#!/usr/bin/perl -w # [ Infinity Scanner 3.0 Beta - Perl/TK Version] # by Azrael # Copyright 1999, 2000 Azrael, All Rights Reserved # infinity@wwdg.com or tempazrael@hotmail.com # http://infinityproject.cjb.net # Please note, you must have the TK module installed. The installation of the module, by the way, # is _very easy! It will take a little time to compile, but basically the whole thing is about 4 commands # which are described in the INSTALL file of the module. # The verison of the TK module that I used is TK 800.017 # That version is available here: # http://www.perl.com/CPAN-local/modules/by-module/Tk/Tk800.017.tar.gz # http://www.perl.com/CPAN-local/modules/by-module/Tk/Tk800.readme # There may be a later version out, so just check the directory # http://www.perl.com/CPAN-local/modules/by-module/Tk/ # for one. # Ok peeps here it is! Finally, the Infinity Scanner 3.0 Beta - Perl/TK Version is complete. # I put a lot of hard work into this (over 1200 lines of code...) so please don't rename it as # your own program. BTW, this program is copyrighted :P so I wouldn't even think about it... # For more info visit http://infinityproject.cjb.net -- Questions go on WWWBoard # Any bugs or anything, lemme know. # ----------------------------------------- # Version 1.0 (6/18/99): Initial Version # Version 1.1 (6/19/99): Fixed an error checking bug # Version 1.2 (6/19/99): Infinity Scanner doesn't make mistakes nemore w/errorchecking # I changed it to look for if its found (code=200) instead # of looking for 404 not found etc. # Fixed RECV freeze bug (if the server didn't say anything when # INFINITY connected, INFINITY would just keep waiting # for the server to say something). # Version 1.3 (6/20/99): Did some tweaking to improve speed and reliability. # Added peeps to the greets section. # Version 3.0 (3/25/00): The TK Gui version is born! Before this it was all command line # The scanners are based off of the updated CGI's, so this is much # more advanced than the verison 1.3 command line. For example, # the exploit scanner features smart scanning... # P.S. Yes, I know the code is sloppy... but it works :P # ----------------------------------------- use Tk; use Socket; $mw = MainWindow->new; $mw->title("[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ] "); $mw->geometry("750x300+0+0"); $currentscanner = "exploit"; $chkbttn_aec = 0; $chkbttn_ids = 0; ############# # Select a Color Style [ hacker / phunky / pro ] # This was something I was playing around with. It isn't really fully implemented # but you can play with it if you want to :-] $colorstyle = "hacker"; &set_colors; $statusbar = "Infinity Scanner 3.0 - Perl/TK GUI Version"; $statusbottom = $mw->Label(-textvariable => \$statusbar, -relief => 'ridge', -foreground => $statusforeground, -background => $statusbackground) ->pack(-side => 'bottom', -fill => 'x'); $top_menu = $mw->Frame(-relief => 'groove', -borderwidth => 2, -foreground => $foreground, -background => $background)->pack(-side => 'top', -fill => 'x'); $top_menu->Menubutton(-text => "File", -tearoff => 0, -foreground => $foreground, -background => $background, -activeforeground => $activeforeground, -activebackground => $activebackground, -menuitems => [[ 'command' => "Exit", -command => sub { exit }, -background => $background, -foreground => $fore ground ]]) ->pack(-side => 'left', -anchor => 'n'); $top_menu->Menubutton(-text => "Help", -tearoff => 0, -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground, -menuitems => [[ 'command' => "About", -command => \&infinity_about, -background => $background, -foreground => $foreground ]]) ->pack(-side => 'right', -anchor => 'n'); # $scanner_menu = $top_menu->Menubutton(-text => "Scanner", -tearoff => 0, # -foreground => "yellow", # -background => "black", # -activeforeground => "yellow", # -activebackground => "black",) # ->pack(-side => 'left', -anchor => 'n'); #@rdoarray = ("Exploit Scanner", # "Port Scanner", # "Trojan Scanner", # "Subnet Scanner", # "Protocol Scanner", # "Server Info Scanner"); # foreach $rdocreate (@rdoarray){ # $scanner_menu->radiobutton(-label => $rdocreate, # -command => \&switch_layout, # -variable => \$selected_scanner, # -value => $rdocreate); # } # $scanner_menu->pack(-side => 'left', -anchor => 'n'); ################################### # Exploit Scanner Widgets $f = $mw->Frame(-background => $background, -foreground => $foreground)->pack(-side => 'top', -anchor => 'w', -fill => 'x'); $continuescan = "0"; $f->Button(-text => "Clear", -command => sub { $txtbox->delete("1.0", "end"); $statusbar = "Result Box Cleared"; }, -foreground => $foreground, -background => $background, -activeforeground => $activeforeground, -activebackground => $activebackground)->pack(-side => 'right', -anchor => 'e'); $f->Button(-text => "Halt", -command => sub { if($continuescan eq "yes") { $continuescan = "no"; $statusbar = "Halting Scan..."; $txtbox->insert("end", "\n\nHalting Scan...\n\n"); }}, -background => $background, -foreground => $foreground, #-state => "disabled", -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'right', -anchor => 'e'); $f->Button(-text => "Scan", -command => sub { $selectedscanner = $currentscanner; &bttn_scan; }, -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'right', -anchor => 'e'); ###################################### # Exploit Scanner Data Boxes # # $expframe = $f->Frame(-background => $background, -foreground => $foreground)->pack(-side => 'left', -fill => 'x'); $expframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $expframe->Entry(-textvariable => \$expframe_host, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $expframe->Label(-text => "Port:", -background => $background, -foreground => $foreground) ->pack(-side => 'left', -anchor => 'w'); $expframe->Entry(-textvariable => \$expframe_port, -width => 5, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $expframe_host = "localhost"; $expframe_port = "80"; $expframe->Label(-text => " ", -background => $background, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $expframe->Checkbutton(-text => "A.E.C.", -variable => \$chkbttn_aec, -offvalue => 0, -onvalue => 1, -selectcolor => $selectedcolor, -background => $background, -foreground => $foreground, -activeforeground => $activeforeground, -activebackground => $activebackground) ->pack(-side => 'left', -anchor => 'w'); $expframe->Label(-text => " ", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $expframe->Checkbutton(-text => "IDS Bypass", -variable => \$chkbttn_ids, -offvalue => 0, -onvalue => 1, -selectcolor => $selectedcolor, -background => $background, -foreground => $foreground, -activeforeground => $activeforeground, -activebackground => $activebackground) ->pack(-side => 'left', -anchor => 'w'); # # # ############################# # Port Scanner Data Boxes # # $portframe = $f->Frame(-background => $background, -foreground => $foreground); $portframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $portframe->Entry(-textvariable => \$portframe_host, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $portframe->Label(-text => "Startport:", -background => $background, -foreground => $foreground) ->pack(-side => 'left', -anchor => 'w'); $portframe->Entry(-textvariable => \$portframe_startport, -width => 6, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $portframe->Label(-text => "Endport:", -background => $background, -foreground => $foreground) ->pack(-side => 'left', -anchor => 'w'); $portframe->Entry(-textvariable => \$portframe_endport, -width => 6, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $portframe_host = "localhost"; $portframe_startport = "1"; $portframe_endport = "1500"; # # ######################### ############################# # Trojan Scanner Data Boxes # # $trojanframe = $f->Frame(-background => $background, -foreground => $foreground); $trojanframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $trojanframe->Entry(-textvariable => \$trojanframe_host, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $trojanframe_host = "localhost"; # # ######################### ############################# # Subnet Scanner Data Boxes # # $subnetframe = $f->Frame(-background => $background, -foreground => $foreground); $subnetframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $subnetframe->Entry(-textvariable => \$subnetframe_domain, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $subnetframe->Label(-text => "Port:", -background => $background, -foreground => $foreground) ->pack(-side => 'left', -anchor => 'w'); $subnetframe->Entry(-textvariable => \$subnetframe_port, -width => 6, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $subnetframe_domain = "127.0.0"; $subnetframe_port = "23"; # # ###################################################### # Server Info Scanner Data Boxes # # $serverinfoframe = $f->Frame(-background => $background, -foreground => $foreground); $serverinfoframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $serverinfoframe->Entry(-textvariable => \$serverinfoframe_host, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $serverinfoframe->Label(-text => "Port:", -background => $background, -foreground => $foreground) ->pack(-side => 'left', -anchor => 'w'); $serverinfoframe->Entry(-textvariable => \$serverinfoframe_port, -width => 6, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $serverinfoframe_host = "localhost"; $serverinfoframe_port = "80"; # # ######################### ###################################################### # Protocol Scanner Data Boxes # # $protocolframe = $f->Frame(-background => $background, -foreground => $foreground); $protocolframe->Label(-text => "Server:", -background => $background, -foreground => $foreground)->pack(-side => 'left', -anchor => 'w'); $protocolframe->Entry(-textvariable => \$protocolframe_host, -width => 25, -background => $entrybackground, -foreground => $entryforeground)->pack(-side => 'left', -anchor => 'w'); $protocolframe_host = "localhost"; # # ######################### $scan_frame = $mw->Frame(-background => $background, -foreground => $foreground)->pack(-side => 'bottom', -fill => 'x'); $scan_frame->Button(-text => "Exploit Scanner", - command => sub { $currentscanner = "exploit"; &unpack_frames; $expframe->pack(-side => 'left', -fill => 'x') ; $statusbar = "Loaded Infinity Exploit Scanner"; $statusbottom->update(); }, -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $scan_frame->Button(-text => "Port Scanner", - command => sub { $currentscanner = "port"; &unpack_frames; $portframe->pack(-side => 'left', -fill => 'x'); $statusbar = "Loaded Infinity Port Scanner"; $statusbottom->update(); }, #-state => "disabled", -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $scan_frame->Button(-text => "Trojan Scanner", - command => sub { $currentscanner = "trojan"; &unpack_frames; $trojanframe->pack(-side => 'left', -fill => 'x '); $statusbar = "Loaded Infinity Trojan Scanner"; $statusbottom->update(); }, #-state => "disabled", -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $scan_frame->Button(-text => "Subnet Scanner", - command => sub { $currentscanner = "subnet"; &unpack_frames; $subnetframe->pack(-side => 'left', -fill => 'x '); $statusbar = "Loaded Infinity Subnet Scanner"; $statusbottom->update(); }, #-state => "disabled", -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $scan_frame->Button(-text => "Server Info Scanner", - command => sub { $currentscanner = "serverinfo"; &unpack_frames; $serverinfoframe->pack(-side => 'left', -fi ll => 'x'); $statusbar = "Loaded Infinity Server Info Scanner"; $statusbottom->update(); }, #-state => "disabled", -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $scan_frame->Button(-text => "Protocol Scanner", - command => sub { $currentscanner = "protocol"; &unpack_frames; $protocolframe->pack(-side => 'left', -fill = > 'x'); $statusbar = "Loaded Infinity Protocol Scanner"; $statusbottom->update(); }, #-state => "disabled", -background => $background, -foreground => $foreground, -activebackground => $activebackground, -activeforeground => $activeforeground)->pack(-side => 'left', -fill =>'x', -expand => 1); $txtbox = $mw->Scrolled("Text", -scrollbars => 'e', -font => "-*-Courier-Medium-B-Normal--*-120-*-*-*-*-*-*", -background => $txtbackground, -foreground => $txtforeground)->pack(-side => 'right', -fill => 'both', -expand => 1); MainLoop; sub infinity_about { $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n\n"); $about = "Ok peeps, here it is. Finally, the scanner is complete. I hope you enjoy it. If\n"; $about .