------------------
By Matteo Baccan (baccan@infomedia.it)
--------------------------------------
I have found on the net many CGI scanner. Every scanner have a specific set
of url to check. I have get all these URL and I have written this scanner
that use all the URL I have found in these program
ucgi240.c
cgichk_250.tar
fpage-DoS.pl
cgiscan
neon_beta5
CGI scanner by alt3kx_h3z
VoidEye CGI scanner, version 04.4
HTTP'XPS scanner version1.1b
Scowl CGI scanner v1.0
Guilecool's Cgi Mass Scanner
CrAzY ScAn by Asmbeginer.com
This merging give me the possibily to have 702 CGI/vulnerabilty in database
After merge I have also add an info to some CGI url, to give some imformation
to the user that use this scanner, and want to correct the vulnerabilty
that this scanner is able to find.
For this reason I think URLChk is the best CGI scanner available on Internet.
I have also add some features to the scanner. The most important is HTTP/Proxy
scanner. URLChk is able to scan a machine over a HTTP/Proxy, and also is able
to add a Basic autentification if HTTP/Proxy need this.
I have also add the possibilty to use an anonimyzer scanner and this is also
available over an HTTP/Proxy, so I think all situation is possible to start
a scanning of a particular machine.
Also I have add HTML output and multithread support, for create a faster scanner
and a bautifull output.
I have also made all in opensource mode. I hope you like my scanner.
Use this program in Linux, Windows, AIX, AS/400 or all environment that support
java. Also is available a Win32 executable for Windows users.
How To use:
-----------
Usage: urlChk [<options>]
-ip <ip address>
Is possible to specifie the ip where start the scan
ex.
urlChk -ip 194.168.0.1
urlChk -ip localhost
-port <port>
Is possible to specifie the port where start the scan
ex.
urlChk -port 21
urlChk -port 22
-urlfile <file>
Is possible to specifie the CGI file information to use for scan
ex.
urlChk -urlfile mycgi.ini
-verbose
Add many information about the scan in the output report
-thread <nThread>
Is possible to specifie the number of thread to use for scan
Too many thread may fail the scan. If this occurs decrese the number of
the thread
ex.
urlChk -thread 20
-timeout <nTimeout>
Set connection timeout. If there is no reply to the socket within nTimeout
mills, the connection thread close the socket.
A value of 0 means infinite wait. A number to little may disconnect the
socket to fast
ex.
urlChk -timeout 0
Proxy setting
You can also use an HTTP/Proxy to scan a server
-proxy <name>
This is the name of the HTTP/Proxy
-proxyport <port>
This is the port of the HTTP/Proxy
-proxyuser <user>
-proxypwd <password>
If you use these 2 setting urlChk send a basic autentification to
the HTTP/Proxy
Anonymizer setting
You can also use anonymizer proxy to scan a server
-anonserver <server>
This is the name of anonymizer server
-anonenable
This enable anonymous scan
Sample:
-------
Scan localhost
urlChk -ip 127.0.0.1
Update:
-------
0.40
----
First alpha
0.50
----
First beta
0.60
----
First release
0.70
----
Add doc for /publisher/ URL
Add new check for cmd.exe with traversal directory, unicode traversal
directory and doucle traversal directory
Add Net.Commerce user list
Add Code RED
Add check for URL variant
Known Problems
--------------
I have found some problems with Explorer. In some situation you can find
URL that are correctly found on the server, for example Notes 5.0.6 bug.
If you check the bug link with Explorer, this browser, is not able to use
in the rigth way the link. If you try the same link with Netscape all works!
You may find the new version of URLChk CGI Scanner at:
http://www.baccan.it
Please e-mail any comments, suggestions, or ideas to Matteo Baccan at:
baccan@infomedia.it
If you have new CGI to check or you want to change some description in .INI
file, please, send to me new CGI and new description, so I'm able to add
these news to official URL.INI
And Instructions
Wkd..
