Nmap Development mailing list archives
Re: [NSE] http-iis-short-name-brute.nse
From: Martin Holst Swende <martin () swende se>
Date: Sun, 16 Sep 2012 19:26:32 +0200
Hi, Cool, I wasn't aware of this until now! I browsed through the script, and have a comment : - When brute-forcing the extensions, you test each character alphabetically (right?), which would take on average (26+10)/2 = 18 requests per character to get right. If the script instead first tried the most common suffixes it would probably go way faster. (It could probably be even more advanced, e.g combining the approaches by guessing one character at a time according to a tree-structure based on common suffixes. ) Regards, Martin Holst Swende On 09/16/2012 05:12 PM, Dev (nmap) wrote:
Hi List, Attached is a NSE implementation of "iis-shortname-scanner-poc" from http://code.google.com/p/iis-shortname-scanner-poc/ . The script searches for the short name of files and dirs, example output: PORT STATE SERVICE REASON 80/tcp open http | http-iis-short-name-brute: | Folders | aspnet~1 | Files | sql~1.bak |_ test~1.php It still needs some testing, but currently I don't have access to an affected IIS installation. Any chance someone here has access to an IIS installation and can test it (or grant me permission to test on the platform) ? - Jesper _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-iis-short-name-brute.nse Dev (nmap) (Sep 16)
- Re: [NSE] http-iis-short-name-brute.nse Martin Holst Swende (Sep 16)
- Re: [NSE] http-iis-short-name-brute.nse Dev (nmap) (Sep 16)
- Re: [NSE] http-iis-short-name-brute.nse Dev (nmap) (Sep 16)
- Re: [NSE] http-iis-short-name-brute.nse David Fifield (Sep 18)
- Re: [NSE] http-iis-short-name-brute.nse Martin Holst Swende (Sep 16)