= "you have any questions please visit http://infinityproject.cjb.net and ask it on the\n"; $about .= "WWWBoard. Either I or someone else will get back to you as soon as possible.\n\n"; $about .= "Shouts to: bansh33, fcjohn, thegame, dlm21, Tradeser, dio, Mad Hadder, CF, Prophet,\n"; $about .= "faith (dykegirl), vetesgirl, sil, speedygirl, JHH, BoZ, meth, spikeman, freix, iggie\n"; $about .= "Centauri, EvilEntity, E-Dub, ^gLiTcH^, revwonka and l0wtolerance (where are you guys?!)\n"; $about .= "chl0ie, dylan, reno, Reeper, DeeJ, Xpander, RaVeN, Wacko, Bufferman, idleicon, p1p3dream,\n"; $about .= "Jarmaug, jobe (Cicero), LiteWait, Sundevil, Xenographic, Kaladis, PsychoSurfer, special k\n"; $about .= "Axtrex, ragnarox, dilusi0n, Ozmosis, Įrash, NEO, Mog Ruler, Yorkie, nick\@cyberarmy\n"; $about .= "gryphon, reb0rn, LochNess Monster, Crawl-X, 11thangel, cowhead2000, Dark911, dodo,\n"; $about .= "despyz, Tricker, VoiD, Dragonbyte, Zenomorph, Binary Falcom, Syndr0m, Grim Reaper.\n"; $about .= "\nNote: Those peeps are in no particular order. You're on there based on when I found\n"; $about .= "you in all the pages I went to that you all chill at :P And if I forgot you please\n"; $about .= "forgive me. As you can see, I have quite a list of peeps to keep track of...\n"; $txtbox->insert("end","$about"); $txtbox->update(); } sub serverinfo_scan { $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n\n"); $txtbox->insert("end","-------Results--------\n\n"); $txtbox->update(); $host = $serverinfoframe_host; $port = $serverinfoframe_port; if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or &serverinfo_dead; } if($continuescan eq "yes") { $statusbar = "Retrieving Server Information of $host on port $port."; $statusbottom->update(); $serverIP = inet_aton($host); $serverAddr = sockaddr_in(80, $serverIP); $protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); if(connect(CLIENT, $serverAddr)) { send(CLIENT,"HEAD / HTTP/1.0\n\n",0); # recv(CLIENT, $thedata, 10000, undef); @thedata=; close(CLIENT); foreach $line (@thedata) { $txtbox->insert("end", "$line"); $txtbox->update(); $txtbox->see("end"); } $txtbox->insert("end","\n-------Results--------"); $txtbox->update(); $statusbar = "Server Information Retrieved"; $statusbottom->update(); } else { $statusbar="Unable to connect to $host on port $port"; $statusbottom->update(); $continuescan = "no"; } if($continuescan eq "yes") { $txtbox->insert("end","\n\n--Finished checking $host server information on port $port.\n"); $txtbox->insert("end", "\n[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->update(); $txtbox->see("end"); } } } sub serverinfo_dead { $statusbar = "Unable to lookup host"; $statusbottom->update(); $continuescan = "no"; } sub protocol_scan { $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n\n"); $txtbox->insert("end","-------Results--------\n\n"); $txtbox->update(); $host = $protocolframe_host; if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or &serverinfo_dead; } if($continuescan eq "yes") { @ports = ("21", "25", "110"); foreach $port (@ports) { if($continuescan eq "yes") { $statusbar = "Scanning $host on port $port."; $statusbottom->update(); $serverIP = inet_aton("$host"); $serverAddr = sockaddr_in($port, $serverIP); $protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); if(connect(CLIENT, $serverAddr)) { # recv(CLIENT, $thedata, 10000, undef); $thedata=; close(CLIENT); $txtbox->insert("end","Connection Established with Host: $host on Port: $port\n\n$thedata\n"); $txtbox->see("end"); $txtbox->update(); } else { $txtbox->insert("end","$host:$port Connection Refused\n\n"); $txtbox->see("end"); $txtbox->update(); } close(CLIENT); $statusbar = "Protocol Scan Complete"; $statusbottom->update(); } } $txtbox->insert("end","\n-------Results--------"); $txtbox->see("end"); $txtbox->update(); } if($continuescan eq "yes") { $txtbox->insert("end","\n\n--Finished checking $host protocols\n"); $txtbox->insert("end", "\n[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->update(); $txtbox->see("end"); } } sub subnet_scan { $domain = $subnetframe_domain; $port = $subnetframe_port; if($domain !~ /[0-9]+\.[0-9]+\.[0-9]+/) { $statusbar = "Invalid Format. Subnet must be in format of xxx.xxx.xxx"; $statusbottom->update(); $continuescan = "no"; } if($continuescan eq "yes") { if(!$port) { $port="23"; } $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n\n"); $txtbox->insert("end","--Scanning subnet $domain for open port $port\n"); $txtbox->update(); } $dot = "."; for ($octet = 0; $octet <= 255; $octet++) { if($continuescan eq "yes") { $host = ("$domain" . "$dot" . "$octet"); $connect_time = 1; $SIG{"ALRM"} = sub { close(CLIENT); }; alarm $connect_time; $serverIP = inet_aton("$host"); $serverAddr = sockaddr_in($port, $serverIP); $protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); $statusbar = "Checking for open port $port on $host"; $statusbottom->update(); if(connect(CLIENT, $serverAddr)) { close(CLIENT); $txtbox->insert("end", "Connection To Host: $host On Port: $port\n"); $txtbox->update(); $txtbox->see("end"); } close(CLIENT); } } $txtbox->insert("end","\n\n--Finished scanning subnet $domain for open ports $port.