require('Gelo') usage = [[ ---------------------------------------------------------------- Syhunt Web Backdoor Scanner 1.0 ---------------------------------------------------------------- USAGE: bdscan.exe [url] Example: bdscan.exe http://www.somehost.com Note: Our Sandcat Pro scanner includes advanced signatures and a more up-to-date list of checks. More details about this product can be found at: http://www.syhunt.com/?n=Sandcat.Pro ]] --Turn this into an .EXE file using Gelo: --http://www.syhunt.com/?n=Tools.Gelo pathlist = [[ /0wn.asp /0wn3d.c /0wn3d.php /1.exe /2.exe /3.exe /4.exe /CmdServlet /Crystal.php /Dx.php /Fire.exe /FireD.exe /FireDaemon.exe /JAsfv.dll /JspWebshell.jsp /JspWebshell.jspx /JspWebshell1.2.jsp /JspWebshell1.2.jspx /LSAExt.dll /ListServlet /NCC-Shell.php /NetworkFileManagerPHP.php /PHANTASMA.php /PHPJackal.php /PHPRemoteView.php /Private-i3lue.php /UpServlet /Uploader.php /accept_language.php /admin.dll /antichat.php /aspydrv.asp /aspydrv.aspx /aspydrv.mspx /author.dll /avent.php /backdoor.php /backupsql.php /bin.exe /browser.jsp /c100.php /c100shell.php /c99.php /c99_PSych0.php /c99_locus7s.php /c99_madnet.php /c99_w4cking.php /c99shell.php /cfexec.cfm /cihshell.php /cihshell_fix.php /cmd-asp-5.1.asp /cmd-asp.asp /cmd.GPL /cmd.asp /cmd.aspx /cmd.c /cmd.cfm /cmd.cgi /cmd.d2w /cmd.do /cmd.exe /cmd.exe?/c+dir /cmd.js /cmd.jsp /cmd.jspx /cmd.mspx /cmd.nsf /cmd.php /cmd.pl /cmd.py /cmd.sh /cmd.show /cmd1.exe /cmd1.exe?/c+dir /cmd32.exe /cmdServlet /cmd_win32.jsp /cmd_win32.jspx /cmdasp.asp /cmdasp.aspx /cmdjsp.jsp /cmdjsp.jspx /cod3r.php /cod3rz.php /cod3rzshell.php /compfilt.dll /ctt_sh.php /cybershell.php /dc.php /dx.php /ekin0x.php /erne.php /exec.asp /exec.jsp /exploit.c /explore.asp /fatal.php /fpexedll.dll /fso.asp /fso.aspx /fso.mspx /ftp.exe /ftpx.exe /gfs_sh.php /goonshell.php /h4x.php /h4x0r.php /hack.exe /hack.jsp /heykir.php /httpext.dll /httpodbc.dll /iMHaPFtp.php /idq.dll /iiscrack.dll /iise.dll /ironshell.php /jackal.php /jsback.php /jsp-reverse.jsp /jsp-reverse.jspx /kacak.asp /kacak.aspx /kacak.mspx /kshell.asp /kshell.aspx /kshell.mspx /l33t.php /lamashell.php /list.asp /list.jsp /list.php /list.pl /list.sh /liz0zim.php /load_shell.php /locu.php /locus.php /locus7s.php /mantis-email-bomber.php /matamu.php /md5filt.dll /msw3prt.dll /myshell.php /mysql.php /mysql2.php /mysql_tool.php /mysqlwebsh.php /nc.exe /ncx.exe /ncx99.exe /netcat.exe /nshell.php /nst.php /nstview.php /ntdaddy.asp /ntdaddy.aspx /ntdaddy.mspx /omnithread_rt.dll /own.asp /own.exe /own.jsp /owned.php /pHpINJ.php /perl-reverse-shell.pl /perlcmd.cgi /php-backdoor.php /php-findsock-shell.php /php-include-w-shell.php /php-reverse-shell.php /phpbypass.php /phpshell.php /pmsh.pl /pwdump.exe /pwdump2.exe /pwdump3.exe /pws.php /pwsdata.dll /r57.1.4.0.php /r57.php /r57142.php /r57_Mohajer22.php /r57_iFX.php /r57_kartal.php /redcod.php /remview.php /remview_2002_08_05.php /remview_2002_08_24.php /remview_2003_04_22.php /remview_2003_10_23.php /remview_fix.php /rhtools.asp /rhtools.aspx /rhtools.mspx /root.exe /root.exe?/c+dir /rootshell.php /ru24_post_sh.php /safe0ver.php /safemod.php /samdump.dll /sensepost.exe /sensepost.exe?/c+dir /servlet/CmdServlet /shell.GPL /shell.asp /shell.aspx /shell.cfm /shell.cgi /shell.d2w /shell.do /shell.exe /shell.js /shell.jsp /shell.jspx /shell.mspx /shell.nsf /shell.pl /shell.py /shell.show /shtml.dll /simattacker.php /simp-worm_sys.p5.php /simple-backdoor.php /simple_cmd.php /socat.exe /sosyete.php /spybypass.php /sql.php /ssinc.dll /sspifilt.dll /stresbypass.php /unreal.php /up.asp /up.jsp /up.php /up.pl /up.sh /up_win32.jsp /vnchooks.dll /w3k.php /w4cking.php /w4k.php /winshell.php /worm.php /wso2.php /x.php /xx.php /xxx.php /zaco.php /zacosmall.php /zehir4.asp /zehir4.aspx /zehir4.mspx ]] if arg[1] == nil then print(usage) else print('Scanning '..arg[1]..'...') http = GHTTPRequest:new() p = GStrListParser:new() p:loadfromstr(pathlist) while p:parsing() do http:open('GET',arg[1]..p.current) if http.statuscode ~= 404 then print('Found: '..p.current) end end p:release() http:release() end