| I l@ve RuBoard | |
URL: www.hackers.com/html/archive.5.html
Client OS: Windows 9x/NT
Target OS: Web server
Price: Free
Description: Web servers have long been known to have more features than can be managed easily. SiteScan is a useful tool from Rhino9 for finding these exploitable features. It automates several exploits against Web servers. Although these attacks are a bit dated, it is surprising how many administrators fail to keep security patches up to date.
Use: SiteScan is easy to install and use. Figure 17-3 displays the SiteScan interface. Start by entering the IP address or URL for the target server in the Server window. Then simply click the button for the test you want to perform. The results of the test are displayed in the Results window. SiteScan includes options for checking for vulnerable test CGIs, service passwords, passwords embedded in HTML or Java code, vulnerable IIS admin, finger, and other weaknesses.
Benefits: The tool is easy to use and free. It automates many tests for Web servers.
Con: Many of the tests are dated and the servers may no longer be susceptible.
| I l@ve RuBoard | |