# Thanks to MaB of Efnets #programmers for helping clean up my code and his timeout scheme.
print<<__MENU;

               NeoErudition Technologies
                 CGI VTI Mass Scanner
               
                 By: Lawrence Lavigne
                          MaB
               
               
__MENU



use strict;
use diagnostics;
use warnings;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
my $def = new LWP::UserAgent;
my $hostsfile;
my $host;
my @hosts;
my $userresp;
my $url;
my @checks = ( 
               "http://HOST/scripts/perl.exe",
               "http://HOST/scripts/shell.exe",	
               "http://HOST/scripts/../../cmd.exe",
               "http://HOST/scripts/root.exe",
               "http://HOST/_vti_pvt/authors.pwd",
		       "http://HOST/_vti_pvt/service.grp",
		       "http://HOST/_vti_pvt/service.pwd",
		       "http://HOST/_vti_pvt/users.pwd",
		       "http://HOST/_vti_pvt/administrator.pwd",
		       "http://HOST/_vti_pvt/administrators.pwd",
		       "http://HOST/cgi-bin/handler",
		       "http://HOST/cgi-bin/webplus.cgi",
		       "http://HOST/cgi-bin/webplus.exe",
		       "http://HOST/cgi-bin/sws/manager.pl",
		       "http://HOST/cgi-bin/paramtool",
		       "http://HOST/cgi-bin/YaBB.pl",
		       "http://HOST/cgi-bin/perl.exe",
		       "http://HOST/cgitelnet.pl",
		       "http://HOST/cgi-winuploader.exe",
		       "http://HOST/cgi-win/uploader.exe",
		       "http://HOST/cgi-bin/upload.pl",
		       "http://HOST/cgi-bin/whois_raw.cgi",
		       "http://HOST/cgi-bin/password.txt",
		       "http://HOST/cgi-bin/passwd",
		       "http://HOST/cgi-bin/passwd.txt",
		       "http://HOST/cgi-bin/handler.cgi",
		       "http://HOST/cgi-bin/handler",
		       "http://HOST/cgi-bin/files.pl",
		       "http://HOST/MSADC/root.exe",
		       "http://HOST/msadc/cmd.exe",
		       "http://HOST/msadc/Samples/SELECTOR/showcode.asp",
		       "http://HOST/msadc/Samples/selector/showcode.asp",
		       "http://HOST/allmanage.pl",
		       "http://HOST/x_stat_admin.php",
		       "http://HOST/ans.pl",
		       "http://HOST/security/web_access.html",
		       "http://HOST/session/adminlogin?");
my $ua = LWP::UserAgent->new(agent => "VTI Scan", env_proxy => 1, keep_alive => 1,timeout => 5);

print qq(Host File Name:\t);
$hostsfile = <STDIN>;

chomp($hostsfile);
open(IN, $hostsfile) or die "$!";

@hosts = <IN>;
chomp(@hosts);

print qq(CGI/VTI Scan Initiated..\n);
print qq(Output Saved To CGIVTI.log.\n\n);
foreach $host (@hosts) {
	foreach (@checks) {
		$url = $_;
		$url =~ s/HOST/$host/;
		#$url = $_;
		print qq(:: Checking $url...\n);
		my $request = new HTTP::Request('GET', $url);
		my $response = $def->request($request);
		if ($response->is_success) {
			print $response->content;
			open(OUT, ">>CGIVTI.log");
			print OUT $url;
			close OUT;
		} else {
			print qq(Not Vulnerable..\n\n);
		}
	}
}
<>