[About] [Releases] [CVS] [Mailing Lists] [ Source Forge Project]


This Perl script/library is a 'replacement' for cgi scripts with known significant security holes, such as phf and nph-test. It attempts to gather as much information as possible from the probing site while mimicking the behavior of the script it replaces (without actually giving out any useful information). An extensible framework is provided for adding faked cgi scripts and information gatherers.

Watch.Cgi version 2 is a total re-write of Watch.Cgi version 1, which was developed by the Security Technologies department at The San Diego Supercomputer Center. Watch version 2 was developed by Devin Kowatch <devink at webengruven dot org> on his own time.

Watch.Cgi versions 2 and above are licensed under the GNU GPL.


View the latest README file, which contains some notes on installing and a brief description. Included in the release is information the Watch.Cgi design, and a sample configuration file.

Watch.Cgi is now hosted at Check out the main project page


The first public release is 2.1.0. Version 2.0.0 was a private release that was installed only at SDSC.


You can download watch.Cgi releases here.


There is a public CVS repository available. Go here for directions on how to access it. Or you can browse it here.

Mailing Lists

watchcgi-users [Subscribe] is a mailing list for general discussion of using Watch.cgi. This is also where I'll be posting announcements. If this project ever gains enough users or developers to warrent it, then other lists will be created for more specific discussion. Logo