\n"); $txtbox->insert("end", "\n[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->update(); $txtbox->see("end"); } sub trojan_scan { %trojans = ( "31337" => "BackOrifice 1.x", "6969" => "GateCrasher", "21554" => "GirlFriend", "12346" => "NetBus 1.x", "20034" => "NetBus 2.x", "30100" => "NetSphere", "10167" => "Portal of Doom", "6400" => "The tHing", "1243" => "SubSeven", "6670" => "Deep Throath 1,2,3.x", "31" => "Master Paradise", "1001" => "Silencer", "20000" => "Millenium", "65000" => "Devil 1.03", "7306" => "NetMonitor", "1170" => "Streaming Audio Trojan", "30303" => "Socket23", "61466" => "Telecommando", "12076" => "Gjamer", "4950" => "IcqTrojen", "16969" => "Priotrity", "1245" => "Vodoo", "5742" => "Wincrash", "2583" => "Wincrash2", "1033" => "Netspy", "1981" => "ShockRave", "2023" => "Pass Ripper", "666" => "Attack FTP", "50766" => "Fore, Schwindlerd", "34324" => "Tiny Telnet Server", "30999" => "Kuang", "11000" => "Senna Spy Trojans", "23456" => "WhackJob", "555" => "Phase0 or Stealth Spy or NeTadmin (they use same port)", "5400" => "BladeRunner", "9989" => "InIkiller", "9872" => "PortalOfDoom", "11223" => "ProgenicTrojan", "22222" => "Prosiak 0.47", "53001" => "RemoteWindowsShutdown", "5569" => "RoboHack", "1001" => "Silencer", "2565" => "Striker", "40412" => "TheSpy", "2001" => "TrojanCow", "1001" => "WebEx", "1999" => "Backdoor", "2801" => "Phineas", "1509" => "Psyber Streaming Server", "6939" => "Indoctrination", "456" => "Hackers Paradise", "1011" => "Doly Trojan", "1492" => "FTP99CMP", "1600" => "Shiva Burka", "31339" => "NetSpy DK", "12223" => "Hack´99 KeyLogger", "9989" => "iNi-Killer", "7789" => "ICQKiller", "5321" => "Firehotcker", "40423" => "Master Paradise", "121" => "BO jammerkillahV", "30029" => "AOLTrojan1.1", "31787" => "Hack'a'tack", "2140" => "The Invasor", "1807" => "SpySender", "29891" => "The Unexplained", "20331" => "Bla", "4567" => "FileNail", "69123" => "ShitHeep", "10607" => "Coma", "1042" => "Bla1.1", "2283" => "HVL Rat5p", "5400" => "BackConstruction1.2", "17300" => "Kuang2 theVirus", "5550" => "Xtcp", "21554" => "Schwindler 1.82", "1010" => "Doly trojan v1.35", "1015" => "Doly trojan v1.5", "1080" => "Wingate (Socks-Proxy) (No, this is NOT a trojan)", "6669" => "Vampire", "6883" => "DeltaSource", "33911" => "Trojan Spirit 2001 a", "1269" => "Maverick's Matrix", "3791" => "Total Eclypse 1.0", "5011" => "OOTLT + OOTLT Cart", "12701" => "Eclipse 2000", "5031" => "NetMetro 1.0", "5521" => "Illusion Mailer", "9400" => "InCommand 1.0", "23456" => "UglyFtp", "2140" => "DeepThroat" ); $host = $trojanframe_host; if(!gethostbyname($host)) { $statusbar = "Failed to lookup host: $host"; $continuescan = "no"; } if($continuescan eq "yes") { $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n\n"); $txtbox->insert("end","--Scanning $host for trojans/backdoors.\n"); $txtbox->update(); $strNumberFound = 0; foreach $port (keys %trojans) { if($continuescan eq "yes") { $serverIP = inet_aton($host); $serverAddr = sockaddr_in($port, $serverIP); #$protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); $statusbar = "Checking for $trojans{$port} on port $port"; $statusbottom->update(); if(connect(CLIENT, $serverAddr)) { $txtbox->insert("end","\nPossible $trojans{$port} Trojan found on port $port."); $txtbox->update(); $txtbox->see("end"); $strNumberFound++; } close(CLIENT); } } if($continuescan eq "yes") { if($strNumberFound == 0) { $txtbox->insert("end","\nNo trojans/backdoors were detected on $host."); } $txtbox->insert("end","\n\n--Finished scanning $host for trojans/backdoors.\n"); $txtbox->insert("end", "\n[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->update(); $txtbox->see("end"); $statusbar = "Trojan Scan on $host complete. Found $strNumberFound trojan(s)."; $statusbottom->update(); #$txtbox->insert("end","\nThanks to tlsecurity.cjb.net for creating a huge list of trojans and their ports and thanks to cypress hill for forwarding me their link."); $txtbox->update(); } } $continuescan = "no"; } sub set_colors { # This was something I was messing around with. I haven't fully implemented it # in this version but feel free to play anyway :-] if($colorstyle eq "hacker") { $foreground = "green"; $background = "black"; $activeforeground = "green"; $activebackground = "black"; $entryforeground = "white"; $entrybackground = "black"; $selectedcolor = "green"; $statusbackground = "black"; $statusforeground = "green"; $txtbackground = "black"; $txtforeground = "white"; } if($colorstyle eq "phunky") { $foreground = "yellow"; $background = "black"; $activeforeground = "yellow"; $activebackground = "black"; $entryforeground = "white"; $entrybackground = "black"; $selectedcolor = "blue"; $statusbackground = "black"; $statusforeground = "red"; $txtbackground = "blue"; $txtforeground = "white"; } if($colorstyle eq "pro") { $foreground = "red"; $background = "\#bbbbbb"; $activeforeground = "red"; $activebackground = "\#bbbbbb"; $entryforeground = "white"; $entrybackground = "black"; $selectedcolor = "red"; $statusbackground = "\#bbbbbb"; $statusforeground = "red"; $txtbackground = "black"; $txtforeground = "white"; } } sub unpack_frames { $expframe->packForget(); $portframe->packForget(); $trojanframe->packForget(); $subnetframe->packForget(); $serverinfoframe->packForget(); $protocolframe->packForget(); $txtbox->delete("1.0", "end"); } sub bttn_scan { $continuescan = "yes"; $txtbox->delete("1.0", "end"); if($selectedscanner eq "exploit") { &exploit_scan; } if($selectedscanner eq "port") { &port_scan; } if($selectedscanner eq "trojan") { &trojan_scan; } if($selectedscanner eq "subnet") { &subnet_scan; } if($selectedscanner eq "serverinfo") { &serverinfo_scan; } if($selectedscanner eq "protocol") { &protocol_scan; } } sub port_scan { %definitions = ( "1" => "TCP Port Service Multiplexer", "7" => "Echo", "9" => "Discard", "11" => "Systat", "13" => "Daytime", "17" => "qotd [Quote of the Day]", "19" => "Chargen", "21" => "ftp [File Transfer Protocol]", "22" => "SSH", "23" => "Telnet", "25" => "smtp [Simple Mail Transfer Protocol]", "37" => "Time", "38" => "Route Access Protocol", "42" => "Nameserver", "43" => "Whois", "49" => "Login Host Protocol", "53" => "DNS [Domain Name Server]", "59" => "DCC Server", "70" => "Gopher", "79" => "Finger", "80" => "http [Hyper Text Transfer Protocol]", "88" => "Kerberos", "106" => "poppassd aka epass", "107" => "Remote Telnet", "109" => "pop2 [Post Office Protocol - Version 2]", "110" => "pop3 [Post Office Protocol - Version 3]", "111" => "sunrpc [SUN Remote Procedure Call]", "113" => "ident", "115" => "sftp [Simple File Transfer Protocol]", "119" => "nntp [Network News Transfer Protocol]", "137" => "NETBIOS Name Service", "138" => "NETBIOS Datagram Service", "139" => "NETBIOS Session Service", "143" => "imap2 [Interactive Mail Access Protocol v2]", "220" => "imap3 [Interactive Mail Access Protocol v3]", "407" => "Timbuktu [Screen Sharing Program]", "512" => "exec [Remote Process Execution]", "513" => "rlogin [Remote Login]", "514" => "cmd [Automatic Process Execution]", "515" => "Printer Spooler", "517" => "talk", "540" => "uucp [Unix-To-Unix Copy Protocol]", "666" => "Doom PID [ID Software]", "1352" => "Lotus Notes", "1433" => "Microsoft-SQL-Server", "1434" => "Microsoft-SQL-Monitor", "5190" => "America-Online", "5191" => "America-Online1", "5192" => "America-Online2", "5193" => "America-Online3", "6000" => "X Windows System" ); $host = $portframe_host; $startport = $portframe_startport; $endport = $portframe_endport; $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->insert("end", "\n-Initiating Port Scan on $host from port $startport to $endport.\n\n"); $txtbox->update(); if($startport > $endport) { $statusbar = "Error: Start port is greater than end port."; $statusbottom->update(); $continuescan = "no";} if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or $statusbar = "Error: Can't resolv $host dns/ip."; } if($host !~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { gethostbyname($host) or $continuescan = "no"; } if($continuescan eq "yes") { $statusbar = "Initiating Port Scan on $host from port $startport to $endport."; $statusbottom->update(); $portnumber = 0; for ($port = $startport; $port <= $endport; $port++) { if($continuescan eq "yes") { $serverIP = inet_aton($host); $serverAddr = sockaddr_in($port, $serverIP); #$protocol_name = "tcp"; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); $statusbar = "Checking port $port on host $host"; $statusbottom->update(); if(connect(CLIENT, $serverAddr)) { $portnumber++; $inlist = "no"; foreach $key (keys %definitions) { if($key == $port) { $txtbox->insert("end", "Connection Accepted: $port ($definitions{$key})\n"); $txtbox->update(); $txtbox->see("end"); $inlist = "yes"; } } if($inlist ne "yes") { $txtbox->insert("end", "Connection Accepted: $port\n"); $txtbox->update(); $txtbox->see("end"); } } close(CLIENT); } } if($continuescan eq "yes") { $txtbox->insert("end", "\n-Port Scan on $host complete.\n\n"); $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->update(); $txtbox->see("end"); $statusbar = "Port Scan on $host complete. Found $portnumber open ports."; $statusbottom->update(); } } $continuescan = "no"; } sub exploit_scan { $continuescan = "yes"; while ($continuescan eq "yes") { $txtbox->delete("1.0", "end"); #$isitdone = "0"; $errsfound = 0; @gooddirs = (); $errchk = 0; $idsbypass = 0; @errchkingarray = ("404 Not Found", "404 Error", "302 Object Moved", "script produced no output", "Item was not found", "Error O ccurred While Processing Request"); $statusbar = "Initiating Scan..."; $statusbottom->update(); &header(); &pingserver($host, $port); &determineservertype($host, $port); &determinedirs($host, $port); &fingerprint($host, $port); if($continuescan eq "yes") { $statusbar = "Scanning $host:$port for holes"; if($servertype eq "iis" or $servertype eq "pws" or $servertype eq "netscape" or $servertype eq "website" or $servertype eq "all" ) { &scan($host, $port, '200', 'OK', '/cfappman/', 'index.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/scripts/', 'CGImail.exe', 'CGImail.exe Hole'); &scan($host, $port, '200', 'OK', '/scripts/', 'fpcount.exe', 'FPCount.exe Hole'); &scan($host, $port, '200', 'OK', '/iissamples/exair/howitworks/', 'codebrws.asp', 'IIS Hole'); &scan($host, $port, '200', 'OK', '/iissamples/sdk/asp/docs/', 'codebrws.asp', 'IIS Hole'); &scan($host, $port, '200', 'OK', '/msads/samples/selector/', 'showcode.asp', 'IIS Hole'); &scan($host, $port, '200', 'OK', '/', '_AuthChangeUrl?', 'IIS acdg.htr mapping'); &scan($host, $port, '200', 'OK', '/', '....../autoexec.bat', 'PWS Win95/98 Remote File Viewing'); &scan($host, $port, '502', 'Proxy error', '/scripts/proxy/', 'w3proxy.dll', 'MS-Proxy Server v1.0 Hole'); ##################### # Phunky IDC stuff for RDS ODBC Hole &scan($host, $port, '200', 'OK', '/scrips/tools/', 'getdrvs.exe', 'IIS Remote File Creation'); &scan($host, $port, '200', 'OK', '/msadc/', 'msadcs.dll', 'RDS ODBC Hole - See www.wiretrip.net/rfp'); &scan($host, $port, '200', 'OK', '/scrips/tools/', 'newdsn.exe', 'Remote DSN/MS-Access Database Creation'); &scan($host, $port, '200', 'OK', '/', 'carbo.dll', 'Carbo.dll Hole'); &scan($host, $port, '200', 'OK', '/scripts/iisadmin', 'bdir.htr', 'IIS web password change'); if(&fastdircheck('/iisadmpwd/') eq "yes") { &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'achg.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp2.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp2b.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp3.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp4.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'aexp4b.