Web Scan contents.gifindex.gif

Web Scan

The Web Scan settings page enables the following tests:

Enable Web Scan: Enables all Web Scanner tests.

Check Phf: Attempts to execute the phf CGI script. See phf Check.

Check Guess CGI Bin: Determines if the directory where CGI scripts are stored is guessable. See Guess cgi-bin

Check List CGI Bin: Attempts to list the contents of the CGI script directory. See List cgi-bin

Check CGI Echo: Attempts to cause a CGI script to execute an echo command. See: CGI Exec.

Test IIS *.cmd bug: Determines if an arbitrary command can be executed by versions of Microsofts Internet Information Server prior to 2.0 (release). See IIS .bat and .cmd Bug.

Httpd Port: Sets the port the scanner uses to find the http server. This port is usually 80 or 8080.

Check Httpd Type: Reports HTTP server type in session log. See Vulnerable HTTP Servers .

Check for vulnerable HTTPd: Checks the web server banner to determine if the server is one which is known to be vulnerable. See Vulnerable HTTP Servers.

Check Root Dot Dot: Determines if the web server will allow access to portions of the file system above the root directory. See Root Dot Dot.

Check for Index: Checks each directory found on the web site for an index file. If an index file is not present, the server may allow an intruder to list the contents of the directory. See: WWW Directories without an index.

Check Unresolved Links: Tests for unresolved links.