Source Code: Perl multi-threaded scanner for webdav-enabled servers

May 20, 2009 7:25 am · 0 comments

by Black

in Security tools,Source Code

This little perl script is useful to find WebDAV enabled servers. As the comments say, it will NOT tell you if the servers are vulnerable to any WebDAV exploits.

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to edit and manage files collaboratively on remote World Wide Web servers.

You might ask us, why is scanning for WebDAV important? It is because, the WebDAV protocol allows “intercreativity,” making the Web a readable and writable medium. It allows users to create, change and move documents on a remote server (typically a web server or “web share”).

#!/usr/bin/perl
# Mon May 18 13:33:40 PDT 2009 by epixoip
# multi-threaded scanner for webdav-enabled servers. note this
# does NOT tell you if your server is vulnerable to any WebDAV
# exploits! it only tells you if WebDAV is enabled.

$|++;
use IO::Socket;
use threads;
use Thread::Queue;
use Term::ANSIColor qw(:constants);
our $starttime : shared;
our $count : shared;
our $hostcnt : shared;
our $thrnum :  shared = 75; # change to adjust performance
our $q : shared;
our %webdav : shared;

sub scan {
        my $host = shift;
        my $sock = new IO::Socket::INET (PeerAddr => "$host:http(80)",Timeout => 1);
        if ($sock) {
                print $sock "OPTIONS * HTTP/1.0nn";
                while (<$sock>) {
                        if ( $_ =~ /^(?:Allow|Public): (.*(?:COPY|MOVE|MKCOL|PROPFIND|PROPPATCH|LOCK|UNLOCK|SEARCH))/img ) {
                                $webdav{$host} = $1;
                        }
                }
                close $sock;
        }
}

sub report {
        print BOLD WHITE."nn[".GREEN."+".WHITE."]".RESET." The following hosts were discovered supporting WebDAV:n";
        while ( my ($key, $value) = each(%webdav) ) { print "t$key t=> $valuen"; }
        exit;
}

sub main {
        print BOLD WHITE."[".GREEN."+".WHITE."]".RESET." Building queue... ";
        $q = new Thread::Queue;
        my $file = shift;
        open HOSTS, $file or die $!;
        while () { chomp $_; $q->enqueue($_); $hostcnt++; }
        close HOSTS;
        print "added $hostcnt hostsn";
        print BOLD WHITE."[".GREEN."+".WHITE."]".RESET." $thrnum worker thread(s) will be spawnedn";
        print BOLD WHITE."[".GREEN."+".WHITE."]".RESET." WebDAV scan initiated for $hostcnt hostsn";
        while (1) {
                my @threads = threads->list;
                if ($q->pending > 0) {
                        if  ($#threads <= $thrnum + 1) {
                                threads->new(&scan, $q->dequeue);
                                $count++;
                        } else {
                                foreach $running (@threads) {
                                        $running->join();
                                }
                        }
                        my $percent = $count / $hostcnt * 100;
                        $width = `tput cols` - 35;
                        $char = ON_GREEN " ". RESET;
                        printf GREEN."---".RESET." %s hosts scanned  %s %.0f%%r", $count, $char x (($width)*$count/$hostcnt), $percent;
                } else {
                        if ($#threads > 0) {
                                foreach $running (@threads) {
                                        $running->join();
                                }
                        }
                        &report;
                }
        }
}

&main($ARGV[0]);

Related External Links

  • 1075 ipkg packages available for my Synology box
Searches leading to this post:
perl scanner, PERL SOCKET RESET

If you enjoyed this article, you might also like:

Tagged as: ,

Comments on this entry are closed.

Previous post:

Next post: