Cerberus Internet Scanner (CIS)

Cerberus Internet Scanner (CIS)

Category: Vulnerability Scanners
Website: http://www.cerberus-infosec.co.uk/cis.shtml
Manufacturer: Cerberus Information Security, Ltd
Operating System: Windows

4
Security Threat Rating

Description:
CIS is an easy to use tool that scans a remote host for many known vulnerabilities including XSS, Web Service checks, FTP, SMTP, POP3, NT, NetBIOS, and MS SQL checks. Its ease of use makes this tool worth running on any server.

Strengths:
   • All the security scans are embedded in dlls so they can update the individual scans without rebuilding the exe.
   • Can be run in command line mode, in the background, which aids in scanning many machines at once.
   • Generates easy to read HTML based reports.
   • Multi-threaded so it's quick to execute

Weaknesses:
Cerberus Information Security, Ltd is now defunct, absorbed by @stake. @stake ceased development on this tool. Version 5.0 which can scan IIS 5.1 and below still works, however is unable to scan IIS 6.0.

Target:
Any server

Mitigation/Recommendation:
patch the IIS 5.0 or 5.1 server, or upgrade to IIS 6.0

Price:
Free

Penetration (6):
Medium This tool was used heavily years ago, however since it only scans up to IIS 5.1 it has lost footing in the hacker community.

Simplicity (8):
beginner

Damage Potential (1):
Minimal Data Gathering Only