Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Apache Chunked vulnerability scanning tool
- Date: Mon, 24 Jun 2002 14:21:04 +0100 (BST)
- From: Tim Hurman <kano-tlug@example.com>
- Subject: Re: [tlug] Apache Chunked vulnerability scanning tool
On Mon, 24 Jun 2002, Jean-Christian Imbeault wrote: > Here's a nice tool (Windows only though) to scan you network to see if any > chunked vulnerable Apache server are running on it. Found it useful as it > pointed out an old Apache server I had forgotten about ... > > http://www.eeye.com/html/Research/Tools/apachechunked.html > > If anyone know of a similar tool for Linux please let emknow. > Attached is a neat little script that a friend of mine wrote. Tim.
#!/bin/sh
#
# Amazingly shoddy httpd scanner thingy 0.5 (c) 2002 P.Mills
# This assumes Gnu date, since I am too lazy to do it properly for now,
# and am running it on linux.. I know it'll break on Solaris and
# need some changes.
progname=`basename $0`
# Make sure that we have a parameter, else exit.
#
if [ $# -lt 2 ]; then
echo "Syntax: $progname <nmap stylee ip range> <port to check>"
exit 1
fi
outfile=/tmp/`date +%s`
targets=$1
port=$2
echo ---------------------------------------------------------------------------
echo Starting run on $targets at `date`, port $port
echo ---------------------------------------------------------------------------
# First phase, sweep the netblock for stuff that has port $port open.
nmap -o $outfile -p$port $targets &>/dev/null
arsema=`date +%s`
cat $outfile | cut -f2 -d '(' | grep -v closed | grep ')' | cut -f1 -d ')' | grep -v map | grep -v host | grep -v closed >/tmp/$arsema
rm $outfile
# Second phase, grab some headers from the remote httpd, and record
# the result
for wark in `cat /tmp/$arsema`
do
dumpy=/tmp/`date +%s`
lynx -connect_timeout=15 -dump -head http://$wark:$port 2>/dev/null >$dumpy
grep -q Server $dumpy; if [ $? -eq 0 ]; then
results=`fgrep Server $dumpy`
trumpy=/tmp/`date +%s`
echo `nslookup $wark 2>/dev/null | fgrep Name` >$trumpy
grep -q Name $trumpy; if [ $? -eq 0 ]; then
cat $trumpy | fgrep Name
else
echo "(No reverse found for $wark)"
fi
rm -f $trumpy
echo "$wark: $results"
fi
rm -f $dumpy
done
rm -f /tmp/$arsema
echo ---------------------------------------------------------------------------
echo Ending run on $targets at `date`, port $port
echo ---------------------------------------------------------------------------
- References:
- [tlug] Apache Chunked vulnerability scanning tool
- From: Jean-Christian Imbeault
- [tlug] Apache Chunked vulnerability scanning tool
- Prev by Date: Re: [tlug] Root - NO KDE
- Next by Date: Re: [tlug] Root - NO KDE
- Previous by thread: [tlug] Apache Chunked vulnerability scanning tool
- Next by thread: [tlug] TLUG meeting 07/06
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |