Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Apache Chunked vulnerability scanning tool

On Mon, 24 Jun 2002, Jean-Christian Imbeault wrote:

> Here's a nice tool (Windows only though) to scan you network to see if any
> chunked vulnerable Apache server are running on it. Found it useful as it
> pointed out an old Apache server I had forgotten about ...
> If anyone know of a similar tool for Linux please let emknow.
Attached is a neat little script that a friend of mine wrote.


# Amazingly shoddy httpd scanner thingy 0.5 (c) 2002 P.Mills

# This assumes Gnu date, since I am too lazy to do it properly for now,
# and am running it on linux.. I know it'll break on Solaris and
# need some changes. 

progname=`basename $0`

# Make sure that we have a parameter, else exit.
if [ $# -lt 2 ]; then
        echo "Syntax: $progname <nmap stylee ip range> <port to check>" 
        exit 1

outfile=/tmp/`date +%s`

echo ---------------------------------------------------------------------------
echo Starting run on $targets at `date`, port $port
echo ---------------------------------------------------------------------------

# First phase, sweep the netblock for stuff that has port $port open.
nmap -o $outfile -p$port $targets &>/dev/null
arsema=`date +%s`

cat $outfile | cut -f2 -d '(' | grep -v closed | grep ')' | cut -f1 -d ')' | grep -v map | grep -v host | grep -v closed >/tmp/$arsema 
rm $outfile

# Second phase, grab some headers from the remote httpd, and record
# the result 

for wark in `cat /tmp/$arsema`
	dumpy=/tmp/`date +%s`
        lynx -connect_timeout=15 -dump -head http://$wark:$port 2>/dev/null >$dumpy
	grep -q Server $dumpy; if [ $? -eq 0 ]; then
		results=`fgrep Server $dumpy`
		trumpy=/tmp/`date +%s`
		echo `nslookup $wark 2>/dev/null | fgrep Name` >$trumpy
		grep -q Name $trumpy; if [ $? -eq 0 ]; then
			cat $trumpy | fgrep Name 	
			echo "(No reverse found for $wark)"	
		rm -f $trumpy
		echo "$wark: $results" 
	rm -f $dumpy 
rm -f /tmp/$arsema

echo ---------------------------------------------------------------------------
echo Ending run on $targets at `date`, port $port
echo ---------------------------------------------------------------------------

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links