ServerMask is a tool that is used to hide information about IIS Webservers. Since IIS Webservers are vulnerable to various attacks, such as, code red worm, iis unicode exploit, etc., to mitigate such attacks, ServerMask removes all unnecessary HTTP headers & response data, and file extensions like .asp or .aspx, which are clear indicators that a site is running on a Microsoft server. Besides this, ServerMask modifies the ASP session ID cookies values, default messages, pages and scripts of all kinds to misguide an attacker. Answer: A is incorrect. httprint is a fingerprinting tool that is based on Web server characteristics to accurately identify Web servers. It works even when Web server may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. Answer: C is incorrect. Whisker is an HTTP/Web vulnerability scanner that is written in the PERL language. Whisker runs on both the Windows and UNIX environments. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Answer: D is incorrect. WinSSLMiM is an HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool used to make fake certificates. It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.