned."); } foreach $badsitehostname (@hostnameresults) { chomp($badsitehostname); if(lc($badsitehostname) =~ lc($badsite) and lc($badsitehostname) !~ lc($host)) { &dienice("That site is protected from being scanned."); } if(lc($badsitehostname) =~ lc(".gov")) { &dienice("That site is protected from being scanned."); } if(lc($badsitehostname) =~ lc(".mil")) { &dienice("That site is protected from being scanned."); } } } if($countscans == 1) { open(COUNT,"+<$counterlocation") || die "Couldn't open file: $counterlocation\n"; $hits = ; $hits = $hits + 1; seek (COUNT,0,0); print COUNT $hits; truncate COUNT, tell COUNT; close COUNT; print "There have been $hits scans with this scanner"; print "

\n\n"; } else { print "
\n\n"; } if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or &dienice("Error: Can't resolv $host dns/ip.\n"); } $serverIP = inet_aton($host); $serverAddr = sockaddr_in(80, $serverIP); $protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); if(connect(CLIENT, $serverAddr)) { send(CLIENT,"HEAD / HTTP/1.0\n\n",0); # recv(CLIENT, $thedata, 10000, undef); @thedata=; close(CLIENT); print "\nServer Response For $host:\n
The line with Server: tells you what type of webserver is running

\n\n"; foreach $line (@thedata) { print "
$line"; } } else { print "\nConnection Refused on $host\n"; } print "

[ Infinity Scanner - CGI Server Information Scanner ] Copyright 2000 Azrael, All Rights Reserved."; print "

"; sub dienice() { ($msg) = @_; print "\n\nError:\n

$msg"; exit; }