full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] iiscan results - a clo

Re: [Full-disclosure] iiscan results - a closer look

From: <dd_at_nospam>
Date: Fri Jan 08 2010 - 20:42:33 GMT
To: full-disclosure@lists.grok.org.uk


I played with it a little yesterday and posted my thoughts (as well as a summary of their whole scan) at:

http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html

It is a nice tool with some good checks looking for SQL, XSS, etc... I just think they
didn't look deep enough in my site to check more stuff...

--dd

On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <robin.sage@rocketmail.com> wrote:
> If anyone has any more invite codes please send one to me.
> I tried the ones posted and they were not functional.
> I also emailed support and never received a response.
>
> Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or
> Acunetix ?
> How many trials do you get per invite code? Just 1 app?
>
> Thanks!
>
> ________________________________
> From: Jardel Weyrich <jweyrich@gmail.com>
> To: p8x <l@p8x.net>
> Cc: full-disclosure@lists.grok.org.uk
> Sent: Thu, January 7, 2010 9:33:07 AM
> Subject: Re: [Full-disclosure] iiscan results
>
> It's probably trying to get different results/responses by changing
> the values of some request headers. The most common scenario, as far
> as I've seen, and as oddly as it might sound, is the User-Agent and
> HTTP minor version.
>
> A more verbose logging strategy would demystify. Or maybe Vincent?
>



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/