#!/bin/bash

# this script tests a web-site for the presence of the files and/or
# directories that may be targeted by the lummer worm.

if [ $# -lt 1 ]; then
  echo This command will test websites for potential Lummer worm vulnerability.
  echo It needs a website to test as the first parameter.  The website name should
  echo contain all appropriate formatting needed to get to the main site, like so:
  echo   http://mycoolwebsite.com  or
  echo   ftp://checkthatftp.net    or
  echo   http://virtualsite.mysitetoexamine.org
  exit 2938
fi

to_test=$1
  # the web site to test.

garbagedir=$TMP/lummer_check_garbage.$RANDOM
mkdir $garbagedir

function test_site {
  site=$1
  cd $garbagedir
#  echo testing lummer vulnerability of $site
  # wget: -l means max depth, -L means relative only, 
  if wget --follow-ftp --passive-ftp -l 1 -L $site >$garbagedir/output$RANDOM.txt 2>&1; then
    echo Potential vulnerability: $site
  fi
}

# iterate through the known sub-sites that lummer looks at.
for i in cgi-bin/ scgi-bin/ cgi-bin/awstats/ scgi-bin/awstats/ cgi/awstats/ \
    scgi/awstats/ scripts/ cgi-bin/stats/ scgi-bin/stats/ stats/ xmlrpc.php \
    xmlrpc/xmlrpc.php xmlsrv/xmlrpc.php blog/xmlrpc.php drupal/xmlrpc.php \
    community/xmlrpc.php blogs/xmlrpc.php blogs/xmlsrv/xmlrpc.php \
    blog/xmlsrv/xmlrpc.php blogtest/xmlsrv/xmlrpc.php b2/xmlsrv/xmlrpc.php \
    b2evo/xmlsrv/xmlrpc.php wordpress/xmlrpc.php phpgroupware/xmlrpc.php \
    cgi-bin/includer.cgi sgi-cgi/includer.cgi includer/cgi \
    cgi-bin/include/includer.cgi scgi-bin/include/includer.cgi \
    cgi-bin/inc/includer.cgi scgi-bin/inc/includer.cgi cgi-local/includer.cgi \
    scgi-local/includer.cgi cgi/includer.cgi scgi/includer.cgi hints.pl \
    cgi/hints.pl scgi/hints.pl cgi-bin/hints.pl scgi-bin/hints.pl \
    hints/hints.pl cgi-bin/webhints/hints.pl scgi-bin/webhints/hints.pl \
    hints.cgi cgi/hints.cgi scgi/hints.cgi cgi-bin/hints.cgi \
    scgi-bin/hints.cgi hints/hints.cgi cgi-bin/hints/hints.cgi \
    scgi-bin/hints/hints.cgi webhints/hints.cgi cgi-bin/webhints/hints.cgi \
    scgi-bin/webhints/hints.cgi wordpress/xmlrpc.php phpgroupware/xmlrpc.php \
    drupal/xmlrpc.php; do
  # test each of the files.
  test_site $to_test/$i
done

# clean out our trash.
rm -rf $garbagedir