Full Disclosure mailing list archives
Re: iiscan results - a closer look
From: dd () sucuri net
Date: Fri, 8 Jan 2010 16:42:33 -0400
I played with it a little yesterday and posted my thoughts (as well as a summary of their whole scan) at: http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html It is a nice tool with some good checks looking for SQL, XSS, etc... I just think they didn't look deep enough in my site to check more stuff... --dd On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage () rocketmail com> wrote:
If anyone has any more invite codes please send one to me. I tried the ones posted and they were not functional. I also emailed support and never received a response. Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or Acunetix ? How many trials do you get per invite code? Just 1 app? Thanks! ________________________________ From: Jardel Weyrich <jweyrich () gmail com> To: p8x <l () p8x net> Cc: full-disclosure () lists grok org uk Sent: Thu, January 7, 2010 9:33:07 AM Subject: Re: [Full-disclosure] iiscan results It's probably trying to get different results/responses by changing the values of some request headers. The most common scenario, as far as I've seen, and as oddly as it might sound, is the User-Agent and HTTP minor version. A more verbose logging strategy would demystify. Or maybe Vincent?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: iiscan results - a closer look dd (Jan 10)
- Re: iiscan results - a closer look jack mannino (Jan 10)
- Re [2]: iiscan results - a closer look Vladimir Vorontsov (Jan 11)