Updated: IIS-FTP Nmap Script

Exploit Target

Yesterday, I posted an article about a Nmap script to detect potentially vulnerable Microsoft IIS FTP servers.

I updated the script which now allows an alternative FTP user and password pair to be passed via the command line (thanks to Chris for the comment). If no arguments are provided, an anonymous FTP session will be started.


# nmap -p 21 -sV --script=IIS-FTP --scriptargs=ftpuser=foo,ftppass=bar

The script location remains the same.


  1. Hey,

    I made some seriously updates to your script, and would like to include it with Nmap (if Fyodor and others agree). Any thoughts?

    Here’s my version:

    Yours had a bug in it that would prevent it from running on the latest versions of Nmap: the isVuln variable was never declared, so when it was read the script would fail. I fixed that, changed the network i/o, changed how it looks for things, etc.

    I wrote about it here (I kept getting questions from people that couldn’t work your script, so I figured I’d write a blog):


  2. Hi,

    I tried your script but no result: Im using XP SP1 IIS 5
    The result did not displayed if the FTP is vulnerable or not
    issue this command: nmap -p 21 -sV –script IIS-FTP

    tarting Nmap 5.00 ( http://nmap.org ) at 2009-09-06 14:14 CST
    mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers
    Interesting ports on
    21/tcp open ftp Microsoft ftpd
    MAC Address: 08:00:27:B5:C1:E9 (Cadmus Computer Systems)
    Service Info: OS: Windows

    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 5.53 seconds

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.