# IIS shortname Scanner Under certern circumstances, windows 8.3 short names may be bruteforce enumerated under IIS with .net enabled, request these two urls: * http://www.target.com/*~1****/a.aspx * http://www.target.com/l1j1e*~1****/a.aspx If the first one return an HTTP 404 and the second one return an 400. Your server may be exploitable to this vulnerability. Usage: * iis_shortname_Scan.py target from [http://www.lijiejie.com](http://www.lijiejie.com) my[at]lijiejie.com