shortscan
An IIS short filename enumeration tool
Details
Category: Fuzzing
Publisher: trickest-mhmdiaa
Created Date: 7/25/2024
Container: quay.io/trickest/shortscan:v0.9.0-patch-3
Source URL: https://github.com/bitquark/shortscan
Parameters
urls
file
requiredCommand:
- urls to scanheader
string
Command:
--header
- header to send with each request (use multiple times for multiple headers)output
string
Command:
--output
- output format (human = human readable; json = JSON) [default: human]is-vuln
boolean
Command:
--isvuln
- bail after determining whether the service is vulnerable [default: false]timeout
string
Command:
--timeout
- per-request timeout in seconds [default: 10]full-url
boolean
Command:
--fullurl
- display the full URL for confirmed files rather than just the filename [default: false]patience
string
Command:
--patience
- patience level when determining vulnerability (0 = patient; 1 = very patient) [default: 0]wordlist
file
Command:
--wordlist
- combined wordlist + rainbow table generated with shortutilstabilise
boolean
Command:
--stabilise
- attempt to get coherent autocomplete results from an unstable server (generates more requests) [default: false]verbosity
string
Command:
--verbosity
- how much noise to make (0 = quiet; 1 = debug; 2 = trace) [default: 0]characters
string
Command:
--characters
- filename characters to enumerate [default: JFKGOTMYVHSPCANDXLRWEBQUIZ8549176320-_()&'!#$%@^{}~]no-recurse
boolean
Command:
--norecurse
- don't detect and recurse into subdirectories (disabled when autocomplete is disabled) [default: false]concurrency
string
Command:
--concurrency
- number of requests to make at once [default: 20]header-file
file
Command:
--header-file
- headers to send with each request (one per line)autocomplete
string
Command:
--autocomplete
- autocomplete detection mode (auto = autoselect; method = HTTP method magic; status = HTTP status; distance = Levenshtein distance; none = disable) [default: auto]