lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: javier at liendo.net (Javier Liendo)
Subject: [ANNOUNCE]: IISBanner 1.1 released

hello 

what are the pro/cons of using IISBanner versus the
AlternateServerName or RemoveServerHeader directive of
the URLScan tool?

regards

javier

--- Tiago Halm <thalm@...cabo.pt> wrote:
> Hi all,
> 
> IISBanner was totally re-coded and is now
> configurable and fully performant.
> See details below...
> 
> 
> ============== IISBanner ==============
> 
> Author: Tiago Halm
> Version: 1.1
> Platforms: Windows (IIS)
> License: BSD
> 
> - Introduction 
> - Description 
> - Configuration 
> - Notes 
> - Notes for version 1.0 
> - Download 
> 
> 
> Introduction
> ---------------
> ISAPI Filters are the only "safe" way of managing
> (changing, altering,
> customizing) some of the core parts of IIS. 
> Customizing the "Server" response header is one of
> those tasks. While
> altering the "Server" response header may be useful
> at a security
> prespective by disguising the web server banner
> (security by obscurity),
> keep in mind that there are much more powerfull ways
> of detecting a server
> type using tools like nmap.
> 
> 
> Description
> --------------
> IISBanner is an IIS ISAPI Filter that can be used to
> specify a replacement
> for IIS's built in "Server" header, or even to
> instruct IIS to not use the
> "Server" response header altogether.
> The configuration is made by an .ini file, namely
> "IISBanner.ini". This
> configuration file must reside in the same directory
> of IISBanner.dll.
> 
> 
> Configuration
> -----------------
> The configuration file contains 2 options:
> 
> Name: RemoveBanner
> Values: 0 or 1
> Description: 
> - If 1, then the "Server" response header is
> removed, meaning that all IIS
> responses will not contain any "Server" header, and
> the ChangeBanner option
> is ignored;
> - If 0, then the "Server" response header is not
> removed and the
> ChangeBanner option may be used;
> - If commented, then its value defaults to 0;
> 
> Name: ChangeBanner
> Values: Any string up to 255 characters
> Description:
> - If string is empty, then IIS's built in "Server"
> response header remains
> unchanged;
> - If string is not empty, then the "Server" response
> header will be changed
> to that same value;
> - If commented, then its value defaults to empty
> string;
> 
> 
> Notes
> --------
> - Instalation of this ISAPI Filter must be done at
> the WebServer level;
> - The ISAPI runs at low priority;
> - IIS's performance is NOT affected by this ISAPI
> Filter. Any stress test
> will reveal that the number of HTTP requests remains
> unaffected with or
> without IISBanner;
> - DLL size is now 20Kb (compiled without default
> libraries);
> - IISBanner is installed at http://www.kodeit.org
> and may be viewed by a
> network sniffer at each HTTP response received, or
> through this simple VBS
> script:
>
__________________________________________________________
> Set oHTTP =
> WScript.CreateObject("Microsoft.XMLHTTP")
> Call oHTTP.Open("HEAD", "http://www.kodeit.org",
> False)
> Call oHTTP.Send()
> WScript.Echo oHTTP.GetAllResponseHeaders()
> Set oHTTP = Nothing
>
__________________________________________________________
> 
> 
> Notes for version 1.0
> --------------------------
> The first version of IISBanner was ONLY
> demonstrative and it suffered from
> performance issues. Although download of version 1.0
> is still available, its
> recommended the use of version 1.1 for any real
> instalation.
> 
> Download
> ------------
> IISBanner can viewed at
> http://www.kodeit.org/utils/iisbanner.htm
> 
> Version 1.1
> Binary:
> http://www.kodeit.org/utils/iisbanner.1.1.zip
> Source:
> http://www.kodeit.org/utils/iisbanner_src.1.1.zip
> 
> Version 1.0
> Binary:
> http://www.kodeit.org/utils/iisbanner.1.0.zip
> Source:
> http://www.kodeit.org/utils/iisbanner_src.1.0.zip
> 
> 
> Comments, this time, are very welcome!
> 
> Regards,
> Tiago Halm
> http://www.kodeit.org
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