Re: Using php to bounce scan

[oogali () INTRANOVA NET (Omachonu Ogali)]

This is nothing new since many people have done CGI scripts that achieve
the same thing that you've conceived.

On Fri, 28 Apr 2000, Thiebaut wrote:

> Hi,
>
> This is my first post so I'm not 100% sure it's the right place to do it
> and if this is interesting enough to be posted, but still ...
>
>
> The problem :
>
> Nowadays few free-web-page hosting companies are providing an access to
> publish your pages with PHP enabled. That's the problem ;-)
>
> So why not use PHP for security purpose ?
> Let's say you write a PHP network scanner and use it to scan a host.
> Guess where would the source scan come from. The computer hosting the
> script, and that is actually not you.
>
> Chain proxies between you and the computer hosting the script and you'll
> appear as the anonymous Php3 network scanning  guy.
>
> So network scanning is fun (still don't dream about -sS with php), but
> vulnerability scanning might also be fun. So I though to be a little
> more complete a simple cgi scanner would also be interesting.
> It's a very bad example of code optimisation  ;-)  but I thought the
> idea was not so bad so...
>
> You got both files there :
> http://persoweb.francenet.fr/~tbilger/linux/
>
>
> Don't hesitate to mail for comments.
>
> Thiebaut Devergranne

--
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali () intranova net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+