shortscan: An IIS short filename enumeration tool

by ddos · Published · Updated

shortscan

Shortscan is designed to quickly determine which files with short filenames exist on an IIS webserver. Once a short filename has been identified the tool will try to automatically identify the full filename.

In addition to standard discovery methods Shortscan also uses a unique checksum matching approach to attempt to find the long filename where the short filename is based on Windows’ proprietary shortname collision avoidance checksum algorithm (more on this research at a later date).

Install

Using a recent version of go:

go install github.com/bitquark/shortscan/cmd/shortscan@latest

Manual install

To build (and optionally install) locally:

go get github.com/bitquark/shortscan && go build
go install

Use

Basic usage

Shortscan is easy to use with minimal configuration. Basic usage looks like this:

$ shortscan http://example.org/

Advanced features

The following options allow further tweaks:

Copyright (c) 2019 Bitquark https://bitquark.io/

Source: https://github.com/bitquark/

Tags: IIS short filename enumerationshortscan