Security Basics mailing list archives
ASP Auditor v1.0 BETA released
From: "David Kierznowski" <david.kierznowski () gmail com>
Date: Mon, 11 Sep 2006 16:26:19 +0100
ASP Auditor v1.0 BETA Author: David Kierznowski (david.kierznowski_at_gmail.com) http://michaeldaw.org/ The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers. Usage: $ ./asp-audit.pl ASP Audit v1.0 (BETA) [ david.kierznowski () gmail com ] Usage: ./asp-audit.pl (opts) [host] [port] (opts) -h these usage instructions -b brute force ASP.NET version using JS Validate directories. -m match against fingerprints -v verbose messaging Some examples can be seen below: $ ./asp-audit.pl labs.microsoft.com Target: labs.microsoft.com Server Software: Microsoft-IIS/6.0 ASP Framework: YES ASP Simple Version: 2.0.50727 ASP Specific Version: Unknown ASP verbose messages: No ASP Validate: No Default Error Messages: No dwk@radon:~/dev/asp-audit$ ./asp-audit.pl -m labs.microsoft.com Target: labs.microsoft.com Server Software: Microsoft-IIS/6.0 ASP Framework: YES ASP Simple Version: 2.0.50727 ASP Specific Version: Unknown ASP verbose messages: No ASP Validate: No Default Error Messages: No Fingerprint matches: 2.0.50727.07 Version 2.0 (Visual Studio.NET 2005 CTP) Aug 2005 2.0.50727.26 Version 2.0 (Visual Studio.NET 2005 RC / SQL Server 2005 CTP) Sep 2005 2.0.50727.42 Version 2.0 RTM (Visual Studio.NET 2005 RTM / SQL Server 2005 RTM) Nov 2005 $ ./asp-audit.pl *hidden* Target: *hidden* Server Software: Microsoft-IIS/6.0 ASP Framework: YES ASP Simple Version: Unknown ASP Specific Version: Unknown ASP verbose messages: No ASP Validate: No Default Error Messages: YES dwk@radon:~/dev/asp-audit$ ./asp-audit.pl -b *hidden* Target: *hidden* Server Software: Microsoft-IIS/6.0 ASP Framework: YES ASP Simple Version: Unknown ASP Specific Version: Unknown ASP verbose messages: No ASP Validate: No Default Error Messages: YES Found: aspnet_client/system_web/1_1_4322 Found: aspnet_client/system_web/2_0_50727 --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- ASP Auditor v1.0 BETA released David Kierznowski (Sep 11)