vb 扫描漏洞

简介:
首先创建6个TEXTBOX,2个CommandBUTTEN,1个ProgressBar,1个INET
2007-05-22 17:36
首先创建6个TEXTBOX,2个CommandBUTTEN,1个ProgressBar,1个INET
然后写如代码
Dim ch(109)
Dim a
Dim w
Private Sub Command1_Click()
On Error Resume Next
w = 0
a = 1
Dim ip As String
Dim bg(109) As String
Dim ff
n = 0
ip = Text1.Text
bg(1) = "/cgi-bin/formmail.pl"
bg(2) = "/cgi-bin/printenv"
bg(3) = "/cgi-bin/test-cgi"
bg(4) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(5) = "/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd"
bg(6) = "/cgi-bin/rwwwshell.pl"
bg(7) = "/cgi-bin/phf"
bg(8) = "/cgi-bin/Count.cgi"
bg(9) = "/cgi-bin/test.cgi"
bg(10) = "/cgi-bin/nph-test-cgi"
bg(11) = "/cgi-bin/nph-publish"
bg(12) = "/cgi-bin/php.cgi"
bg(13) = "/cgi-bin/handler"
bg(14) = "/cgi-bin/webgais"
bg(15) = "/cgi-bin/websendmail"
bg(16) = "/cgi-bin/webdist.cgi"
bg(17) = "/cgi-bin/faxsurvey"
bg(18) = "/cgi-bin/htmlscript"
bg(19) = "/cgi-bin/pfdisplay.cgi"
bg(20) = "/cgi-bin/perl.exe"
bg(21) = "/cgi-bin/wwwboard.pl"
bg(22) = "/cgi-bin/www-sql"
bg(23) = "/cgi-bin/view-source"
bg(24) = "/cgi-bin/campas"
bg(25) = "/cgi-bin/aglimpse"
bg(26) = "/cgi-bin/glimpse"
bg(27) = "/cgi-bin/man.sh"
bg(28) = "/cgi-bin/AT-admin.cgi"
bg(29) = "/scripts/no-such-file.pl"
bg(30) = "/_vti_bin/shtml.dll"
bg(31) = "/_vti_inf.html"
bg(32) = "/_vti_pvt/administrators.pwd"
bg(33) = "/_vti_pvt/users.pwd"
bg(34) = "/msadc/Samples/SelectOR/showcode.asp"
bg(35) = "/scripts/iisadmin/ism.dll?http/dir"
bg(36) = "/adsamples/config/site.csc"
bg(37) = "/main.asp%81"
bg(38) = "/AdvWorks/equipment/catalog_type.asp?"
bg(39) = "/index.asp::$DATA"
bg(40) = "/cgi-bin/visadmin.exe?user=guest"
bg(41) = "/?PageServices"
bg(42) = "/ss.cfg"
bg(43) = "/cgi-bin/cachemgr.cgi"
bg(44) = "/domcfg.nsf /today.nsf"
bg(45) = "/names.nsf"
bg(46) = "/catalog.nsf"
bg(47) = "/log.nsf"
bg(48) = "/domlog.nsf"
bg(49) = "/cgi-bin/AT-generate.cgi"
bg(50) = "/secure/.wwwacl"
bg(51) = "/secure/.htaccess"
bg(52) = "/samples/search/webhits.exe"
bg(53) = "/scripts/srchadm/admin.idq"
bg(54) = "/cgi-bin/dumpenv.pl"
bg(55) = "/adminlogin?RCpage=/sysadmin/index.stm /c:/program"
bg(56) = "/ncl_items.html?SUBJECT=2097 /cgi-bin/filemail.pl /cgi-bin/maillist.pl /cgi-bin/jj"
bg(57) = "/getdrvrs.exe"
bg(58) = "/test/test.cgi"
bg(59) = "/scripts/submit.cgi"
bg(60) = "/users/scripts/submit.cgi"
bg(61) = "/cgi-bin/info2www"
bg(62) = "/cgi-bin/files.pl"
