Skip to content

lijiejie/IIS_shortname_Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
iis_shortname_scan.py
iis_shortname_scan.py
 
 

Repository files navigation

IIS shortname Scanner

Under certain circumstances, windows 8.3 short names may be bruteforce enumerated under IIS with .net enabled,

request these two urls:

If the first one return HTTP 404 and the second one return no 404. Your server might be exploitable to this vulnerability.

Change Log (Oct 27, 2016)

  • Bug fixed: extention short than 4 letters like /webdeb~1.cs now could be enumerated
  • Code reconstruction

Usage

	iis_shortname_Scan.py target

from http://www.lijiejie.com my[at]lijiejie.com

About

an IIS shortname Scanner

Resources

Readme
Activity

Stars

536 stars

Watchers

18 watching

Forks

227 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

Languages