I played with it a little yesterday and posted my thoughts (as well as a summary of their whole scan) at:
http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html It is a nice tool with some good checks looking for SQL, XSS, etc... I just think they didn't look deep enough in my site to check more stuff... --dd On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage <[email protected]> wrote: > If anyone has any more invite codes please send one to me. > I tried the ones posted and they were not functional. > I also emailed support and never received a response. > > Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or > Acunetix ? > How many trials do you get per invite code? Just 1 app? > > Thanks! > > ________________________________ > From: Jardel Weyrich <[email protected]> > To: p8x <[email protected]> > Cc: [email protected] > Sent: Thu, January 7, 2010 9:33:07 AM > Subject: Re: [Full-disclosure] iiscan results > > It's probably trying to get different results/responses by changing > the values of some request headers. The most common scenario, as far > as I've seen, and as oddly as it might sound, is the User-Agent and > HTTP minor version. > > A more verbose logging strategy would demystify. Or maybe Vincent? > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
