web application – asp auditor

ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/

The purpose of ASP Auditor is to identify vulnerable and weakly
configured ASP.NET servers.

backtrack 5 r1

/pentest/web/asp-auditor

root@bt:/pentest/web/asp-auditor# ./asp-audit.pl

[ASP Auditor v2.2]
Usage:   ./asp-audit.pl [http://target/app/file.aspx] (opts)

(opts)
-bf brute force ASP.NET version using JS Validate
directories.

root@bt:/pentest/web/asp-auditor# ./asp-audit.pl http://ip-address/login.aspx -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending ASP.NET Apr/07 XSS Check
[*] Sending application trace request…
[*] Sending null remoter service request…

[ .NET Configuration Analysis ]

Server    -> Microsoft-IIS/5.1
AppTrace    -> LocalOnly
Application    -> /login.aspx
ADNVersion    -> 1.1.4322
CustomErrors    -> On

matches    -> 1.1.4322.2032 Version 1.1 SP1 Aug 2004
matches    -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1)  Mar 2005
matches    -> 1.1.4322.510 Version 1.1 Final Beta Oct 2002
matches    -> 1.1.4322.573 Version 1.1 RTM (Visual Studio.NET 2003 / Windows Server 2003) Feb 2003

Advertisements

2 thoughts on “web application – asp auditor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s