
Vulnerable CGI Scripts • Chapter 4 145
accidentally leave an administrator account as owner of a script.
CGIWrap can be found on SourceForge’s Web site, http://sourceforge
.net/projects/cgiwrap.
Whisker
Whisker is a command-line remote-assessment tool that you can use to
scan a Web site for vulnerabilities in CGI scripts and programs. It is a
CGI script itself, which is written in Perl, and can easily be installed on
your site. Once there, you can scan your own network for problems, or
specify other sites to analyze.
Whisker is different from most CGI scanners available, in a number
of ways. Foremost to this is that it won’t run checks on your system that ...