Free IIS Scanner & Microsoft IIS Vulnerability Checker

Comprehensive security scanner for Microsoft IIS web servers. Detect IIS version, Windows Server version, ASP.NET configuration, known CVE vulnerabilities, dangerous HTTP methods, WebDAV exposure, misconfigurations, and IIS-specific security issues. Get instant security recommendations and remediation guidance.

No credit card required • Instant results

Version Detection

Fingerprint IIS version (6.0-10.0), Windows Server edition, ASP.NET runtime, and .NET Framework version

CVE Detection

Identify known vulnerabilities including HTTP.sys RCE, WebDAV exploits, and critical IIS CVEs

HTTP Methods

Test for dangerous HTTP methods (PUT, DELETE, TRACE) and unnecessary WebDAV exposure

Misconfigurations

Detect web.config exposure, debug mode, shortname vulnerability, and security header issues

Comprehensive IIS Security Analysis

IIS Detection & Fingerprinting

  • IIS version identification (6.0, 7.0, 7.5, 8.0, 8.5, 10.0)
  • Windows Server version mapping (2003-2022)
  • ASP.NET runtime version detection
  • .NET Framework version identification
  • ASP.NET MVC version detection
  • Server header analysis with confidence scoring
  • Session cookie fingerprinting (ASP.NET_SessionId)
  • IIS-specific path patterns recognition

Version-Specific CVE Detection

  • CVE-2017-7269 - WebDAV Buffer Overflow (CVSS 10.0)
  • CVE-2022-21907 - HTTP.sys RCE (CVSS 9.8)
  • CVE-2021-31166 - HTTP.sys RCE (CVSS 9.8)
  • CVE-2022-30209 - HTTP Auth RCE (CVSS 9.8)
  • CVE-2015-1635 - HTTP.sys RCE (CVSS 7.5)
  • CVE-2009-1535 - WebDAV Auth Bypass (CVSS 9.3)
  • Detailed remediation steps for each CVE
  • CVSS severity scoring and risk assessment

HTTP Method Security Testing

  • Dangerous methods: PUT, DELETE, TRACE, CONNECT
  • WebDAV methods: PROPFIND, MKCOL, COPY, MOVE, LOCK
  • OPTIONS method discovery analysis
  • Method override header testing
  • Allow/Public header parsing
  • Per-method timeout protection
  • Severity-based risk classification
  • Specific remediation recommendations

IIS-Specific Vulnerabilities

  • IIS Short Name vulnerability (MS12-057, 8.3 filename enumeration)
  • web.config file accessibility check
  • Directory browsing detection
  • ASP.NET debug mode detection
  • Debug header exposure (x-aspnet-debug)
  • Version information disclosure
  • Internal IP address disclosure
  • X-Powered-By header leakage

Security Headers Analysis

  • Missing X-Content-Type-Options detection
  • Missing X-Frame-Options analysis
  • Content Security Policy validation
  • HSTS (Strict-Transport-Security) check
  • Referrer-Policy verification
  • Permissions-Policy assessment
  • Security header best practices
  • IIS-specific header recommendations

Server Capabilities Detection

  • HTTP/2 support detection (IIS 10.0+)
  • HTTP/3 support identification
  • TLS 1.3 capability testing
  • WebSockets support (IIS 8.0+)
  • Compression detection (gzip, brotli)
  • SSL/TLS protocol analysis
  • Certificate validation
  • Protocol negotiation testing

Why IIS Security Scanning Matters

Microsoft Internet Information Services (IIS) powers millions of websites and enterprise applications worldwide. However, IIS servers are frequently targeted by attackers due to well-known vulnerabilities, misconfigurations, and version-specific exploits. A single unpatched IIS server can lead to complete system compromise, data breaches, and lateral movement within your network.

Our comprehensive IIS scanner performs deep security analysis including:

  • Version Fingerprinting: Accurately detects IIS, Windows Server, ASP.NET, and .NET Framework versions using multiple evidence sources with confidence scoring
  • CVE Correlation: Automatically matches detected versions against known critical vulnerabilities (HTTP.sys RCE, WebDAV exploits, etc.) with CVSS scores
  • HTTP Method Testing: Identifies dangerous HTTP methods (PUT, DELETE) and unnecessary WebDAV exposure that could allow file uploads or deletions
  • IIS-Specific Checks: Tests for IIS Short Name vulnerability (8.3 filename enumeration), web.config exposure, and debug mode leaks
  • Configuration Analysis: Detects misconfigurations including directory browsing, information disclosure, missing security headers, and debug settings
  • Capability Assessment: Identifies server capabilities (HTTP/2, TLS 1.3, WebSockets) to ensure modern protocol support and secure configurations

Each finding includes detailed remediation guidance with specific commands (fsutil, KB patches, web.config modifications) to help you secure your IIS deployment immediately.

Critical IIS Vulnerabilities We Detect

CVE-2017-7269 - IIS 6.0 WebDAV Buffer Overflow (CVSS 10.0)

Critical remote code execution vulnerability in IIS 6.0 WebDAV. Allows attackers to execute arbitrary code via specially crafted PROPFIND requests. Actively exploited in the wild.

Affects: IIS 6.0 (Windows Server 2003)

CVE-2022-21907 - HTTP.sys Remote Code Execution (CVSS 9.8)

Critical RCE in HTTP Protocol Stack (HTTP.sys). Allows unauthenticated attackers to execute code remotely by sending specially crafted packets to vulnerable IIS servers.

Affects: IIS 10.0 (Windows Server 2016/2019/2022)

CVE-2021-31166 - HTTP.sys Remote Code Execution (CVSS 9.8)

Critical vulnerability in HTTP Protocol Stack allowing remote code execution through malformed HTTP requests. Wormable vulnerability with potential for widespread exploitation.

Affects: IIS 10.0 (Windows Server 2019, Windows 10)

IIS Short Name Vulnerability - MS12-057 (8.3 Filename Enumeration)

Information disclosure vulnerability allowing attackers to enumerate files and folders using Windows 8.3 short names. Can reveal hidden files, backup files, and sensitive directory structures.

Affects: All IIS versions with 8.3 short names enabled (default on older Windows Server)

20+
Critical CVEs detected
15+
HTTP methods tested
50+
Security checks performed
<60s
Comprehensive scan time

Want the Complete Picture?

FREE

This IIS Security Scanner is great for a quick check, but our Full Security Scan gives you a comprehensive security audit in one go.