IIS Tilde Enumeration Scanner
This extension will add an Active Scanner check for detecting IIS Tilde Enumeration vulnerability and add a new tab in the Burp UI to manually exploit the vulnerability.
In the Burp UI tab you can:
- Check if a host is vulnerable without exploiting the vulnerability
- Exploit the vulnerability by enumerating every shortname in an IIS webserver directory
- Configure the parameters used for the scan and customize them in any way you want
- Edit the base request performed (you can add headers, cookies, edit the User Agent, etc)
- Save the scan output to a file
- Create an Intruder Payload Set for guessing complete names from shortnames retrieved from scan results (by using wordlists)
|Author||Michele 'cyberaz0r' Di Bonaventura|
|Last updated||02 February 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.