⚠️ Overview

InterGET is a Windows download manager with an integrated Site Scanner for web vulnerability detection. Released around 2004 by an anonymous developer, it is widely used by attackers for automated reconnaissance and exploitation. Its scanning feature is exclusively employed for malicious purposes, earning it classification as a confirmed malicious bot in threat intelligence databases. This tool is consistently flagged in web application firewalls.

🔧 Technical Capabilities

The Site Scanner tests for SQL injection, XSS, and directory traversal using multithreaded requests and a payload library of over 1000 attack strings. It supports proxy anonymization and includes a brute-force module for admin logins. It parses HTML forms and URL parameters, analyzing error messages and response changes to confirm vulnerabilities. Results are saved in HTML reports. It can also scan for file inclusion and command injection. The tool completes a full scan of a typical web application in under a minute.

📜 History & Notable Incidents

In 2008, SANS reported a spike in SQL injection attacks using InterGET's User-Agent. In 2010, it targeted Joomla and WordPress sites, exploiting outdated plugins. The tool frequently deploys payloads for known vulnerabilities such as SQL injection flaws in popular CMS platforms. It has been repackaged with trojans. Security firms like Fortinet have flagged InterGET since 2006. A 2015 US-CERT report noted scans against government domains.

🔍 Detection Indicators

User-Agent containing "InterGET" (e.g., "InterGET/1.0") is the main indicator. Behavioral signs include high-frequency parameter probing, varying payloads, ignoring robots.txt, and many 404 errors. The scanner repeats requests with slight modifications to bypass filters and often requests unusual paths like /etc/passwd. Scan rate is typically 50-100 requests per second. Logs lack browser-specific headers.

☠️ Risk & Impact

SQLi extracts entire databases; XSS leads to session hijacking; directory traversal exposes system files. Enables mass scanning of thousands of sites. Successful exploitation can result in complete server compromise and data theft. In one case, InterGET scans exposed 2 million user records from a healthcare portal. The tool's automation allows one attacker to target many victims simultaneously.

🛡️ Mitigation

Blocked immediately because scanning is unauthorized. WAF rules blocking User-Agent "InterGET" and rate-limiting are effective. No legitimate download manager requires SQL injection testing. Immediate blocking prevents reconnaissance before exploitation.

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.