Free Microsoft IIS Security Scanner
Scan IIS for vulnerabilities with NVD API integration, active CVE verification, and patch detection. Free security scanner with instant results.
NVD API
Real-time CVE data from NIST NVD (100K+ vulnerabilities) with CVSS 3.1 scoring
Active Verification
WebDAV detection, Range header testing, HTTP/2 checks to confirm vulnerabilities
Patch Detection
Response pattern analysis to detect if patches are installed (MS15-034, etc.)
12+ Checks
Version detection, HTTP methods, shortname vuln, web.config, headers, debug mode
What We Scan For
CVE Vulnerabilities
- • CVE-2017-7269 (WebDAV RCE)
- • CVE-2022-21907 (HTTP.sys RCE)
- • CVE-2015-1635 (MS15-034)
- • 100K+ CVEs from NVD API
Misconfigurations
- • web.config exposure
- • ASP.NET debug mode
- • Directory browsing
- • IIS shortname vulnerability
Security Testing
- • Dangerous HTTP methods
- • WebDAV exposure
- • Security headers
- • Version fingerprinting
Why Choose ScanTower?
| Feature | ScanTower | IIScan | Nmap | Nikto |
|---|---|---|---|---|
| NVD API Integration | ✓ | ✗ | ✗ | ✗ |
| Active CVE Verification | ✓ | ✗ | Partial | ✗ |
| Patch Detection | ✓ | ✗ | ✗ | ✗ |
| CVE Database Size | 100K+ | ~20 | ~15 | ~50 |
| Web Interface | ✓ | ✗ | ✗ | ✗ |
| Scan Speed | <60s | 2-5min | 3-10min | 5-15min |
Critical IIS Vulnerabilities We Detect
CVE-2017-7269 - IIS 6.0 WebDAV Buffer Overflow
CVSS 10.0Remote code execution via WebDAV PROPFIND requests. Active verification: OPTIONS + PROPFIND test confirms WebDAV enabled.
Affects: IIS 6.0 (Windows Server 2003) • Fix: Disable WebDAV (no patch available)
CVE-2015-1635 - HTTP.sys RCE (MS15-034)
CVSS 7.5Remote code execution via Range headers. Patch detection: 416 status = Patched, 200 = Vulnerable.
Affects: IIS 7.5/8.0/8.5 (Win 7/8/2008/2012) • Patch: MS15-034 (KB3042553)
IIS Short Name Vulnerability (MS12-057)
Medium8.3 filename enumeration reveals hidden files. Detection: OPTIONS */~* request with status code analysis.
Affects: All IIS versions • Fix: fsutil behavior set disable8dot3 1
Frequently Asked Questions
What makes this IIS scanner different?
ScanTower is the only IIS scanner with NIST NVD API integration (100K+ real-time CVEs), active vulnerability verification (WebDAV detection, patch testing), and sub-60-second scan times. Traditional tools use outdated hardcoded CVE lists.
What is active CVE verification?
We don't just match versions to CVE lists—we test if vulnerabilities are actually exploitable. For CVE-2017-7269, we verify WebDAV is enabled. For MS15-034, we test if patches are applied via Range header responses. This eliminates false positives.
Is it safe for production servers?
Yes. We use only safe, read-only operations (OPTIONS, GET, HEAD, PROPFIND). No exploit payloads or crash triggers. All tests have 8-second timeouts. Safe for production IIS servers.
What IIS versions are supported?
IIS 6.0 through 10.0 (Windows Server 2003-2022). We fingerprint IIS versions, Windows Server editions, ASP.NET runtime (2.0-4.8), and .NET Framework versions using multiple detection methods.
How long does a scan take?
Most scans complete in under 60 seconds. NVD CVE queries are cached (24-hour TTL) for fast subsequent scans. This is 3-10x faster than CLI tools like Nikto or Nmap.
Want the Complete Picture?
FREEThis IIS Security Scanner is great for a quick check, but our Full Security Scan gives you a comprehensive security audit in one go.