bg(63) = "/cgi-bin/finger"
bg(64) = "/cgi-bin/bnbform.cgi"
bg(65) = "/cgi-bin/survey.cgi"
bg(66) = "/cgi-bin/AnyForm2"
bg(67) = "/cgi-bin/textcounter.pl"
bg(68) = "/cgi-bin/classifieds.cgi"
bg(69) = "/cgi-bin/environ.cgi"
bg(70) = "/cgi-bin/wrap"
bg(71) = "/cgi-bin/cgiwrap"
bg(72) = "/cgi-bin/guestbook.cgi"
bg(73) = "/cgi-bin/edit.pl"
bg(74) = "/cgi-bin/perlshop.cgi"
bg(75) = "/_vti_inf.html"
bg(76) = "/_vti_pvt/service.pwd"
bg(77) = "/_vti_pvt/users.pwd"
bg(78) = "/_vti_pvt/authors.pwd"
bg(79) = "/_vti_pvt/administrators.pwd"
bg(80) = "/cgi-win/uploader.exe"
bg(81) = "/iisadmpwd/achg.htr"
bg(82) = "/iisadmpwd/aexp.htr"
bg(83) = "/iisadmpwd/aexp2.htr"
bg(84) = "/cfdocs/expeval/openfile.cfm"
bg(85) = "/GetFile.cfm?FT=Text&FST=Plain&FilePath=C:WINNTrepairsam._"
bg(86) = "/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:WINNTrepairsam._"
bg(87) = "/CFIDE/Administrator/startstop.html"
bg(88) = "/cgi-bin/wwwboard.pl"
bg(89) = "/_vti_pvt/shtml.dll"
bg(90) = "/_vti_pvt/shtml.exe"
bg(91) = "/cgi-dos/args.bat"
bg(92) = "/cgi-win/uploader.exe"
bg(93) = "/cgi-bin/rguest.exe"
bg(94) = "/cgi-bin/wguest.exe"
bg(95) = "/scripts/issadmin/bdir.htr"
bg(96) = "/scripts/CGImail.exe"
bg(97) = "/scripts/tools/newdsn.exe"
bg(98) = "/scripts/fpcount.exe"
bg(99) = "/cfdocs/expelval/openfile.cfm"
bg(100) = "/cfdocs/expelval/exprcalc.cfm"
bg(101) = "/cfdocs/expelval/displayopenedfile.cfm"
bg(102) = "/cfdocs/expelval/sendmail.cfm"
bg(103) = "/iissamples/exair/howitworks/codebrws.asp"
bg(104) = "/iissamples/sdk/asp/docs/codebrws.asp"
bg(105) = "/msads/Samples/SelectOR/showcode.asp"
bg(106) = "/search97.vts"
bg(107) = "/carbo.dll"
bg(108) = "/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd"
bg(109) = "/doc"
Txtinfo.Text = ""
Txtinfo.Text = "扫描器正在准备..."
Dim h, h2
Inet1.Cancel
Inet1.URL = ""
Inet1.OpenURL "http://" & ip, 1
h = Inet1.GetHeader("server")
Text2.Text = h
Txtinfo.Text = Txtinfo.Text + vbCrLf & vbCrLf & "正在扫描 [" & ip & "]" & vbCrLf & vbCrLf
For i = 1 To 109
h = ""
Inet1.URL = ""
Inet1.OpenURL ip & bg(i), 1
Text4.Text = i
ProgressBar1 = ProgressBar1 + 1
h = Inet1.GetHeader
h2 = Split(h, vbCrLf)
If h2(0) = "HTTP/1.1 200 OK" Then
Txtinfo.Text = Txtinfo.Text + "发现漏洞!            "
n = n + 1
ch(n) = Inet1.URL & vbCrLf & vbCrLf
w = w + 1
Text3.Text = w
End If
Next i
Txtinfo.Text = Txtinfo.Text + "扫描完成" & vbCrLf & vbCrLf
Text5.Text = ch(1)
End Sub

