Because of the risk associated with hosting Windows systems running Microsoft IIS 5 or IIS 6 and the easy potential for compromise, many organizations may prohibit its use within their network.

The following custom script may be used to to identify systems running Microsoft IIS 5 (or IIS 6) within the local area network.

Steps for use:

  1. Login to Pwn Pulse, select the Scripts button.
  2. Select Add a script, provide an indicative name for example Custom - Microsoft IIS5 Discovery and select Bash.
  3. In the scripting window, type the following two lines and click the Save button.

    #!/bin/bash
    nmap -p80 --open --script=banner {{target_range}} | grep "IIS5"
  4. Next, select Tasks from the main drop-down menu, then select Add a task.
  5. On the New Task page, provide an indicative name for the task for example IIS5 Discovery, select the newly created script from the Script drop-down menu.  
  6. For the Add to parameter, choose to run the task specific to a single sensor selected from the drop-down menu, or to a group of sensors.
  7. Next, specify the target subnet to be scanned for example x.x.x.x/y.  
  8. Next, select a Start Time and choose a Frequency how often the task should be run (***).  
  9. When finished, click the Save button.

When this task is run, it will scan the target network looking for systems with TCP port 80 open. If found, the target is queried using a banner grab to learn the service/version installed.

When the task is completed, the results of the task may be viewed by returning to the Tasks page, then selecting the Results button.