⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 nikto_passfiles.plugin

📁 一个用perl写的功能强大的cgi漏洞检测程序
💻 PLUGIN
字号:
🔍 
#VERSION,1.02#LASTMOD,05.27.2003# Password file checks# This software is distributed under the terms of the GPL, which should have been received# with a copy of this software in the "LICENSE.txt" file.# this checks for random password filessub nikto_passfiles{ if ($CLI{mutate} !~ /2/) { return; }  my @DIRS=qw(/ /admin/ /clients/ /pass/ /password/ /passwords/ /store/ /users/ /access/ /members/ /private/ /ccbill/ /dmr/ /mastergate/ /dmr/ /epoch/ /netbilling/ /webcash/ /wwwjoin/ /etc/security/); # if we got anything from the robots.txt check...  my @t=split(/ /,$CONFIG{PASSWORDDIRS});  foreach my $d (@t)   {    my $skip=0;   for (my $i=0;$i<=$#DIRS;$i++) { if ($DIRS[$i] eq $d) { $skip=1; last; } }  # already have it   if (!$skip) { push(@DIRS,$d); }  }     my @FILES=qw(admins clients pass password passwords passwd passwd.adjunct store users .htpasswd .passwd); my @EXTS=qw(asp dat data dbc dbf exe htm html htx ini lst txt xml php php3 phtml);  my $FINAL=(); my $mctr=0;  foreach $dir ( @DIRS ) {   foreach $file ( @FILES )  {   foreach $ext ( @EXTS )    {     my $f="$file\.$ext";     $f=LW::utils_normalize_uri($f);     $mctr++;     $ITEMCOUNT++;     $FILES{$ITEMCOUNT}="$dir$f";     $INFOS{$ITEMCOUNT}="Found via password test mutate.";     $RESPS{$ITEMCOUNT}=200;     $METHD{$ITEMCOUNT}="GET";          # w/o file extension:     my $f2="$file";     $f=LW::utils_normalize_uri($f);     $mctr++;     $ITEMCOUNT++;     $FILES{$ITEMCOUNT}="$dir$f2";     $INFOS{$ITEMCOUNT}="Found via password test mutate.";     $RESPS{$ITEMCOUNT}=200;     $METHD{$ITEMCOUNT}="GET";     foreach my $cgi (@CGIDIRS) {      $mctr++;      $ITEMCOUNT++;      $FILES{$ITEMCOUNT}=LW::utils_normalize_uri("$cgi$dir$f");      $INFOS{$ITEMCOUNT}="Found via password test mutate.";      $RESPS{$ITEMCOUNT}=200;      $METHD{$ITEMCOUNT}="GET";      # w/o file extension      $mctr++;      $ITEMCOUNT++;      $FILES{$ITEMCOUNT}=LW::utils_normalize_uri("$cgi$dir$f2");      $INFOS{$ITEMCOUNT}="Found via password test mutate.";      $RESPS{$ITEMCOUNT}=200;      $METHD{$ITEMCOUNT}="GET";       }    }  } }nprint("- $mctr password file checks loaded","v");}1;

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -