lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 11 Sep 2006 16:26:19 +0100
From: "David Kierznowski" <david.kierznowski@...il.com>
To: full-disclosure@...ts.grok.org.uk, security-basics@...urityfocus.com
Cc: 
Subject: ASP Auditor v1.0 BETA released

ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/

The purpose of ASP Auditor is to identify vulnerable and weakly
configured ASP.NET servers.

Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ david.kierznowski@...il.com ]
Usage: ./asp-audit.pl (opts) [host] [port]

(opts)
-h these usage instructions
-b brute force ASP.NET version using JS Validate
directories.
-m match against fingerprints
-v verbose messaging

Some examples can be seen below:

$ ./asp-audit.pl labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No

dwk@...on:~/dev/asp-audit$ ./asp-audit.pl -m labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No

Fingerprint matches:
2.0.50727.07 Version 2.0 (Visual Studio.NET 2005 CTP) Aug 2005
2.0.50727.26 Version 2.0 (Visual Studio.NET 2005 RC / SQL Server 2005
CTP) Sep 2005
2.0.50727.42 Version 2.0 RTM (Visual Studio.NET 2005 RTM / SQL Server
2005 RTM) Nov 2005

$ ./asp-audit.pl *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES

dwk@...on:~/dev/asp-audit$ ./asp-audit.pl -b *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES

Found: aspnet_client/system_web/1_1_4322
Found: aspnet_client/system_web/2_0_50727

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