[unisog] IIS vulernerability scanner tool
dmoore at ipn.caida.org
Sat Jul 28 07:07:51 GMT 2001
The current perl script does not detect a sizeable portion of English
language installs which are still vulnerable, nor does it recognize
many foreign languages. The following code currently post-processes
the output of the scanner, but it should be easy to change the if cases
in the scanner to call the same classification function.
I believe these are all vulnerable, but do not have access to machines
to test all of them.
Biggest problem with english language is not detecting results of
the form: The IDQ file c:\inetpub\wwwroot\NULL.ida could not be found.
Other than that it may only be an improvement if you think someone
may be running a non-English language version of IIS on your network.
-- david (not on unisog, so please cc on responses)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3904 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20010728/251a9c01/codered-classify-0007.bin
More information about the unisog