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'anot.htr', 'IIS web password change'); &scan($host, $port, '200', 'OK', '/iisadmpwd/', 'anot3.htr', 'IIS web password change'); } if(&fastdircheck('/scripts/samples/') eq "yes") { &scan($host, $port, '200', 'OK', '/scripts/samples/', 'details.idc', 'ODBC msadcs.dll Hole Component - Detected exists and DSN connection made!'); &scan($host, $port, '500', 'Error performing query', '/scripts/samples/', 'details.idc', 'ODBC msadcs.dll Hole C omponent - Detected exists but DSN connection not made'); &scan($host, $port, '200', 'Error performing query', '/scripts/samples/', 'details.idc', 'ODBC msadcs.dll Hole C omponent - Detected does not exist and DSN connection not made'); &scan($host, $port, '200', 'OK', '/scripts/samples/', 'ctguestb.idc', 'ODBC msadcs.dll Hole Component - Used to prep details.idc for DSN connection'); &scan($host, $port, '500', 'Error performing query', '/scripts/samples/', 'ctguestb.idc', 'ODBC msadcs.dll - Exi sts but DSN connection not made'); } ##################### if(&fastdircheck('/cfdocs/') eq "yes") { &scan($host, $port, '200', 'OK', '/cfdocs/', 'cfmlsyntaxcheck.cfm', 'Cold Fusion Server hole'); if(&fastdircheck('/cfdocs/snippets/') eq "yes") { &scan($host, $port, '200', 'OK', '/cfdocs/snippets/', 'evaluate.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/cfdocs/snippets/', 'fileexists.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/cfdocs/snippets/', 'gettempdirectory.cfm', 'Cold Fusion Server hole') ; &scan($host, $port, '200', 'OK', '/cfdocs/snippets/', 'viewexample.cfm', 'Cold Fusion Server hole'); } if(&fastdircheck('/cfdocs/expeval/') eq "yes") { &scan($host, $port, '200', 'OK', '/cfdocs/expeval/', 'openfile.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/cfdocs/expeval/', 'exprcalc.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/cfdocs/expeval/', 'sendmail.cfm', 'Cold Fusion Server hole'); } if(&fastdircheck('/cfdocs/examples/') eq "yes") { &scan($host, $port, '200', 'OK', '/cfdocs/examples/httpclient/', 'mainframeset.cfm', 'Cold Fusion Server hole'); &scan($host, $port, '200', 'OK', '/cfdocs/examples/cvbeans/', 'beaninfo.cfm', 'Cold Fusion Server hole') ; &scan($host, $port, '200', 'OK', '/cfdocs/examples/parks/', 'detail.cfm', 'Cold Fusion Server hole'); } } } if($servertype eq "netware" or $servertype eq "netscape" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/scripts/', 'convert.bas', 'Novell Netware Remote File Reading'); } if($servertype eq "thttpd" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '//', 'etc/passwd', 'Remote File Reading'); } if($servertype eq "website" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/cgi-dos/', 'args.bat', 'Website 1.x CMD exec'); &scan($host, $port, '200', 'OK', '/cgi-dos/', 'args.cmd', 'Website 1.x CMD exec'); &scan($host, $port, '200', 'OK', '/cgi-win/', 'uploader.exe', 'Website 1.x Upload'); &scan($host, $port, '200', 'OK', '/cgi-shl/', 'win-c-sample.exe', 'Website 1.x CMD exec'); } if($servertype eq "netscape" or $servertype eq "frontpage" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/_vti_pvt/', 'users.pwd', 'VTI PVT [users.pwd]'); &scan($host, $port, '200', 'OK', '/_vti_pvt/', 'administrators.pwd', 'VTI PVT [administrators.pwd]'); &scan($host, $port, '200', 'OK', '/_vti_pvt/', 'authors.pwd', 'VTI PVT [authors.pwd]'); &scan($host, $port, '200', 'OK', '/_vti_pvt/', 'service.pwd', 'VTI PVT [service.pwd]'); &scan($host, $port, '200', 'OK', '/', '_vti_inf.html', 'VTI INF [_vti_inf.html]'); &scan($host, $port, '200', 'OK', '/_vti_bin/', 'shtml.dll', 'VTI BIN [shtml.dll]'); &scan($host, $port, '200', 'OK', '/_vti_bin/', 'shtml.exe', 'VTI BIN [shtml.exe]'); } if($servertype eq "domino" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/', 'domcfg.nsf', 'Remote Server Config'); &scan($host, $port, '200', 'OK', '/', 'domlog.nsf', 'Remote Server Logs'); &scan($host, $port, '200', 'OK', '/', 'names.nsf', 'Remote Server Config'); &scan($host, $port, '200', 'OK', '/', 'log.nsf', 'Remote Server Config'); } if($servertype eq "neowebscript" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/neowebscript/test/', 'senvironment.nhtml', 'Neowebscript Environment Hole'); &scan($host, $port, '200', 'OK', '/neowebscript/tests/', 'load_webenv.nhtml', 'Neowebscript Environment Hole'); &scan($host, $port, '200', 'OK', '/neowebscript/tests/', 'mailtest.nhtml', 'Neowebscript Mail Hole'); } if($servertype eq "machttp" or $servertype eq "webstar" or $servertype eq "homedoor" or $servertype eq "netcloak" or $servertype eq "all") { &scan($host, $port, '200', 'OK', '/', 'WebSTART%20LOG', 'Remote Logfile Reading'); } &scan($host, $port, '200', 'OK', '/', 'search97.vts', 'Any file reading'); foreach $dirtoscan (@gooddirs) { &scan($host, $port, '200', 'OK', $dirtoscan, 'phf', 'PHF Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'Count.cgi', 'Count.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'test-cgi', 'test-cgi Hole - Remote DIR Listing'); &scan($host, $port, '200', 'OK', $dirtoscan, 'php.cgi', 'php.cgi - Remote File Reading'); &scan($host, $port, '200', 'OK', $dirtoscan, 'handler', 'SGI Handler Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'webgais', 'Webgais Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'websendmail', 'Websendmail Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'webdist.cgi', 'Webdist Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'faxsurvey', 'Faxsurvey Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'htmlscript', 'htmlscript Hole - Remote File Reading'); &scan($host, $port, '200', 'OK', $dirtoscan, 'pfdisplay.cgi', 'pfdispaly.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'perl.exe', 'perl.exe Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'wwwboard.pl', 'wwwboard.pl DoS Attack'); &scan($host, $port, '200', 'OK', $dirtoscan, 'nph-test-cgi', 'nph-test-cgi Hole - Remote DIR Listing'); &scan($host, $port, '200', 'OK', $dirtoscan, 'view-source', 'view-source Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'campas', 'campas Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'aglimpse', 'aglimpse Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'man.sh', 'man.sh Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'AT-admin.cgi', 'AT-admin.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'filemail.pl', 'filemail.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'maillist.pl', 'maillist.