Finding IIS vulnerable websites using google dorks

How to find websites vulnerable to Microsoft IIS server 8.5 exploit?


I think anonymn would like to answer this.

I am torn on wheather to speak or not on this.:stuck_out_tongue_winking_eye:

Metasploit may have something that scans for it and then there is something I am working on that could help but I am still testing it and making sure it doesn’t leak any information about the user.
I am also hesitant to release it to the public.

Anyway I have an nmap scan in mind give me at the most a few days to test something with it and I can tell you what I would do to start with.

Yes NMAP you better learn nmap if you want to be a hacker/pentester.

Ik nmap also finds vulnerabilities and Metasploit can also be used but here i am talking about websites that are running on IIS 8.5 and are using windows as their host os.

Yes but they will help you find out if they are vulnerable.
Also there is probably a trick with a shodan search that will help.

What type of trick? I am being specific here about my requirements.

Oh boy think about it.

Maybe figure out the correct patch version number and such things and search for that.

1 Like

Was webmap not doing this. I haven’t used it in a while.