VoidEye

329 kb VoidEYE CGI Scanner 0.4b4 by Duke
Freeware
Quickly locate vulnerable scripts on a webserver from list or ip range.

Screenshot

Usage

 The archive contains file 'servers.dat'. Open it in any text editor
and  fill it with  server list, in format "http://www.yourhost.dom" 
per each line.
 Then  launch  the voideye.exe and press 'scan' button. The window 
will appear and you will see there the  results  of the scanning.
 If here appears line containing '200 OK' then it means: corresponding
script's found and maybe httpd is vulnerable to some kind of attack.



182 CGI holes


REPORT (real example)


--[VoidEYE 2000]----[Scan results]--
[8:51:47]--[Started scanning http://host
[8:51:54]--[http://host/cgi-bin/php-cgi - Not Found (404)]
[8:51:55]--[http://host/cgi-bin/test.bat - Not Found (404)]
[8:51:56]--[http://host/cgi-bin/input.bat - Not Found (404)]
[8:51:57]--[http://host/cgi-bin/input2.bat - Not Found (404)]
[8:51:58]--[http://host/ssi/envout.bat - Not Found (404)]
[8:51:59]--[http://host/cgi-bin/handler - Not Found (404)]
[8:52:08]--[http://host/cgi-bin/test-cgi - FOUND (200 OK)
[8:52:09]--[http://host/cgi-bin/nph-test-cgi - FOUND (200 OK)
[8:52:10]--[http://host/cgi-bin/phf - FOUND (200 OK)
[8:52:11]--[http://host/cgi-bin/phf.pp - FOUND (200 OK)
[8:52:12]--[http://host/cgi-bin/phf.cgi - FOUND (200 OK)
[8:52:13]--[http://host/cgi-bin/websendmail - FOUND (200 OK)
[8:52:14]--[http://host/cgi-bin/environ.cgi - FOUND (200 OK)
[8:52:15]--[http://host/cgi-bin/php.cgi - FOUND (200 OK)
[8:52:24]--[http://host/cgi-bin/php - FOUND (200 OK)
[8:52:25]--[http://host/cgi-bin/perl.exe - FOUND (200 OK)
[8:52:27]--[http://host/cgi-bin/wwwboard.pl - FOUND (200 OK)
[8:52:28]--[http://host/cgi-bin/www-sql - FOUND (200 OK)
[8:52:29]--[http://host/cgi-bin/view-source - FOUND (200 OK)
[8:52:30]--[http://host/cgi-bin/AT-admin.cgi - FOUND (200 OK)
[8:52:31]--[http://host/cgi-bin/wwwadmin.pl - FOUND (200 OK)
[8:52:32]--[http://host/cgi-bin/formmail.pl - FOUND (200 OK)
[8:52:33]--[http://host/cgi-bin/sendform.cgi - FOUND (200 OK)
[8:52:34]--[http://host/cgi-bin/maillist.pl - FOUND (200 OK)
[8:52:35]--[http://host/iisadmpwd/achg.htr - FOUND (200 OK)
[8:52:36]--[http://host/iisadmpwd/aexp.htr - FOUND (200 OK)
[8:52:37]--[http://host/iisadmpwd/aexp2.htr - FOUND (200 OK)
[8:52:38]--[http://host/iisadmpwd/aexp2b.htr - FOUND (200 OK)
[8:52:39]--[http://host/iisadmpwd/aexp3.htr - FOUND (200 OK)
[8:52:40]--[http://host/iisadmpwd/aexp4.htr - FOUND (200 OK)
[8:52:41]--[http://host/iisadmpwd/aexp4b.htr - FOUND (200 OK)
[8:52:42]--[http://host/iisadmpwd/anot.htr - FOUND (200 OK)
[8:52:43]--[http://host/iisadmpwd/anot3.htr - FOUND (200 OK)
