Under Utilized Tools/Resources #28

Ooo this is one of my favorite tools! It is called IIS Shortname Scanner!

It helps you identify the tilde vulnerablity in IIS 5,6,7 and 8.

Here’s the whitepaper on the vulnerability! (Link HERE)

Here’s a link to the github! (Link HERE)

You’d run it like this:

java -jar iis-shortname-scanner.jar 2 20 https://example.com/

Here’s a screenshot of output if it’s actually vulnerable!

Screen Shot 2020-05-24 at 3.13.45 PM


Read all the entries in this series!


Leave a Reply