cum security toolkit (cst)

[Vlachs]

The cum security toolkit (cst) contains a cgi vulnerability scanner and a port scanner, and can be used as a hacking tool, or as a security vulnerability assesment tool.

The cgi scanner is a web vulnerability scanner that scans using a database of scripts, files and directories (user editable). The sample databases included contain +2200 possibly vulnerable scripts/dirs. You can scan with or without using (multiple) proxy servers. The cgi scanner has +11 different anti-IDS tactics (hex-values, double slashes, self-reference directories, session splicing, parameter hiding, http misformatting, dos/win directory syntax, case sensitivity, null method processing, long urls, premature request ending and http 0.9 scans), and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scans even more. You can also specify a waittime between 2 script fetches. The cgi scanner uses HEAD requests for faster scanning (you can scan using GET by providing an extra flag), and supports scanning virtual hosts. You can also specify another port to scan instead of the standard port 80, or another directory than the standard cgi-bin or scripts. The scanner outputs the scripts and/or directories that return a 200, 201, 202, 204, 403 or 401 HTTP code (you can specify other codes too using an extra flag) and outputs the target webserver software. You can scan single hosts, or supply a file with a list with targets for bulk scanning.

+ download a database with vulnerable cgi scripts for the cgi scanner http://www.blackhat.be/cst/big.db (28 Jan 2003)

The port scanner is a simple TCP portscanner with banner grabbing. It outputs which ports are open, sends a string to the open ports (user specified), and shows their reply. It is more an enumeration / stress tool. You can scan seperate ports and/or portranges, and you can scan a single host, or supply a list with servers for bulk scanning.

The cst security scanners are written entirely in Java, to run them you need a Java runtime environment, go to Developer Resources for Java Technology to download one (look for j2se or a Java virtual machine).

The latest version of cst is v1.41 :

+ download cst v1.41 http://www.blackhat.be/cst/cst1_41.tar.gz

+ view the cst manual online CST manual :: port scanner :: cgi scanner

[Instal]

Salut tuturor..sunt nou pe-aici..bine nu chiar foarte nou deoarece mai vizitam forumul ca Vizitator,dar in mare parte lucrurile de aici ma depasesc.

Insa am observat topicul facut de benny_loppa cu acest scanner,iar eu sunt "un impatimit" sa zic asa..de ceva vreme incoace vroiam sa incerc un scanner CGI,dar nu prea am gasit mare lucru decat din acelea la vreo 100,200de Euro..pana acuma eu am scanat cu BruteForce(SSH) si recent cu scanner PHP..dar as vrea daca se poate sa ma indrume cineva cum pot face sa scanez cu acest CST sau cu orice alt scanner CGI deoarece nu prea am experienta si as fi foarte recunoscator daca cineva m-ar putea ajuta.Pot sa spun ca nu trebuie decat sa imi arate decat 1 data pentru ca eu invat destul de repede.

Daca cineva are bunavointa sa ma ajute il rog sa imi dea PM cu o adresa de contact sau de ce nu poate chiar sa imi arate cateva instructiuni pe PM.Numai bine!