[8:52:44]--[http://host/msadc/Samples/SELECTOR/showcode.asp - FOUND (200 OK)
[8:52:46]--[http://host/_AuthChangeUrl? - FOUND (200 OK)
[8:52:47]--[http://host/_AuthChangeUrl? - FOUND (200 OK)
[8:52:48]--[http://host/....../autoexec.bat - FOUND (200 OK)
[8:52:49]--[http://host/_AuthChangeUrl? - FOUND (200 OK)
[8:52:50]--[http://host/scripts/fpcount.exe - FOUND (200 OK)
[8:52:51]--[http://host/scripts/cgimail.exe - FOUND (200 OK)
[8:52:52]--[http://host/scripts/tools/newdsn.exe - FOUND (200 OK)
[8:52:53]--[http://host/scripts/tools/getdrvs.exe - FOUND (200 OK)
[8:52:54]--[http://host/cgi-bin/bnbform.cgi - FOUND (200 OK)
[8:52:56]--[http://host/cgi-bin/survey.cgi - FOUND (200 OK)
[8:52:57]--[http://host/domcfg.nsf/?open - FOUND (200 OK)
[8:52:58]--[http://host/cgi-bin/count.cgi - FOUND (200 OK)
[8:52:59]--[http://host/cgi-bin/guestbook.cgi - FOUND (200 OK)
[8:53:00]--[http://host/cgi-bin/aglimpse - FOUND (200 OK)
[8:53:01]--[http://host/cgi-bin/finger?@localhost - FOUND (200 OK)
[8:53:02]--[http://host/cgi-bin/jj - FOUND (200 OK)
[8:53:03]--[http://host/cgi-bin/man.sh - FOUND (200 OK)
[8:53:05]--[http://host/cgi-bin/webdist.cgi - FOUND (200 OK)
[8:53:06]--[http://host/cgi-bin/wrap.cgi - FOUND (200 OK)
[8:53:07]--[http://host/cgi-bin/handler.cgi - FOUND (200 OK)
[8:53:08]--[http://host/cgi-bin/day5datacopier.cgi - FOUND (200 OK)
[8:53:09]--[http://host/cgi-bin/day5datanotifier.cgi - FOUND (200 OK)
[8:53:10]--[http://host/cgi-bin/pfdisplay.cgi - FOUND (200 OK)
[8:53:11]--[http://host/perl/files.pl - FOUND (200 OK)
[8:53:12]--[http://host/scripts/convert.bas - FOUND (200 OK)
[8:53:13]--[http://host/cgi-bin/dumpenv.pl - FOUND (200 OK)
[8:53:14]--[http://host/cgi-bin/upload.pl - FOUND (200 OK)
[8:53:16]--[http://host/session/adminlogin?RCpage=/sysadmin/index.stm - FOUND (200 OK)
[8:53:25]--[http://host/cgi-bin/campas - FOUND (200 OK)
[8:53:26]--[http://host/cgi-bin/textcounter.pl - FOUND (200 OK)
[8:53:27]--[http://host/cgi-bin/view-source - FOUND (200 OK)
[8:53:28]--[http://host/cgi-bin/webgais - FOUND (200 OK)
[8:53:29]--[http://host/cgi-bin/htmlscript - FOUND (200 OK)
[8:53:30]--[http://host/cgi-win/uploader.exe - FOUND (200 OK)
[8:53:32]--[http://host/cgi-win/uploader.exe - FOUND (200 OK)
[8:53:33]--[http://host/cgi-dos/args.cmd - FOUND (200 OK)
[8:53:34]--[http://host/cgi-dos/args.bat - FOUND (200 OK)
[8:53:35]--[http://host/cgi-bin/nph-publish - FOUND (200 OK)
[8:53:36]--[http://host/cgi-bin/faxsurvey - FOUND (200 OK)
[8:53:37]--[http://host/~root - FOUND (200 OK)
[8:53:38]--[http://host/_vti_pvt/users.pwd - FOUND (200 OK)
[8:53:40]--[http://host/_vti_pvt/administrators.pwd - FOUND (200 OK)
[8:53:41]--[http://host/_vti_pvt/shtml.dll - FOUND (200 OK)
