A Python tool to exploit the IIS Tilde 8.3 Enumeration Vulnerability, allowing discovery of full file and directory names on vulnerable Microsoft IIS servers.
- 🔍 Enumerates hidden file/directory names using tilde vulnerability
- 📋 Supports custom wordlists for scanning
- ⚙️ Configurable scanning options
- 🌐 Proxy support
- 🔮 Optional Google keyword suggestion enhancement
- Python 3
- Wordlist file (recommended: fuzzdb wordlists)
python3 enums.py -u <target_url> -h: Show help message-u: Target URL to scan-d: Path to wordlist-e: Path to extensions file-c: Cookie header-p: Proxy configuration-o: Output file-v: Verbosity level (0-2)
- Only finds directories with names longer than 8 characters
- Complementary to full directory enumeration tools like DirBuster
- Original Author: Micah Hoffman (@WebBreacher)
- Refactored by: (@esaBear)
- Python 3 Migration: (@Rhyru9)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
