simpleScanner.pl

Example 8-8 shows the full source code for the simpleScanner.pl script.

Example 8-8. Code for simpleScanner.pl

#!/usr/bin/perl use LWP::UserAgent; use strict; use Getopt::Std; my %args; getopts('c:o:v', \%args); printReport("\n** Simple Web Application Scanner **\n"); if ($#ARGV < 1) { die "\n$0 [-o <file>] [-c <cookie data>] [-v] inputfile http://hostname\n\n-c: Use HTTP Cookie\n-o: Output File\n-v: Be Verbose\n"; } # Open input file open(IN, "< $ARGV[0]") or die"ERROR => Can't open file $ARGV[0].\n"; my @requestArray = <IN>; my ($oRequest,$oResponse, $oStatus, %dirLog, %paramLog); printReport("\n** Beginning Scan **\n\n"); # Loop through each of the input file requests foreach $oRequest (@requestArray) { # Remove line breaks and carriage returns $oRequest =~ s/(\n|\r)//g; # Only process GETs and POSTs if ($oRequest =~ /^(GET|POST)/) { # Check for request data if ($oRequest =~ /\?/) { # Issue the original request for reference purposes ($oStatus, $oResponse) = makeRequest($oRequest); #Populate methodAndFile and reqData variables my ($methodAndFile, $reqData) = split(/\?/, $oRequest, 2); my @reqParams = split(/\&/, $reqData); my $pLogEntry = $methodAndFile; # Build parameter log entry my $parameter; foreach $parameter (@reqParams) { my ($pName) = split("=", $parameter); $pLogEntry .= "+".$pName; } $paramLog{$pLogEntry}++; if ($paramLog{$pLogEntry} eq 1) { # Loop to perform test on each parameter for (my $i = 0; $i <= $#reqParams; $i++) { my $testData; # Loop to ...

Get Network Security Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.