#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>

void main(int argc, char *argv[])
{
 int sock,debugm=0;
 struct in_addr addr;
 struct sockaddr_in sin;
 struct hostent *he;
 unsigned long start;
 unsigned long end;
 unsigned long counter;
 char foundmsg[] = "200";
 char *cgistr;
 char buffer[1024];
 int count=0;
 int numin;
 char cgibuff[1024];
 char *buff[50];   
 char *cginame[50]; 

 buff[1] = "GET /cgi-bin/unlg1.1 HTTP/1.0\n\n";
 buff[2] = "GET /cgi-bin/phf HTTP/1.0\n\n";
 buff[3] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n";
 buff[4] = "GET /cgi-bin/test-cgi HTTP/1.0\n\n";
 buff[5] = "GET /cgi-bin/nph-test-cgi HTTP/1.0\n\n";
 buff[6] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n";
 buff[7] = "GET /cgi-bin/handler HTTP/1.0\n\n";
 buff[8] = "GET /cgi-bin/webgais HTTP/1.0\n\n";
 buff[9] = "GET /cgi-bin/websendmail HTTP/1.0\n\n";
 buff[10] = "GET /cgi-bin/webdist.cgi HTTP/1.0\n\n";
 buff[11] = "GET /cgi-bin/faxsurvey HTTP/1.0\n\n";
 buff[12] = "GET /cgi-bin/htmlscript HTTP/1.0\n\n";
 buff[13] = "GET /cgi-bin/pfdispaly.cgi HTTP/1.0\n\n";
 buff[14] = "GET /cgi-bin/perl.exe HTTP/1.0\n\n";
 buff[15] = "GET /cgi-bin/wwwboard.pl HTTP/1.0\n\n";
 buff[16] = "GET /cgi-bin/www-sql HTTP/1.0\n\n";
 buff[17] = "GET /cgi-bin/view-source HTTP/1.0\n\n";
 buff[18] = "GET /cgi-bin/campas HTTP/1.0\n\n";
 buff[19] = "GET /cgi-bin/aglimpse HTTP/1.0\n\n";
 buff[20] = "GET /cgi-bin/man.sh HTTP/1.0\n\n";
 buff[21] = "GET /cgi-bin/AT-admin.cgi HTTP/1.0\n\n";
 buff[22] = "GET /cgi-bin/filemail.pl HTTP/1.0\n\n";
 buff[23] = "GET /cgi-bin/maillist.pl HTTP/1.0\n\n";
 buff[24] = "GET /cgi-bin/jj HTTP/1.0\n\n";
 buff[25] = "GET /cgi-bin/info2www HTTP/1.0\n\n";
 buff[26] = "GET /cgi-bin/files.pl HTTP/1.0\n\n"; 
 buff[27] = "GET /cgi-bin/finger HTTP/1.0\n\n";
 buff[28] = "GET /cgi-bin/bnbform.cgi HTTP/1.0\n\n";
 buff[29] = "GET /cgi-bin/survey.cgi HTTP/1.0\n\n";
 buff[30] = "GET /cgi-bin/AnyForm2 HTTP/1.0\n\n";
 buff[31] = "GET /cgi-bin/textcounter.pl HTTP/1.0\n\n";
 buff[32] = "GET /cgi-bin/classifieds.cgi HTTP/1.0\n\n";
 buff[33] = "GET /cgi-bin/environ.cgi HTTP/1.0\n\n";
 buff[34] = "GET /_vti_pvt/service.pwd HTTP/1.0\n\n";
 buff[35] = "GET /_vti_pvt/users.pwd HTTP/1.0\n\n";
 buff[36] = "GET /_vti_pvt/authors.pwd HTTP/1.0\n\n";
 buff[37] = "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n";
 buff[38] = "GET /cgi-dos/args.bat HTTP/1.0\n\n";
 buff[39] = "GET /cgi-win/uploader.exe HTTP/1.0\n\n";
 buff[40] = "GET /search97.vts HTTP/1.0\n\n";
 buff[41] = "GET /carbo.dll HTTP/1.0\n\n";
 buff[42] = "GET /cgi-bin/fpexplore.exe HTTP/1.0\n\n";
 buff[43] = "GET /cfdocs/expeval/openfile.cfm HTTP/1.0\n\n";
 buff[44] = "GET /cgi-bin/whois_raw.cgi HTTP/1.0\n\n";
 buff[45] = "GET /cgi-bin/finger HTTP\1.0\n\n";

