Security Basics mailing list archives
Re: WebDAV and nmap.
From: Ron <ron () skullsecurity net>
Date: Tue, 19 May 2009 19:54:06 -0500
la_bigmac () hotmail com wrote:
Hello, I would like to scan my networks to find any IIS6 servers that currently have WebDAV inuse. Looks like webDAV has issues again allowing for authentication bypass... Would the nmap scripting engine be a good tool to automate this? Does anyone already have an .nse to look at and inspect a http response? Or sample scrips that I could adapt. I can find the IIS6 servers using a version scan its the webDAV support I am stuck on.. Any help would be great. Mat.
Hey, I wrote an Nmap module today, it's called http-iis-webdav-vuln.nse. You can find it in the svn distro (see my link for more info). It is based on the Metasploit module, and it works pretty well (not 100%, though -- like Metasploit, it relies on easily-guessable folders). You can find some discussion on the Nmap-dev mailing list, or just check out my blog: http://www.skullsecurity.org/blog/?p=271 Hope that helps! I'd love to hear people's comments. Ron -- Ron Bowes http://www.skullsecurity.org/ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- WebDAV and nmap. la_bigmac (May 18)
- Re: WebDAV and nmap. [NC] Reda-Karim FAKHIR (May 19)
- RE: WebDAV and nmap. Rafael Torrales Levaggi (May 19)
- RE: WebDAV and nmap. Jeremi Gosney (May 19)
- Re: WebDAV and nmap. Ron (May 20)
- <Possible follow-ups>
- Re: WebDAV and nmap. Not_in (May 19)
- Re: WebDAV and nmap. la_bigmac (May 19)
- Re: WebDAV and nmap. kennedyd013 (May 19)