This is certainly like reconnaissance, other than you obtain details about the goal by interacting with it for the purpose of looking for a vulnerability. php enabled IIS will attempt to serve the directory listing, which will likely be disabled at the same time. In that situation even with anon http://pigpgs.com