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'jj', 'jj Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'info2www', 'info2www Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'rwwwshell.pl', 'THC - Backdoor'); &scan($host, $port, '200', 'OK', $dirtoscan, 'nph-publish', 'nph-publish Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'www-sql', 'www-sql - Remote File Viewing'); &scan($host, $port, '200', 'OK', $dirtoscan, 'files.pl', 'files.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'finger', 'Finger Hole - DoS Attack'); &scan($host, $port, '200', 'OK', $dirtoscan, 'bnbform.cgi', 'bnbform.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'survey.cgi', 'survey.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'AnyForm2', 'AnyForm2 Hole - Remote File Emailing'); &scan($host, $port, '200', 'OK', $dirtoscan, 'textcounter.pl', 'textcounter.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'classifieds.cgi', 'classifieds.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'environ.cgi', 'environ.cgi Hole - Show Environmental Vars'); &scan($host, $port, '200', 'OK', $dirtoscan, 'wrap', 'wrap Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'cgiwrap', 'cgiwrap Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'guestbook.cgi', 'guestbook.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'edit.pl', 'edit.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'perlshop.cgi', 'perlshop.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'rguest.exe', 'rguest.exe Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'whois_raw.cgi', 'whois_raw.cgi Hole - Remote Command Execution'); &scan($host, $port, '200', 'OK', $dirtoscan, 'whois.cgi', 'Remote Command Execution'); &scan($host, $port, '200', 'OK', $dirtoscan, 'day5datacopier.cgi', 'IRIX remote exec'); &scan($host, $port, '200', 'OK', $dirtoscan, 'day5datanotifier.cgi', 'IRIX remote exec'); &scan($host, $port, '200', 'OK', $dirtoscan, 'dumpenv.pl', 'Sambar environment reading'); &scan($host, $port, '200', 'OK', $dirtoscan, 'upload.pl', 'Sambar server upload exploit'); &scan($host, $port, '200', 'OK', $dirtoscan, '/session/adminlogin?RCpage=/sysadmin/index.stm', 'Sambar r00ting'); &scan($host, $port, '200', 'OK', $dirtoscan, 'flexform.cgi', 'flexform.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'flexform', 'flexform Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'LWGate.cgi', 'LWGate.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'lwgate.cgi', 'lwgate.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'download.cgi', 'download.cgi Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'nlog-smb.pl', 'nlog-smb.pl Hole'); &scan($host, $port, '200', 'OK', $dirtoscan, 'webmap.cgi', 'webmap.cgi Hole'); } } &footer(); $continuescan = "no"; } } sub header() { if($continuescan eq "yes") { $host = $expframe_host; $port = $expframe_port; $errchk = $chkbttn_aec; $idsbypass = $chkbttn_ids; if(length($expframe_port) == 0) { $statusbar = "Enter a port!"; $continuescan = "no"; } if(length($expframe_host) == 0) { $statusbar = "Enter a host to scan!"; $continuescan = "no"; } #if(length($errchk) == 0) { $errchk = 0; } #if(length($idsbypass) == 0) { $idsbypass = 0; } if($continuescan eq "yes") { $host =~ tr/+/ /; $host =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $serverIP = inet_aton($host); $serverAddr = sockaddr_in($port, $serverIP); $number = 0; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); close(CLIENT); $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - Perl/TK GUI Version ]\n"); $txtbox->insert("end", "\n-Initiating Scan on $host\:$port\n"); $txtbox->update(); } } } sub footer() { if($continuescan eq "yes") { if($number == 0) { $txtbox->insert("end", "--No Vulnerabilities Found\n\n"); } $statusbar = "Finished scanning $host on port $port. Found $number holes"; $txtbox->insert("end", "-Finished scanning $host on port $port\n\n"); $txtbox->insert("end", "[ Infinity Scanner 3.0 Beta - CGI Exploit Scanner ] Copyright 1999 Azrael, All Rights Reserved." ); $txtbox->update(); $txtbox->see("end"); } } sub pingserver() { if($continuescan eq "yes") { ($host, $port) = @_; $statusbar = "Looking up host: $host"; $statusbottom->update(); if(!gethostbyname($host)) { $statusbar = "Failed to lookup host: $host"; $continuescan = "no"; } } } sub fingerprint() { if($continuescan eq "yes") { ($host, $port) = @_; $statusbar = "Fingerprinting for Valid Extensions..."; $statusbottom->update(); @extstocheck = (".cfm", ".cgi", ".sh", ".exe", ".htr", ".pl"); foreach $extcheck (@extstocheck) { socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); connect(CLIENT, $serverAddr); send(CLIENT,"GET /sflj02wulsjdflkj203ursljf$extcheck HTTP/1.0\n\n",0); $check=; @output=; close(CLIENT); ($http,$code,$therest) = split(/ /,$check); if($code eq "200") { $txtbox->insert("end", "WARNING Results for extension ($extcheck) may be invalid"); } } $txtbox->update(); } } sub fastdircheck() { if($continuescan eq "yes") { ($fastdircheck) = @_; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); connect(CLIENT, $serverAddr); send(CLIENT,"GET $fastdircheck HTTP/1.0\n\n",0); $check=; @output=; close(CLIENT); ($http,$code,$therest) = split(/ /,$check); if($code eq "200" or $code eq "403" or $code eq "302") { $ifgotit = "yes"; } else { $ifgotit = "no" }; return($ifgotit); } } sub determinedirs () { if($continuescan eq "yes") { ($host, $port) = @_; $statusbar = "Determining Valid CGI Directories..."; $statusbottom->update(); @dirstocheck = ("/cgis/", "/cgi-bin/", "/cgi/", "/cgibin/", "/cgi-local/", "/cgilocal/", "/cgi-win/", "/cgiwin/"); foreach $dircheck (@dirstocheck) { socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); connect(CLIENT, $serverAddr); send(CLIENT,"GET $dircheck HTTP/1.0\n\n",0); $check=; @output=; close(CLIENT); ($http,$code,$therest) = split(/ /,$check); if($code eq "200" or $code eq "403" or $code eq "302") { push(@gooddirs, "$dircheck"); } } #if ($#gooddirs >= 0) { "OK

    "; } #else { print "NONE FOUND

