####################################################################
# IIS   Sample files and Directory check scan rule
#reported by David A.K.A AnOnYmUs@undernet
#thanks David 
#
#rule by pilot
#
#
#####################################################################

403-> GET :/Scripts  ^/Scripts;;  
403-> GET :/cgi-bin/ ^/cgi-bin/;; 
403-> GET :/srchadm ^/srchadm;; 
403-> GET :/iisadmin ^/iisadmin;; 
403-> GET :/iissamples ^/iissamples;; 
403-> GET :/iissamples/Default ^/iissamples/Default;; 
403-> GET :/iissamples/ExAir ^/iissamples/ExAir;; 
403-> GET :/iissamples/ISSamples ^/iissamples/ISSamples;; 
403-> GET :/iisamples/Sdk ^/iisamples/Sdk;; 
403-> GET :/Scripts/samples ^/Scripts/samples;; 
403-> GET :/Scripts/tools ^/Scripts/tools;; 
403-> GET :/_private ^/_private;; 
403-> GET :/_vti_bin ^/_vti_bin;; 
403-> GET :/_vti_bin ^/_vti_bin;; 
403-> GET :/_vti_log ^/_vti_log;; 
403-> GET :/_vti_pvt ^/_vti_pvt;; 
403-> GET :/_vti_txt ^/_vti_txt;; 
403-> GET :/cgi-bin/_vti_cnf ^/cgi-bin/_vti_cnf;; 
403-> GET :/_vti_bin/_vti_adm ^/_vti_bin/_vti_adm;; 
403-> GET :/_vti_bin/_vti_aut ^/_vti_bin/_vti_aut;; 
403-> GET :/scripts/iisadmin ^/scripts/iisadmin;; 
403-> GET :/scripts/IISADMPWD ^/scripts/IISADMPWD;; 
403-> GET :/scripts/iisadmin/samples ^/scripts/iisadmin/samples;; 
403-> GET :/scripts/iisadmin/tools ^/scripts/iisadmin/tools;; 
403-> GET :/admisapi/ ^/admisapi/;; 
403-> GET :/scripts/Fpadmcgi.exe ^/scripts/Fpadmcgi.exe;; 
403-> GET :/msadc/samples/adctest.asp ^/msadc/samples/adctest.asp;; 
403-> GET :/_vti_bin/_vti_aut/author.dll ^/_vti_bin/_vti_aut/author.dll;; 
403-> GET :/_vti_adm/admin.dll ^/_vti_adm/admin.dll;; 
403-> GET :/scripts/proxy/w3proxy.dll ^/scripts/proxy/w3proxy.dll;; 
403-> GET :/scripts/cpshost.dll ^/scripts/cpshost.dll;; 
403-> GET :/scripts/convert.bas ^/scripts/convert.bas;; 
403-> GET :/Sites/Knowledge/^/Sites/Knowledge/;;
403-> GET :/Sites/Samples/^/Sites/Samples/;;
403-> GET :/SiteServer/Publishing/^/SiteServer/Publishing/;;
403-> GET :/AdvWorks/equipment/catalog_type.asp ^/AdvWorks/equipment/catalog_type.asp;; 
403-> GET :/scripts/perl ^/scripts/perl;;
403-> GET :/scripts/iisadmin/default.htm ^/scripts/iisadmin/default.htm;; 
403-> GET :/cgi-bin/visitor.exe ^/cgi-bin/visitor.exe;; 
403-> GET :/scripts/../../cmd.exe ^/scripts/../../cmd.exe;; 
403-> GET :/cgi-win/wincgi.bat ^/cgi-win/wincgi.bat;; 
403-> GET :/scripts/convert.bas ^/scripts/convert.bas;; 
403-> GET :/..../Windows/Admin.pwl ^/..../Windows/Admin.pwl;; 
403-> GET :/_vti_bin/shtml.dll/_vti_rpc ^/_vti_bin/shtml.dll/_vti_rpc;;
403-> GET :/_vti_bin/_vti_aut/author.dll ^/_vti_bin/_vti_aut/author.dll;;

#microsoft backdoor
401-> GET :/_vti_bin/_vti_aut/dvwssr.dll ^/_vti_bin/_vti_aut/dvwssr.dll;; 