 cginame[1] = "UnlG               ";
 cginame[2] = "phf                ";
 cginame[3] = "Count.cgi          "; 
 cginame[4] = "test-cgi           ";
 cginame[5] = "nph-test-cgi       ";
 cginame[6] = "php.cgi            ";
 cginame[7] = "handler            ";
 cginame[8] = "webgais            ";
 cginame[9] = "websendmail        ";
 cginame[10] = "webdist.cgi        ";
 cginame[11] = "faxsurvey          ";
 cginame[12] = "htmlscript         ";
 cginame[13] = "pfdisplay          ";
 cginame[14] = "perl.exe           ";
 cginame[15] = "wwwboard.pl        ";
 cginame[16] = "www-sql            ";
 cginame[17] = "view-source        ";
 cginame[18] = "campas             ";
 cginame[19] = "aglimpse           ";
 cginame[20] = "man.sh             ";
 cginame[21] = "AT-admin.cgi       ";
 cginame[22] = "filemail.pl        ";
 cginame[23] = "maillist.pl        ";
 cginame[24] = "jj                 ";
 cginame[25] = "info2www           ";
 cginame[26] = "files.pl           ";
 cginame[27] = "finger             ";
 cginame[28] = "bnbform.cgi        ";
 cginame[29] = "survey.cgi         ";
 cginame[30] = "AnyForm2           ";
 cginame[31] = "textcounter.pl     ";
 cginame[32] = "classifields.cgi   ";
 cginame[33] = "environ.cgi        ";
 cginame[34] = "service.pwd        ";
 cginame[35] = "users.pwd          ";
 cginame[36] = "authors.pwd        ";
 cginame[37] = "administrators.pwd ";
 cginame[38] = "args.bat           ";
 cginame[39] = "uploader.exe       ";
 cginame[40] = "search97.vts       ";
 cginame[41] = "carbo.dll          ";
 cginame[42] = "fpexplore.exe      ";
 cginame[43] = "openfile.cfm       ";
 cginame[44] = "whois_raw          ";
 cginame[45] = "finger             ";

 if (argc<2)
   {
   printf("\n _   _  __   ___  _   _    _   _  __   ___  _   _    _   _  __   ___  _   _ ");
   printf("\n( )_( )/. | / __)( )_( )  ( )_( )/. | / __)( )_( )  ( )_( )/. | / __)( )_( )");
   printf("\n ) _ ((_  _)`__ ` ) _ (    ) _ ((_  _)`__ ` ) _ (    ) _ ((_  _)`__ ` ) _ ( ");
   printf("\n(_) (_) (_) (___/(_) (_)  (_) (_) (_) (___/(_) (_)  (_) (_) (_) (___/(_) (_)");
   printf("\n                                                                    Presents");
   printf("\n                               [ Cgi Scanner ]");
   printf("\n                                    v3.1 ImPeRiAlS KreW");
   printf("\n                             Expandeded by Guilecool");
   printf("\n");
   printf("\nUsage: ./cgi www.lamahserver.com\n");
   printf("\n");
   exit(0);
   }

 if (argc>2)
   {
   if(strstr("-d",argv[2]))
     {
     debugm=1;
     }
   }

 if ((he=gethostbyname(argv[1])) == NULL)
   {
   herror("gethostbyname");
   exit(0);
   }

 start=inet_addr(argv[1]);
 counter=ntohl(start);

   sock=socket(AF_INET, SOCK_STREAM, 0);
   bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
   sin.sin_family=AF_INET;
   sin.sin_port=htons(80);

  if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
     {
     perror("connect");
     }
   
   printf("\n _   _  __   ___  _   _    _   _  __   ___  _   _    _   _  __   ___  _   _ ");
   printf("\n( )_( )/. | / __)( )_( )  ( )_( )/. | / __)( )_( )  ( )_( )/. | / __)( )_( )");
   printf("\n ) _ ((_  _)`__ ` ) _ (    ) _ ((_  _)`__ ` ) _ (    ) _ ((_  _)`__ ` ) _ ( ");
   printf("\n(_) (_) (_) (___/(_) (_)  (_) (_) (_) (___/(_) (_)  (_) (_) (_) (___/(_) (_)");
   printf("\n                                                                    Presents");
   printf("\n                               [ Cgi Scanner ]");
   printf("\n                                    v3.0 ImPeRiAlS KreW");
   printf("\n                                 by Guilecool ");
   printf("\n");
   printf("\nCgi Scan v3.0");
   printf("\n\nPress any key to continue\n\n");
   getchar();
   printf("\nReceiving Httpd Version\n\n");
   send(sock, "HEAD / HTTP/1.0\n\n",17,0);
   recv(sock, buffer, sizeof(buffer),0);
   printf("%s",buffer);
   close(sock); 
   printf("\n\nReceiving Cgi Details\n\n"); 
   while(count++ < 43) 
   {
      sock=socket(AF_INET, SOCK_STREAM, 0);
      bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
      sin.sin_family=AF_INET;
      sin.sin_port=htons(80);
      if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
        {
           perror("connect");
        }
      for(numin=0;numin < 1024;numin++)
         {
            cgibuff[numin] = '\0';
         } 
  
      send(sock, buff[count],strlen(buff[count]),0);
      recv(sock, cgibuff, sizeof(cgibuff),0);
      cgistr = strstr(cgibuff,foundmsg);
      
      if( cgistr != NULL) {
          printf("%s :",cginame[count]);
          printf(" Found\n");
      }

   }
   printf("\nScan Complete\n\n");
   printf("\Guilecool ImPeRiAlS KreW ircNet-- impsrewl@hotmail.com\n\n");
 }