Module - Localstart.asp

Created by: treadie

With regards to the localstart.asp module, rather than flagging when this file exists, the module should instead flag whenever it discovers NTLM based basic authentication (or just basic auth for that matter. however it should differentiate the 2). As this will always be tied to the local computer or the internal domain, and essentially allow brute forcing of user accounts and/or DoS (locking domain accounts). It also means that you could add ‘localstart.asp’ to the common file list, and have the ‘ntlm basic auth?’ module flag whenever it encounters a 401 requesting NTLM auth.