#microsoft backdoor
500-> GET :/_vti_bin/_vti_aut/dvwssr.dll ^/_vti_bin/_vti_aut/dvwssr.dll;;
##########################################################################

200 OK-> GET :/Scripts  ^/Scripts;;  
200 OK-> GET :/cgi-bin/ ^/cgi-bin/;; 
200 OK-> GET :/srchadm ^/srchadm;; 
200 OK-> GET :/iisadmin ^/iisadmin;; 
200 OK-> GET :/iissamples ^/iissamples;; 
200 OK-> GET :/iissamples/Default ^/iissamples/Default;; 
200 OK-> GET :/iissamples/ExAir ^/iissamples/ExAir;; 
200 OK-> GET :/iissamples/ISSamples ^/iissamples/ISSamples;; 
200 OK-> GET :/iisamples/Sdk ^/iisamples/Sdk;; 
200 OK-> GET :/Scripts/samples ^/Scripts/samples;; 
200 OK-> GET :/Scripts/tools ^/Scripts/tools;; 
200 OK-> GET :/_private ^/_private;; 
200 OK-> GET :/_vti_bin ^/_vti_bin;; 
200 OK-> GET :/_vti_bin ^/_vti_bin;; 
200 OK-> GET :/_vti_log ^/_vti_log;; 
200 OK-> GET :/_vti_pvt ^/_vti_pvt;; 
200 OK-> GET :/_vti_txt ^/_vti_txt;; 
200 OK-> GET :/cgi-bin/_vti_cnf ^/cgi-bin/_vti_cnf;; 
200 OK-> GET :/_vti_bin/_vti_adm ^/_vti_bin/_vti_adm;; 
200 OK-> GET :/_vti_bin/_vti_aut ^/_vti_bin/_vti_aut;; 
200 OK-> GET :/scripts/iisadmin ^/scripts/iisadmin;; 
200 OK-> GET :/scripts/IISADMPWD ^/scripts/IISADMPWD;; 
200 OK-> GET :/scripts/iisadmin/samples ^/scripts/iisadmin/samples;; 
200 OK-> GET :/scripts/iisadmin/tools ^/scripts/iisadmin/tools;; 
200 OK-> GET :/admisapi/ ^/admisapi/;; 
200 OK-> GET :/scripts/Fpadmcgi.exe ^/scripts/Fpadmcgi.exe;; 
200 OK-> GET :/msadc/samples/adctest.asp ^/msadc/samples/adctest.asp;; 
200 OK-> GET :/_vti_bin/_vti_aut/author.dll ^/_vti_bin/_vti_aut/author.dll;; 
200 OK-> GET :/_vti_adm/admin.dll ^/_vti_adm/admin.dll;; 
200 OK-> GET :/scripts/proxy/w3proxy.dll ^/scripts/proxy/w3proxy.dll;; 
200 OK-> GET :/scripts/cpshost.dll ^/scripts/cpshost.dll;; 
200 OK-> GET :/scripts/convert.bas ^/scripts/convert.bas;; 
200 OK-> GET :/AdvWorks/equipment/catalog_type.asp ^/AdvWorks/equipment/catalog_type.asp;; 
200 OK-> GET :/scripts/perl ^/scripts/perl;;
200 OK-> GET :/scripts/iisadmin/default.htm ^/scripts/iisadmin/default.htm;; 
200 OK-> GET :/cgi-bin/visitor.exe ^/cgi-bin/visitor.exe;; 
200 OK-> GET :/scripts/../../cmd.exe ^/scripts/../../cmd.exe;; 
200 OK-> GET :/cgi-win/wincgi.bat ^/cgi-win/wincgi.bat;; 
200 OK-> GET :/scripts/convert.bas ^/scripts/convert.bas;; 
200 OK-> GET :/..../Windows/Admin.pwl ^/..../Windows/Admin.pwl;; 
#microsoft backdoor
200 OK-> GET :/_vti_bin/_vti_aut/dvwssr.dll ^/_vti_bin/_vti_aut/dvwssr.dll;; 
#frontpage denial of service
200 OK-> GET :/_vti_bin/shtml.dll/_vti_rpc ^/_vti_bin/shtml.dll/_vti_rpc;;
200 OK-> GET :/_vti_bin/_vti_aut/author.dll ^/_vti_bin/_vti_aut/author.dll;;
############# end check #####################################################