#!/usr/bin/perl # ------------------------------------------------------------------------ # ------------------------------------------------------------------------ # Infinity CGI Server Info Scanner v2.0 Beta # Copyright (C) 1999 Azrael, All Rights Reserved # ------------------------------------------------------------------------ # This script is to be used for educational use only. I (Azrael) accept # absolutely no responsibility for the information that may be possibly # attained through the use of this script and/or the actions that may # take place because of someone's usage of this script. # ------------------------------------------------------------------------ # Visit http://infinityproject.cjb.net for more updates on the scanner and/or # a better version available. # You can contact me at infinity@wwdg.com # ------------------------------------------------------------------------ # ------------------------------------------------------------------------ # # Don't forget to chmod this script 755 (u+rwx,g+rx,o+rx) # # # HTML Form to go on your website: # # Infinity Server Information Scanner v2.0 Beta
#
# # ############################ # Setup Variables $yoursiteaddy = "www.yourdomain.com"; # Your website address # Customize the colors of the output. Remember, special characters like # @, ", | etc... need a \ before them. $bodycolors = ""; $specialcolors = "000000"; # colors of special text in the output $countscans = 1; # Turn this to 1 if you want to enable the scanner counter # If you enable countscans to 1, you must specify the location of the data file to use $counterlocation = "/pathto/serverinfo.txt"; # Blocked sites list # You must have the dontscan.cgi file installed on your site (Scanner Blocker) so # system administrators are able to block their sites from scans. $dontscanlocation = "/pathto/ds.txt"; $nslookuplocation = "/usr/bin/nslookup"; # Location of nslookup binary (which nslookup) # ############################ use Socket; $| = 1; print "$ENV{'SERVER_PROTOCOL'} 200 OK\n"; print "Server: $ENV{'SERVER_SOFTWARE'}\n"; print "Content-type: text/html\n\n"; print "$bodycolors"; print "[ Infinity Server Info Scanner 2.0 Beta ]\n";
print "The Infinity Project: http://infinityproject.cjb.net\n";
print "
Script Written by Azrael
\n"; print "
Server Info Scanner hosted by: $yoursiteaddy\n
";
@values = split(/\&/,$ENV{'QUERY_STRING'});
foreach $i (@values) {
($varname, $mydata) = split(/=/,$i);
$FORM{$varname} = $mydata;
}
$host = "$FORM{'host'}";
$host =~ tr/\%/a/;
$host =~ tr/\;/b/;
$host =~ tr/+/ /;
$host =~ tr//d/;
$host =~ tr/\|/e/;
$host =~ tr/\&/f/;
$host =~ tr/\^/g/;
$host =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$badstring1 = "\.html";
$badstring2 = "http\://";
$badstring3 = "infinityzone.cjb.net";
$badstring4 = "cjb\.net";
$badstring5 = "infinityproject.cjb.net";
if(lc($host) =~ lc($badstring1)) { &dienice("The Scanner can't scan HTML files. There are no exploits for them!"); }
if(lc($host) =~ lc($badstring2)) { &dienice("Don't Enter the http:// part of the server! Just enter foobar.com or www.foobar.com (substitute your server in for that)."); }
if(lc($host) =~ lc($badstring3)) { &dienice("You best not be trying to scan [ The Infinity Zone ]!"); }
if(lc($host) =~ lc($badstring4)) { &dienice("You are not allowed to scan cjb.net! Anyway, don't you realize that the subdomains in their network are not really on their network but rather its just a mask! Arg, some people!"); }
if(lc($host) =~ lc($badstring5)) { &dienice("You best not be trying to scan [ The Infinity Project ]!"); }
$hostname = `$nslookuplocation $host`;
if(lc($hostname) =~ ".gov") { &dienice("No scanning .gov sites!"); }
if(lc($hostname) =~ ".mil") { &dienice("No scanning .mil sites!"); }
if(lc($hostname) =~ ".GOV") { &dienice("No scanning .GOV sites!"); }
if(lc($hostname) =~ ".MIL") { &dienice("No scanning .MIL sites!"); }
open(DONTSCAN, "$dontscanlocation") or &dienice("Couldn't open the list of sites to not scan.\n");
@dontscanlist = \n\n";
foreach $line (@thedata) {
print " [ Infinity Scanner - CGI Server Information Scanner ] Copyright 2000 Azrael, All Rights Reserved.";
print " ";
sub dienice() {
($msg) = @_;
print "\n\nError:\n $msg";
exit;
}
\n\n";
}
else { print "
\n\n"; }
if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or &dienice("Error: Can't resolv $host dns/ip.\n"); }
$serverIP = inet_aton($host);
$serverAddr = sockaddr_in(80, $serverIP);
$protocol_name = "tcp";
socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
if(connect(CLIENT, $serverAddr)) {
send(CLIENT,"HEAD / HTTP/1.0\n\n",0);
# recv(CLIENT, $thedata, 10000, undef);
@thedata=
The line with Server: tells you what type of webserver is running
$line";
}
}
else { print "\nConnection Refused on $host\n"; }
print "