[8:53:42]--[http://host/_vti_pvt/shtml.exe - FOUND (200 OK)
[8:53:44]--[http://host/__vti_inf.html - FOUND (200 OK)
[8:53:45]--[http://host/cfdocs/expelval/openfile.cfm - FOUND (200 OK)
[8:53:46]--[http://host/cfdocs/expelval/exprcalc.cfm - FOUND (200 OK)
[8:53:47]--[http://host/cfdocs/expelval/displayopenedfile.cfm - FOUND (200 OK)
[8:53:48]--[http://host/cfdocs/expelval/sendmail.cfm - FOUND (200 OK)
[8:53:49]--[http://host/search97.vts - FOUND (200 OK)
[8:53:55]--[http://host/?PageServices - FOUND (200 OK)
[8:53:56]--[http://host/AdvWorks/equipment/catalog_type.asp - FOUND (200 OK)
[8:53:57]--[http://host/ASPSamp/AdvWorks/equipment/catalog_type.asp - FOUND (200 OK)
[8:53:58]--[http://host/cgi-bin/unlg1.1 - FOUND (200 OK)
[8:53:59]--[http://host/cgi-bin/filemail.pl - FOUND (200 OK)
[8:54:00]--[http://host/cgi-bin/info2www - FOUND (200 OK)
[8:54:01]--[http://host/cgi-bin/finger - FOUND (200 OK)
[8:54:02]--[http://host/cgi-bin/AnyForm2 - FOUND (200 OK)
[8:54:03]--[http://host/cgi-bin/classifieds.cgi - FOUND (200 OK)
[8:54:05]--[http://host/carbo.dll - FOUND (200 OK)
[8:54:06]--[http://host/cgi-bin/fpexplore.exe - FOUND (200 OK)
[8:54:07]--[http://host/cgi-bin/whois_raw.cgi - FOUND (200 OK)
[8:54:08]--[http://host/scripts/counter.exe - FOUND (200 OK)
[8:54:09]--[http://host/adsamples/config/site.csc - FOUND (200 OK)
[8:54:10]--[http://host/cgi-bin/responder.cgi - FOUND (200 OK)
[8:54:11]--[http://host/cgi-bin/wguest.exe - FOUND (200 OK)
[8:54:13]--[http://host/cgi-bin/rguest.exe - FOUND (200 OK)
[8:54:14]--[http://host/scripts/no-such-file.pl - FOUND (200 OK)
[8:54:15]--[http://host/scripts/iisadmin/ism.dll?http/dir - FOUND (200 OK)
[8:54:16]--[http://host/samples/search/queryhit.htm - FOUND (200 OK)
[8:54:17]--[http://host/scripts/samples/search/webhits.exe - FOUND (200 OK)
[8:54:18]--[http://host/domcfg.nsf/?open - FOUND (200 OK)
[8:54:19]--[http://host/cgi-shl/win-c-sample.exe - FOUND (200 OK)
[8:54:20]--[http://host/default.asp::$DATA - FOUND (200 OK)
[8:54:21]--[http://host/server%20logfile - FOUND (200 OK)
[8:54:23]--[http://host/cgi-bin/tigvote.cgi - FOUND (200 OK)
[8:54:24]--[http://host/cgi-bin/webutils.pl - FOUND (200 OK)
[8:54:25]--[http://host/blabla.idc - FOUND (200 OK)
[8:54:26]--[http://host/blabla.idq - FOUND (200 OK)
[8:54:27]--[http://host/blabla.ida - FOUND (200 OK)
[8:54:28]--[http://host/blabla.idw - FOUND (200 OK)
[8:54:29]--[http://host/msadc/msadcs.dll - FOUND (200 OK)
[8:54:30]--[http://host/blabla.idc - FOUND (200 OK)
[8:54:31]--[http://host/default.asp - FOUND (200 OK)
[8:54:33]--[http://host/samples/ - FOUND (200 OK)
[8:54:33]--[scan from list task complete
Hosted by www.Geocities.ws