vb 扫描漏洞

简介:
首先创建6个TEXTBOX,2个CommandBUTTEN,1个ProgressBar,1个INET
2007-05-22 17:36

首先创建6个TEXTBOX,2个CommandBUTTEN,1个ProgressBar,1个INET
然后写如代码
Dim ch(109)
Dim a
Dim w
Private Sub Command1_Click()
On Error Resume Next
w = 0
a = 1
Dim ip As String
Dim bg(109) As String
Dim ff
n = 0
ip = Text1.Text
bg(1) = "/cgi-bin/formmail.pl"
bg(2) = "/cgi-bin/printenv"
bg(3) = "/cgi-bin/test-cgi"
bg(4) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(5) = "/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"
bg(6) = "/cgi-bin/rwwwshell.pl"
bg(7) = "/cgi-bin/phf"
bg(8) = "/cgi-bin/Count.cgi"
bg(9) = "/cgi-bin/test.cgi"
bg(10) = "/cgi-bin/nph-test-cgi"
bg(11) = "/cgi-bin/nph-publish"
bg(12) = "/cgi-bin/php.cgi"
bg(13) = "/cgi-bin/handler"
bg(14) = "/cgi-bin/webgais"
bg(15) = "/cgi-bin/websendmail"
bg(16) = "/cgi-bin/webdist.cgi"
bg(17) = "/cgi-bin/faxsurvey"
bg(18) = "/cgi-bin/htmlscript"
bg(19) = "/cgi-bin/pfdisplay.cgi"
bg(20) = "/cgi-bin/perl.exe"
bg(21) = "/cgi-bin/wwwboard.pl"
bg(22) = "/cgi-bin/www-sql"
bg(23) = "/cgi-bin/view-source"
bg(24) = "/cgi-bin/campas"
bg(25) = "/cgi-bin/aglimpse"
bg(26) = "/cgi-bin/glimpse"
bg(27) = "/cgi-bin/man.sh"
bg(28) = "/cgi-bin/AT-admin.cgi"
bg(29) = "/scripts/no-such-file.pl"
bg(30) = "/_vti_bin/shtml.dll"
bg(31) = "/_vti_inf.html"
bg(32) = "/_vti_pvt/administrators.pwd"
bg(33) = "/_vti_pvt/users.pwd"
bg(34) = "/msadc/Samples/SelectOR/showcode.asp"
bg(35) = "/scripts/iisadmin/ism.dll?http/dir"
bg(36) = "/adsamples/config/site.csc"
bg(37) = "/main.asp%81"
bg(38) = "/AdvWorks/equipment/catalog_type.asp?"
bg(39) = "/index.asp::$DATA"
bg(40) = "/cgi-bin/visadmin.exe?user=guest"
bg(41) = "/?PageServices"
bg(42) = "/ss.cfg"
bg(43) = "/cgi-bin/cachemgr.cgi"
bg(44) = "/domcfg.nsf /today.nsf"
bg(45) = "/names.nsf"
bg(46) = "/catalog.nsf"
bg(47) = "/log.nsf"
bg(48) = "/domlog.nsf"
bg(49) = "/cgi-bin/AT-generate.cgi"
bg(50) = "/secure/.wwwacl"
bg(51) = "/secure/.htaccess"
bg(52) = "/samples/search/webhits.exe"
bg(53) = "/scripts/srchadm/admin.idq"
bg(54) = "/cgi-bin/dumpenv.pl"
bg(55) = "/adminlogin?RCpage=/sysadmin/index.stm /c:/program"
bg(56) = "/ncl_items.html?SUBJECT=2097 /cgi-bin/filemail.pl /cgi-bin/maillist.pl /cgi-bin/jj"
bg(57) = "/getdrvrs.exe"
bg(58) = "/test/test.cgi"
bg(59) = "/scripts/submit.cgi"
bg(60) = "/users/scripts/submit.cgi"
bg(61) = "/cgi-bin/info2www"
bg(62) = "/cgi-bin/files.pl"
bg(63) = "/cgi-bin/finger"
bg(64) = "/cgi-bin/bnbform.cgi"
bg(65) = "/cgi-bin/survey.cgi"
