hi. use APS (NTLM Authorization Proxy Server) (http://freshmeat.net/projects/ntlmaps/?topic_id=20%2C87%2C250%2C43%2C151) to handle the auth, and ur scanner of choice behind it..
====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt [EMAIL PROTECTED] ====================================================================== On Wed, 6 Nov 2002 [EMAIL PROTECTED] wrote: > > I'm doing a security review and penetration test of a site running on IIS with >Integrated Windows Authentication. Anyone know of an IIS Scanner that can do an IWA >exchange before scanning? > > The SPIKE proxy looks promising, but it appears the NTLM support is not quite >"there" yet for this purpose. The goofy three-message exchange that sets up the NTLM >security doesn't seem to make it through the proxy, which leads me to believe that >any tool that will work for this must have intentionally added support for IWA. > > > > > > Get your free encrypted email at https://www.hushmail.com > ------------ Output from gpg ------------ > gpg: Signature made Wed Nov 6 22:15:16 2002 SAST using DSA key ID 21BE2B65 > gpg: Can't check signature: public key not found > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