Private Sub Command2_Click()
End
End Sub

Private Sub Command3_Click()
If a <= 1 Then MsgBox "到顶了!", , "错误"
If a <= 1 Then GoTo 10
a = a - 1
Text5.Text = ch(a)
10 End Sub

Private Sub Command4_Click()
If a >= w Then MsgBox "到底了!", , "错误"
If a >= w Then GoTo 10
a = a + 1
Text5.Text = ch(a)
10 End Sub

Private Sub Form_Load()
ProgressBar1 = 109
End SUB
这个程序可以扫描109个漏洞,比较实用。


本文转自9pc9com博客,原文链接:   http://blog.51cto.com/215363/937033     如需转载请自行联系原作者
相关文章
|
XML 安全 数据库
【sqli靶场】第四关和第五关通关思路
【sqli靶场】第四关和第五关通关思路
257 0
|
前端开发 JavaScript 数据可视化
最棒的 7 个 Laravel admin 后台管理系统推荐
Laravel 已经凭借自己的易用性及低门槛成为 github 上 stars 第一的 PHP 框架,本文将介绍我精心为大家挑选出来的 Laravel admin 后台管理系统,从抽象程度最低(灵活但代码量大)到抽象程度最高(代码量小但不灵活)来帮助大家选择合适自己的 Laravel admin 后台管理系统。
3325 0
|
NoSQL 安全 网络协议
|
安全 开发工具 git
CTF工具隐写分离神器Binwalk安装和详细使用方法
CTF工具隐写分离神器Binwalk安装和详细使用方法
3854 0
|
12月前
|
存储 Web App开发 安全
XSS漏洞原理(三)存储型
XSS漏洞原理(三)存储型
|
12月前
|
SQL 安全 关系型数据库
sql注入原理和sqlmap命令的基础命令以及使用手法
sql注入原理和sqlmap命令的基础命令以及使用手法
|
数据采集 Web App开发 数据处理
一步步教你用Python Selenium抓取动态网页任意行数据
使用Python Selenium爬取动态网页,结合代理IP提升抓取效率。安装Selenium,配置代理(如亿牛云),设置User-Agent和Cookies以模拟用户行为。示例代码展示如何使用XPath提取表格数据,处理异常,并通过隐式等待确保页面加载完成。代理、模拟浏览器行为和正确配置增强爬虫性能和成功率。
1782 3
一步步教你用Python Selenium抓取动态网页任意行数据
|
测试技术 开发工具 iOS开发
iOS自动化测试方案(三):WDA+iOS自动化测试解决方案
这篇文章是iOS自动化测试方案的第三部分,介绍了在没有MacOS系统条件下,如何使用WDA(WebDriverAgent)结合Python客户端库facebook-wda和tidevice工具,在Windows系统上实现iOS应用的自动化测试,包括环境准备、问题解决和扩展应用的详细步骤。
1782 1
iOS自动化测试方案(三):WDA+iOS自动化测试解决方案
|
Web App开发 前端开发 JavaScript
Selenium 如何定位 JavaScript 动态生成的页面元素
Selenium 是一个自动化测试工具,可以用来模拟浏览器的操作,如点击、输入、滚动等。但是有时候,我们需要定位的页面元素并不是一开始就存在的,而是由 JavaScript 动态生成的。这时候,如果我们直接用 Selenium 的 find_element 方法去定位元素,可能会出现找不到元素的错误,因为页面还没有加载完成。为了解决这个问题,我们需要使用一些特定的定位技巧,让 Selenium 等待元素出现后再进行操作。
787 0
|
SQL 安全 数据可视化
代码审计神器:Fortify SCA 保姆级教程
代码审计神器:Fortify SCA 保姆级教程
代码审计神器:Fortify SCA 保姆级教程