
Web Scan
The Web Scan settings page enables the following tests:
Enable Web Scan: Enables all Web Scanner tests.
Check Phf: Attempts to execute the phf CGI script. See
Check Guess CGI Bin: Determines if the directory where CGI scripts are stored is guessable. See
Check List CGI Bin: Attempts to list the contents of the CGI script directory. See
Check CGI Echo: Attempts to cause a CGI script to execute an echo command. See:
Test IIS *.cmd bug: Determines if an arbitrary command can be executed by versions of Microsoft
Httpd Port: Sets the port the scanner uses to find the http server. This port is
usually 80 or 8080.
Check Httpd Type: Reports HTTP server type in session log. See
Check for vulnerable HTTPd: Checks the web server banner to determine if the server is one which is
known to be vulnerable. See
Check Root Dot Dot: Determines if the web server will allow access to portions of the file
system above the root directory. See
Check for Index: Checks each directory found on the web site for an index file. If an index
file is not present, the server may allow an intruder to list the contents of
the directory. See:
Check Unresolved Links: Tests for unresolved links.