      "; } foreach $founddir (@gooddirs) { $statusbar = "Found Directory: $founddir"; $statusbottom->update(); } } } sub determineservertype() { if($continuescan eq "yes") { ($host, $port) = @_; $statusbar = "Determining Server Type..."; $statusbottom->update(); socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); if(connect(CLIENT, $serverAddr)) { send(CLIENT,"HEAD / HTTP/1.0\n\n",0); @serveroutput=; close(CLIENT); $servertype = ""; foreach $line (@serveroutput) { if($line =~ "Server\:") { $serverresponseline = $line; if(lc($line) =~ "iis") { $servertype = "iis"; } if(lc($line) =~ "apache") { $servertype = "apache"; } if(lc($line) =~ "netscape") { $servertype = "netscape"; } if(lc($line) =~ "website") { $servertype = "website"; } if(lc($line) =~ "netware") { $servertype = "netware"; } if(lc($line) =~ "neowebscript") { $servertype = "neowebscript"; } if(lc($line) =~ "thttpd") { $servertype = "thttpd"; } if(lc($line) =~ "machttp") { $servertype = "machttp"; } if(lc($line) =~ "webstar") { $servertype = "webstar"; } if(lc($line) =~ "homedoor") { $servertype = "homedoor"; } if(lc($line) =~ "netcloak") { $servertype = "netcloak"; } if(lc($line) =~ "netpresenz") { $servertype = "netpresenz"; } if(lc($line) =~ "domino") { $servertype = "domino"; } if(lc($line) =~ "sambar") { $servertype = "sambar"; } if(lc($line) =~ "zeus") { $servertype = "zeus"; } if(lc($line) =~ "alibaba") { $servertype = "alibaba"; } if(lc($line) =~ "frontpage") { $servertype = "frontpage"; } if(lc($line) =~ "quid") { $servertype = "quid"; } if(lc($line) =~ "teamtrack") { $servertype = "teamtrack"; } if(lc($line) =~ "dwhttpd") { $servertype = "dwhttpd"; } if(lc($line) =~ "icq") { $servertype = "icq"; } if(lc($line) =~ "folkweb") { $servertype = "folkweb"; } if(lc($line) =~ "fnord") { $servertype = "fnord"; } if(lc($line) =~ "serverseven") { $servertype = "serverseven"; } if(lc($line) =~ "stronghold") { $servertype = "stronghold"; } if(lc($line) =~ "agranat-emweb") { $servertype = "agranat-emweb"; } if(lc($line) =~ "ncsa") { $servertype = "ncsa"; } if(lc($line) =~ "cern") { $servertype = "cern"; } if(lc($line) =~ "process") { $servertype = "process"; } if(lc($line) =~ "rushhour") { $servertype = "rushhour"; } if(lc($line) =~ "aolserver") { $servertype = "aolserver"; } if(lc($line) =~ "commerce-builder") { $servertype = "commerce-builder"; } if(lc($line) =~ "wn") { $servertype = "wn"; } if(lc($line) =~ "oracle") { $servertype = "oracle"; } if(lc($line) =~ "emwac") { $servertype = "emwac"; } if(lc($line) =~ "webquest") { $servertype = "webquest"; } if(lc($line) =~ "open-market-webserver") { $servertype = "open-market-webserver"; } if(lc($line) =~ "open-market-secure-webserver") { $servertype = "open-market-secure-webserver"; } if(lc($line) =~ "goserve") { $servertype = "goserve"; } if(lc($line) =~ "plexus") { $servertype = "plexus"; } if(lc($line) =~ "eit") { $servertype = "eit"; } if(lc($line) =~ "spry") { $servertype = "spry"; } if(lc($line) =~ "osu") { $servertype = "osu"; } if(lc($line) =~ "roxen") { $servertype = "roxen"; } if(lc($line) =~ "phttpd") { $servertype = "phttpd"; } if(lc($line) =~ "falcon") { $servertype = "falcon"; } if(lc($line) =~ "mathopd") { $servertype = "mathopd"; } if(lc($line) =~ "boa") { $servertype = "boa"; } if(lc($line) =~ "javawebserver") { $servertype = "javawebserver"; } if(lc($line) =~ "zbserver") { $servertype = "zbserver"; } if(lc($line) =~ "frontier") { $servertype = "frontier"; } if(lc($line) =~ "gosite") { $servertype = "gosite"; } if(lc($line) =~ "aserve") { $servertype = "aserve"; } if(lc($line) =~ "os2httpd") { $servertype = "os2httpd"; } if(lc($line) =~ "powerweb") { $servertype = "powerweb"; } if(lc($line) =~ "boulevard") { $servertype = "boulevard"; } if(lc($line) =~ "webforone") { $servertype = "webforone"; } if(lc($line) =~ "webshare") { $servertype = "webshare"; } if(lc($line) =~ "enterpriseweb") { $servertype = "enterpriseweb"; } if(lc($line) =~ "cosmos") { $servertype = "cosmos"; } if(lc($line) =~ "glaci") { $servertype = "glaci"; } if(lc($line) =~ "cl-http") { $servertype = "cl-http"; } if(lc($line) =~ "i/net") { $servertype = "i/net"; } if(lc($line) =~ "webdisk") { $servertype = "webdisk"; } if(lc($line) =~ "hyperwave") { $servertype = "hyperwave"; } if(lc($line) =~ "telefinder") { $servertype = "telefinder"; } if(lc($line) =~ "viking") { $servertype = "viking"; } if(lc($line) =~ "omnihttpd") { $servertype = "omnihttpd"; } if(lc($line) =~ "xitami") { $servertype = "xitami"; } if(lc($line) =~ "avenida") { $servertype = "avenida"; } if(lc($line) =~ "spinnaker") { $servertype = "spinnaker"; } if(lc($line) =~ "wildcat") { $servertype = "wildcat"; } if(lc($line) =~ "vqserver") { $servertype = "vqserver"; } } } if($servertype eq "") { $servertype = "all"; $statusbar = "Failed to determine server type"; $statusbottom->update();} else { $txtbox->insert("end", "-$serverresponseline\n"); $txtbox->update(); } } else { $statusbar = "Error: Unable to connect to host"; $continuescan = "no"; } } } sub scan() { if($continuescan eq "yes") { ($host, $port, $errorcode, $extratext, $thedir, $thehole, $holeinfo) = @_; socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp')); gethostbyname($host) or print "No IP address"; if(!gethostbyname($host)) { print "
      Can't Resolve DNS/IP\n"; } if(connect(CLIENT, $serverAddr)) { $thewholeenchelada = "$thedir$thehole"; $statusbar = "Checking for $thewholeenchelada..."; $statusbottom->update(); if($idsbypass == 1) { $thewholeenchelada =~ s/([-a-zA-Z0-9.])/sprintf("%%%x",ord($1))/ge; } send(CLIENT, "GET $thewholeenchelada HTTP/1.0\n\n",0); $check=; @output=; ($http,$code,$therest) = split(/ /,$check); if("$code" =~ "$errorcode" && "$therest" =~ "$extratext") { $txtbox->insert("end", "--Vulnerability Found: $holeinfo\n--Location: $thedir$thehole\n"); if($errchk == 1) { $errsfound = 0; foreach $lineof (@output) { foreach $errtochk (@errchkingarray) { if($lineof =~ $errtochk) { $txtbox->insert("end", "--Warning: Error Code \"$errtochk\" ! Results may be invalid.\n"); $errsfound++; } } } } $txtbox->insert("end", "\n"); $txtbox->see("end"); $number++; } } close (CLIENT); $txtbox->update(); } } sub dienice() { ($msg) = @_; print "\n\nError:\n$msg"; }