Web Scanner - command line web scanner

webscanner.sourceforge.net

May 20, 2013

About
Author
Download
Example
FAQ
Related Info
Usage

Current Page

webscanner - A command line web content scanner that searches web servers for default and potentially vulnerable web pages.

Description:	Web Scanner is a Perl or Java based command line tool to scan web server for known web pages to look for potentialy vulnerable web content. The scan options allow users to scan both HTTP and HTTPS web server on their default ports (80 and 443, only). Also Web scanner can return the size (-z) of the response from the GET command. This can allow users to determine if a webpage is there even when the web server administrator uses defined pages for 404 found pages.
Version 1.3 Usage:	./webscanner.pl -h hostname [-c checkfile] [-s] [-v] -h specify host to scan -c specify checklist file to use -o specify an output file -s use https instead of http -v verbose mode print 404 messages -z prints out length of 200 messages -d specify a delay time Version: 1.3
Version 2.0 Usage:	java WebScanner -h hostname [-c checkfile] [-s] [-v] -h specify host to scan -c specify checklist file to use -o specify an output file -s use https instead of http -v verbose mode print 404 messages -z prints out length of 200 messages -d specify a delay time Version: 2.0
Example:	$ /usr/local/bin/webscanner.pl -h 192.168.1.10 Scanning http://192.168.1.10/ with /usr/local/lib/webscanner/checks.dat Server Info: HTTP/1.1 200 OK Connection: close Date: Tue, 01 Jul 2003 17:40:20 GMT Accept-Ranges: bytes ETag: "5e506-99-3ce188ab" Server: Apache/1.3.23 (Unix) PHP/4.1.1 mod_ssl/2.8.5 OpenSSL/0.9.6c Content-Length: 153 Content-Type: text/html Last-Modified: Tue, 14 May 2002 21:59:07 GMT Client-Date: Tue, 01 Jul 2003 17:40:21 GMT Client-Response-Num: 1 Checking... http://192.168.1.10/ - 200 - Found file http://192.168.1.10/./.. - 400 - Bad Request http://192.168.1.10/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/boot.ini - 400 - Bad Request http://192.168.1.10/admin/ - 401 - Authorization Required http://192.168.1.10/admin/accounts.asp - 401 - Authorization Required http://192.168.1.10/admin/add_category.asp - 401 - Authorization Required http://192.168.1.10/../../../../../../../../boot.ini - 400 - Bad Request http://192.168.1.10/.html/............../config.sys - 403 - Permission Denied http://192.168.1.10/.htpasswd - 403 - Permission Denied http://192.168.1.10/images - 403 - Permission Denied http://192.168.1.10/images/ - 403 - Permission Denied http://192.168.1.10/images/../../../mssql/customer.database - 400 - Bad Request http://192.168.1.10/index.html - 200 - Found file http://192.168.1.10/index.php - 200 - Found file http://192.168.1.10/manual/ - 200 - Found file http://192.168.1.10/?PageServices - 200 - Found file http://192.168.1.10/../../passwd - 400 - Bad Request http://192.168.1.10/protected/ - 401 - Authorization Required http://192.168.1.10/~root - 403 - Permission Denied http://192.168.1.10/~root/etc/passwd - 403 - Permission Denied http://192.168.1.10/scripts/../../cmd.exe - 400 - Bad Request http://192.168.1.10/scripts/../../cmd.exe/?%2FC+any_command - 400 - Bad Request http://192.168.1.10/scripts/../../cmd.exe?%2FC+echo+\"hacked!\">c:\\hello.bat - 400 - Bad Request http://192.168.1.10/scripts/../../cmd.exe/?%2FC+echo+"hello,+World" - 400 - Bad Request http://192.168.1.10/../../shadow - 400 - Bad Request http://192.168.1.10/stats - 200 - Found file http://192.168.1.10/stats/ - 200 - Found file http://192.168.1.10/test/ - 403 - Permission Denied http://192.168.1.10/../../../../../winnt/repair/sam._ - 400 - Bad Request http://192.168.1.10/../../winnt/win.ini - 400 - Bad Request Summary Total Checks: 1423 Return Code 200: 16 Hits Return Code 401: 20 Hits Return Code 403: 9 Hits Return Code 404: 1353 Hits Return Code Other: 0 Hits
Download	Download from Sourceforge.net
Requried Packages	This program requries the following perl modules to be installed: Crypt-SSLeay-0.25 URI-1.12 Digest-MD5-2.13 HTML-Parser 3.25 libwww-perl 5.53 MIME-Base64-2.12 openssl-0.9.6 (requried for HTTPS connection attempts)
Author	Jeremiah Sahlberg [jjds@users.sourceforge.net]