#!/usr/bin/perl

# ---- h77p.pl
# http (mainly cgi) vulnerability scanner. proxy supported.
# use with database file, and if a new bug is reported,
# simply add it to your database file (h77p.dat).
# usage: ./h77p.pl www.victim.com proxy.server.com:8080
# 
# 					White_E <white_e@iname.com>
# 					http://ttj.virtualave.net/

$database="h77p.dat";

($host,$proxy)=@ARGV;
($proxy_host,$proxy_port)=split(':',$proxy);
die "usage: $0 <host> <proxy_host:proxy_port>\n" if (!$proxy_port);

print "---- h77p.pl by White_E\n";
print "---- start scanning $host via $proxy_host:$proxy_port...\n";

open(DB,$database) || die "Err: cannot open $database.\n";
@bugs=<DB>;close(DB);foreach (@bugs) { chomp($_); }

$|=1;
use Socket;

foreach (@bugs) {
  socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')) || die "Err: socket().\n";
  $paddr=sockaddr_in($proxy_port,inet_aton($proxy_host)) || die "Err: cannot resolve $proxy_host.\n";
  select(S);$|=1;select(STDOUT);
  connect(S,$paddr) || die "Err: connect().\n";
  $check="GET http://$host$_ HTTP/1.0\r\n\r\n";
  send(S,$check,0) || die "Err: send().\n";
  $result=<S>;
  close(S);
  if ($result =~ m/\s200\s/) {
    print "$_: F0und!\n";
# uncomment below if you wanna see error codes.

#  } elsif ($result =~ m/\s404\s/) {
#    print "$_: 404\n";
#  } elsif ($result =~ m/\s403\s/) {
#    print "$_: 403\n";
#  } else {
#    print "$_: $result";

  }
}

print "---- done.\n";
exit;