bg(66) = "/cgi-bin/AnyForm2"
bg(67) = "/cgi-bin/textcounter.pl"
bg(68) = "/cgi-bin/classifieds.cgi"
bg(69) = "/cgi-bin/environ.cgi"
bg(70) = "/cgi-bin/wrap"
bg(71) = "/cgi-bin/cgiwrap"
bg(72) = "/cgi-bin/guestbook.cgi"
bg(73) = "/cgi-bin/edit.pl"
bg(74) = "/cgi-bin/perlshop.cgi"
bg(75) = "/_vti_inf.html"
bg(76) = "/_vti_pvt/service.pwd"
bg(77) = "/_vti_pvt/users.pwd"
bg(78) = "/_vti_pvt/authors.pwd"
bg(79) = "/_vti_pvt/administrators.pwd"
bg(80) = "/cgi-win/uploader.exe"
bg(81) = "/iisadmpwd/achg.htr"
bg(82) = "/iisadmpwd/aexp.htr"
bg(83) = "/iisadmpwd/aexp2.htr"
bg(84) = "/cfdocs/expeval/openfile.cfm"
bg(85) = "/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:WINNTrepairsam._"
bg(86) = "/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:WINNTrepairsam._"
bg(87) = "/CFIDE/Administrator/startstop.html"
bg(88) = "/cgi-bin/wwwboard.pl"
bg(89) = "/_vti_pvt/shtml.dll"
bg(90) = "/_vti_pvt/shtml.exe"
bg(91) = "/cgi-dos/args.bat"
bg(92) = "/cgi-win/uploader.exe"
bg(93) = "/cgi-bin/rguest.exe"
bg(94) = "/cgi-bin/wguest.exe"
bg(95) = "/scripts/issadmin/bdir.htr"
bg(96) = "/scripts/CGImail.exe"
bg(97) = "/scripts/tools/newdsn.exe"
bg(98) = "/scripts/fpcount.exe"
bg(99) = "/cfdocs/expelval/openfile.cfm"
bg(100) = "/cfdocs/expelval/exprcalc.cfm"
bg(101) = "/cfdocs/expelval/displayopenedfile.cfm"
bg(102) = "/cfdocs/expelval/sendmail.cfm"
bg(103) = "/iissamples/exair/howitworks/codebrws.asp"
bg(104) = "/iissamples/sdk/asp/docs/codebrws.asp"
bg(105) = "/msads/Samples/SelectOR/showcode.asp"
bg(106) = "/search97.vts"
bg(107) = "/carbo.dll"
bg(108) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(109) = "/doc"
Txtinfo.Text = ""
Txtinfo.Text = "扫描器正在准备..."
Dim h, h2
Inet1.Cancel
Inet1.URL = ""
Inet1.OpenURL "http://" & ip, 1
h = Inet1.GetHeader("server")
Text2.Text = h
Txtinfo.Text = Txtinfo.Text + vbCrLf & vbCrLf & "正在扫描 [" & ip & "]" & vbCrLf & vbCrLf
For i = 1 To 109
h = ""
Inet1.URL = ""
Inet1.OpenURL ip & bg(i), 1
Text4.Text = i
ProgressBar1 = ProgressBar1 + 1
h = Inet1.GetHeader
h2 = Split(h, vbCrLf)
If h2(0) = "HTTP/1.1 200 OK" Then
Txtinfo.Text = Txtinfo.Text + "发现漏洞!            "
n = n + 1
ch(n) = Inet1.URL & vbCrLf & vbCrLf
w = w + 1
Text3.Text = w
End If
Next i
Txtinfo.Text = Txtinfo.Text + "扫描完成" & vbCrLf & vbCrLf
Text5.Text = ch(1)
End Sub

Private Sub Command2_Click()
End
End Sub

Private Sub Command3_Click()
If a <= 1 Then MsgBox "到顶了!", , "错误"
If a <= 1 Then GoTo 10
a = a - 1
Text5.Text = ch(a)
10 End Sub

