IIS Vulnerability Scanner
After days of work and dreams full of perl multitasking implementation I finally finished the first version of IIS Vulnerability Scanner. This unique IIS scanner perl script has more than 1700 vulnerability checks in its data file which was compiled from tools like Xscan, Nikto.pl, urlchk and many more. Hundreds of unique unicode attacks and vulnerable file existance checks, dozens of directory traversal vulnerability checks. This is the ultimate tool to scan your IIS webserver for vulnerabilities. Download it from here, and enjoy:
http://www.freewebs.com/okidan/
To make it even better I need people, I need help. I want to develop it. But for that I need,
1) To add comments, links to most of the vulnerability checks.
2) Add exploit support, basically to create "IIS exploits in Perl" check support. The exploits will be checked one by one. I have a dozen of IIS webserver exploits in Perl, that can be a good start.
3) Write simple exploits for some of the vulnerabilities to decrease the amount of work of the users. Like for ex, finding htimage.exe in one of webserver directories means that the Image mapper is most probably vulnerable to DoS and Path Disclosure vulnerabilities. In the DoS case, large argument must be sent to the program, that can be done by hand, and nobody bothered writing exploit for it. But we will have to, because we are developing all-in-one IIS Vulnerability Scanner, Audit and Assesment tool. Concretely the only program an IIS webadmin needs to keep an eye on the security of his not so secure webserver.
And much more... But I cant do it alone. If you want to take part in the development of this project or help somehow, contact me. Or visit my forums: http://free.phpbb-host.org/okidan/
Any comments, bug reports are welcome and greatly appreciated.
Re: IIS Vulnerability Scanner
Quote:
Originally posted here by OkIDaN
After days of work and dreams full of perl multitasking implementation I finally finished the first version of IIS Vulnerability Scanner. This unique IIS scanner perl script has more than 1700 vulnerability checks in its data file which was compiled from tools like Xscan, Nikto.pl, urlchk and many more. Hundreds of unique unicode attacks and vulnerable file existance checks, dozens of directory traversal vulnerability checks. This is the ultimate tool to scan your IIS webserver for vulnerabilities. Download it from here, and enjoy:
http://www.freewebs.com/okidan/
To make it even better I need people, I need help. I want to develop it. But for that I need,
1) To add comments, links to most of the vulnerability checks.
2) Add exploit support, basically to create "IIS exploits in Perl" check support. The exploits will be checked one by one. I have a dozen of IIS webserver exploits in Perl, that can be a good start.
3) Write simple exploits for some of the vulnerabilities to decrease the amount of work of the users. Like for ex, finding htimage.exe in one of webserver directories means that the Image mapper is most probably vulnerable to DoS and Path Disclosure vulnerabilities. In the DoS case, large argument must be sent to the program, that can be done by hand, and nobody bothered writing exploit for it. But we will have to, because we are developing all-in-one IIS Vulnerability Scanner, Audit and Assesment tool. Concretely the only program an IIS webadmin needs to keep an eye on the security of his not so secure webserver.
And much more... But I cant do it alone. If you want to take part in the development of this project or help somehow, contact me. Or visit my forums: http://free.phpbb-host.org/okidan/
Any comments, bug reports are welcome and greatly appreciated.
Your script is so cool, will you be working on an Apache one for your next project?