Imported from the community mirror repository deadjakk/Unofficial-NSE-Repo because no upstream FROM.md reference was available for this folder. Module Author: r00t-3xp10it NSE script to detect if target [ip]:[port][/url] its affected by CVE-2010-2731 (Directory Listing Denied) This module bypasses Directory Listing protections for Internet Information Services (microsoft-IIS/5.1 to 7.5 & nginx 0.7.52 to 1.3.0). By appending a payload to the end of the directory name in a request, it is possible to access webserver protected directorys. nse arguments available: verbose=true (automatic display target body) agent=User-Agent (User-Agent string to send in probes) | uri=directory to scan (If none uri its inputed then this script tests a List of default [/url’s] available in our database to brute force folder names). This nse script will auto-execute if the categorie it belongs its called (eg. —script=vuln) <— run all vuln categorie scripts. Some Syntax examples: nmap —script-help IIS-CVE-2010-2731.nse nmap -sV -v -Pn -n -p 80-86,8001,8080-8086 —open —script=vuln 103.59.101.83 nmap -sV -Pn -n -p 80-86,8001,8080-8086 —open —script IIS-CVE-2010-2731.nse 223.7.230.27 nmap -sV -Pn -n -p 80-86,8001,8080-8086 —open —script IIS-CVE-2010-2731.nse —script-args “uri=/css” 223.7.230.27 nmap -sS -Pn -p 80 —open —script IIS-CVE-2010-2731.nse —script-args “agent=Apache-HttpClient/4.0.3,verbose=true” 80.32.135.112 nmap -sS -v -Pn -n -T4 -iR 700 -p 80,8001,8080-8086 —open —script=banner.nse,http-headers.nse,IIS-CVE-2010-2731.nse -D 65.49.82.3