[23821] in bugtraq
Automated remote CGI vulnerability discovery
daemon@ATHENA.MIT.EDU (Samy Kamkar)
Fri Jan 11 18:26:52 2002
Message-ID: <3C3E89E7.60904@LucidX.com>
Date: Thu, 10 Jan 2002 22:44:55 -0800
From: Samy Kamkar <SKamkar@LucidX.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
I would like to present screamingCobra to you all, originally developed
at Caezar's Challenge V (originally named crawl5b).
screamingCobra was developed to do "automated remote vulnerability
discovery without source code to the application."
Basically, it recursively crawls a site (without requiring the user to
do ANY legwork at all), without leaving that site or going over links it
has already gone to, and looks for anything that looks like it's able to
accept arguements such as CGIs, forms, etc.. It then attempts to access
/etc/passwd on the system by common CGI bugs that even the most well
known sites on the net are usually vulnerable to. It can be extended to
attempt to execute an application on the remote system, as well. It
uses a number of techniques to do these. If it succeeds, it returns the
URL that was accessed and you can quickly see the problem and patch the bug.
You can find it at http://cobra.LucidX.com or version 1.02 directly at
http://cobra.LucidX.com/CURRENT.tar.gz
Originally developed for NIX machines, this new version is compatible
with any OS that has Perl installed.
Also included is a Win32 binary for Windows users that do not have Perl.
I hope this can be of use to some of you as it has been to many
administrators and other users generally interested in network security.
Please contact me if you have any questions or comments!
--
Samy Kamkar -- (877) 898-1424 -- cp5@LucidX.com
LucidX.com / LA.pm.org / pdump.org / code.LucidX.com
