ASP Auditor v1.0 BETA
ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/projects/
PLEASE NOTE THIS V1.0 IS DEPRECATED.
Please see the following link for the latest information regarding this tool: http://michaeldaw.org/projects/asp-auditor-v2/
The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers.
Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ david.kierznowski@gmail.com ]
Usage: ./asp-audit.pl (opts) [host] [port]
(opts)
-h these usage instructions
-b brute force ASP.NET version using JS Validate
directories.
-m match against fingerprints
-v verbose messaging
Some examples can be seen below:
$ ./asp-audit.pl labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No
$ ./asp-audit.pl -m labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No
Fingerprint matches:
2.0.50727.07 Version 2.0 (Visual Studio.NET 2005 CTP) Aug 2005
2.0.50727.26 Version 2.0 (Visual Studio.NET 2005 RC / SQL Server 2005 CTP) Sep 2005
2.0.50727.42 Version 2.0 RTM (Visual Studio.NET 2005 RTM / SQL Server 2005 RTM) Nov 2005
$ ./asp-audit.pl *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES
$ ./asp-audit.pl -b *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES
Found: aspnet_client/system_web/1_1_4322
Found: aspnet_client/system_web/2_0_50727
The tool can be downloaded here:
http://michaeldaw.org/projects/asp-audit-v1BETA.tar.gz
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
httprint is a good web server fingerprinting tool :
http://net-square.com/httprint/
But it’s not an open source app
wow, this program really s0x :) You’re better to learn how to program before you start releasing this crap ;)
Achtung, your telling me buddy! who the heck is this guy. :)
Sirius_black, the last I looked httprint fingerprints the web server software being used, the idea behind this tool was to fingerprint the ASP.NET version.
Hey it’s all good. Might be nice if this fingerprinting gets integrated with another tool. I don’t know what people expecting for free.
You might be interested in my DNAScan tool (Dot Net Application Scanner). It uses some different tricks to leak version information, physical file paths, and so on. The tool is mostly unmaintained and most of the functionality will eventually make it into the Metasploit Framework. You can download the latest version of DNAScan from http://metasploit.com/users/hdm/tools/dnascan.pl.gz
When I initially began working on this tool I was hoping to find a number of techniques to fingerprint ASP.NET versions. Together with its configuration checks I planned to have a simple ASP.NET vulnerability assessment tool. Unfortunately, fingerprinting the specific version was not as easy as it first appeared. The ASP Auditor works and can be quite handy but please note it is more of a Frankenstein project then anything else.
If anyone has any other ideas for version fingerprinting or any ideas at all they are most welcome.