Free Microsoft IIS Security Scanner
Scan IIS for vulnerabilities with NVD API integration, active CVE verification, and patch detection. Free security scanner with instant results.
NVD API
Real-time CVE data from NIST NVD (100K+ vulnerabilities) with CVSS 3.1 scoring
Active Verification
WebDAV detection, Range header testing, HTTP/2 checks to confirm vulnerabilities
Patch Detection
Response pattern analysis to detect if patches are installed (MS15-034, etc.)
12+ Checks
Version detection, HTTP methods, shortname vuln, web.config, headers, debug mode
What We Scan For
CVE Vulnerabilities
- • CVE-2017-7269 (WebDAV RCE)
- • CVE-2022-21907 (HTTP.sys RCE)
- • CVE-2015-1635 (MS15-034)
- • 100K+ CVEs from NVD API
Misconfigurations
- • web.config exposure
- • ASP.NET debug mode
- • Directory browsing
- • IIS shortname vulnerability
Security Testing
- • Dangerous HTTP methods
- • WebDAV exposure
- • Security headers
- • Version fingerprinting
Why Choose ScanTower?
| Feature | ScanTower | IIScan | Nmap | Nikto |
|---|---|---|---|---|
| NVD API Integration | ✓ | ✗ | ✗ | ✗ |
| Active CVE Verification | ✓ | ✗ | Partial | ✗ |
| Patch Detection | ✓ | ✗ | ✗ | ✗ |
| CVE Database Size | 100K+ | ~20 | ~15 | ~50 |
| Web Interface | ✓ | ✗ | ✗ | ✗ |
| Scan Speed | <60s | 2-5min | 3-10min | 5-15min |
Critical IIS Vulnerabilities We Detect
CVE-2017-7269 - IIS 6.0 WebDAV Buffer Overflow
CVSS 10.0Remote code execution via WebDAV PROPFIND requests. Active verification: OPTIONS + PROPFIND test confirms WebDAV enabled.
Affects: IIS 6.0 (Windows Server 2003) • Fix: Disable WebDAV (no patch available)
CVE-2015-1635 - HTTP.sys RCE (MS15-034)
CVSS 7.5Remote code execution via Range headers. Patch detection: 416 status = Patched, 200 = Vulnerable.
Affects: IIS 7.5/8.0/8.5 (Win 7/8/2008/2012) • Patch: MS15-034 (KB3042553)
IIS Short Name Vulnerability (MS12-057)
Medium8.3 filename enumeration reveals hidden files. Detection: OPTIONS */~* request with status code analysis.
Affects: All IIS versions • Fix: fsutil behavior set disable8dot3 1
Frequently Asked Questions
What makes this IIS scanner different?
ScanTower is the only IIS scanner with NIST NVD API integration (100K+ real-time CVEs), active vulnerability verification (WebDAV detection, patch testing), and sub-60-second scan times. Traditional tools use outdated hardcoded CVE lists.
What is active CVE verification?
We don't just match versions to CVE lists-we test if vulnerabilities are actually exploitable. For CVE-2017-7269, we verify WebDAV is enabled. For MS15-034, we test if patches are applied via Range header responses. This eliminates false positives.
Is it safe for production servers?
Yes. We use only safe, read-only operations (OPTIONS, GET, HEAD, PROPFIND). No exploit payloads or crash triggers. All tests have 8-second timeouts. Safe for production IIS servers.
What IIS versions are supported?
IIS 6.0 through 10.0 (Windows Server 2003-2022). We fingerprint IIS versions, Windows Server editions, ASP.NET runtime (2.0-4.8), and .NET Framework versions using multiple detection methods.
How long does a scan take?
Most scans complete in under 60 seconds. NVD CVE queries are cached (24-hour TTL) for fast subsequent scans. This is 3-10x faster than CLI tools like Nikto or Nmap.
Want the Complete Picture?
FREEThis IIS Security Scanner is great for a quick check, but our Full Security Scan gives you a comprehensive security audit in one go.