Private Sub Command4_Click()
If a >= w Then MsgBox "到底了!", , "错误"
If a >= w Then GoTo 10
a = a + 1
Text5.Text = ch(a)
10 End Sub

Private Sub Form_Load()
ProgressBar1 = 109
End SUB
这个程序可以扫描109个漏洞,比较实用。

本文转自 bilinyee博客,原文链接: http://blog.51cto.com/215363/937033       如需转载请自行联系原作者      


相关文章
|
7月前
|
安全 Shell Windows
Metasploit -- CVE-2019-0708漏洞检测及利用
Metasploit -- CVE-2019-0708漏洞检测及利用
114 0
|
Java 数据安全/隐私保护 Windows
绕过一切扫描,加强版CS发布
绕过一切扫描,加强版CS发布
|
SQL JSON 缓存
XSS 基础入门二 XSpear:XSS 安全漏洞自动扫描工具
你还在手动测试网站 XSS 安全漏洞检查吗?那么麻烦,又不一定全面解决,为了你的产品,为了在公司摸点鱼,不如尝试一下 XSS 自动扫描工具,为你的产品、工作保驾护航,减低你的工作压力,一起来试试吧!
773 0
XSS 基础入门二 XSpear:XSS 安全漏洞自动扫描工具
|
安全 Windows
Microsoft Windows MHTML脚本代码注入漏洞 (MS11-026) (CVE-2011-0096)
Microsoft Windows MHTML脚本代码注入漏洞 (MS11-026) (CVE-2011-0096)
1175 0
Microsoft Windows MHTML脚本代码注入漏洞 (MS11-026) (CVE-2011-0096)
|
安全 Oracle 前端开发
(CVE-2018-2894)Weblogic任意文件上传漏洞复现 文末附演示视频
(CVE-2018-2894)Weblogic任意文件上传漏洞复现 文末附演示视频
300 0
|
SQL 开发框架 安全
74cms 6.0.20版本文件包含漏洞复现
74cms 6.0.20版本文件包含漏洞复现
368 0
|
供应链 安全 IDE
RCE(任意代码执行)漏洞(CVE-2022-23205……)
RCE(任意代码执行)漏洞(CVE-2022-23205……)
|
移动开发 安全 关系型数据库
Weblogic任意文件上传漏洞(CVE-2018-2894)复现
Weblogic任意文件上传漏洞(CVE-2018-2894)复现 漏洞背景 WebLogic管理端未授权的两个页面存在任意上传getshell漏洞,可直接获取权限。
3545 0
|
安全 Linux Python
W13Scan 漏洞扫描器之XSS插件模块编写示例
上周将W13Scan目录结构整理了一番,觉得要深入研究还得从代码层,于是尝试编写一下插件;框架本身已经集成了XSS扫描插件;本篇文章的XSS插件的编写单纯是为了学习这个框架,所以只支持GET型,了解插件的编写方法和原理即可。
379 0
W13Scan 漏洞扫描器之XSS插件模块编写示例
|
SQL 安全 关系型数据库
ecshop 全系列版本通杀漏洞 远程代码执行sql注入漏洞
ecshop漏洞于2018年9月12日被某安全组织披露爆出,该漏洞受影响范围较广,ecshop2.73版本以及目前最新的3.0、3.6、4.0版本都受此次ecshop漏洞的影响,主要漏洞是利用远程代码执行sql注入语句漏洞,导致可以插入sql查询代码以及写入代码到网站服务器里,严重的可以直接获取服务器的管理员权限,甚至有些网站使用的是虚拟主机,可以直接获取网站ftp的权限,该漏洞POC已公开,使用简单,目前很多商城网站都被攻击,危害较大,针对于此我们SINE安全对该ECSHOP漏洞的详情以及如何修复网站的漏洞,及如何部署网站安全等方面进行详细的解读。
539 0
ecshop 全系列版本通杀漏洞 远程代码执行sql注入漏洞