-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
34 lines (26 loc) · 1.59 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
____ ____ ___ _ _ _ ____ ___ _____
/ ___/ ___|_ _| / \ | | | | _ \_ _|_ _|
| | | | _ | | / _ \| | | | | | | | | |
| |__| |_| || | / ___ \ |_| | |_| | | | |
\____\____|___| /_/ \_\___/|____/___| |_|
==============================================
Author: S <super@udel.edu>
Philosophers: S, Erebus, vacuum
Beta Testers: optyx, brian, vacuum
Tested On: SPARCv9 SunOS 5.8, IA-32 Linux 2.x, IA-32 FreeBSD 4.4-RELEASE, Alpha NetBSD 1.5.1,
MIPS R4400 IRIX64 6.5
Greetings: innuendo crew, low-level crew, #!/bin/zsh, GOBBLES, s0ftpj, _eci, K2, Aviator,
ksoze, shegget, KB, zmagic, be, ZAVEN, jhh, anyone I forgot.
cgiaudit is a general-purpose, "black box" CGI auditing tool. This program probes HTTP
servers for well-known CGI vulnerabilities by parsing HTML form elements and deriving attack
requests from them. Each of these requests represents a different vulnerability. Once these
requests are sent, the server response and following document are parsed for evidence of successful
penetration. This "evidence" is configurable by regular expression in the cgiaudit.conf file. A
sane example is included. Other features include a built-in spider, proxy support, and hexadecimal
encoding of requests.
See the INSTALL file for installation instructions.
Please read cgiaudit(1) and cgiaudit.conf(5).
Note: This program is similar is some ways to Lluis Mora's HTTPush and rfp's
RFProxy (presented at CanSecWest). The chief advantage of this software package
is that it functions without user interaction at runtime and includes many more
features.