Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ASP.NET Debugging Enabled

By kannthu

Vidoc logoVidoc Module

ASP.NET Debugging Enabled

What is "ASP.NET Debugging Enabled?"

The "ASP.NET Debugging Enabled" module is designed to detect misconfigurations related to ASP.NET debugging. It targets websites built on the ASP.NET framework and checks if the debugging mode is enabled. This module has an informative severity level and was authored by dhiyaneshDk.


If ASP.NET debugging is enabled on a production website, it can pose a security risk. Debugging mode provides detailed error information, which can potentially expose sensitive data and aid attackers in identifying vulnerabilities or exploiting the system.

How the module works?

The module works by sending an HTTP request to the target website with the following template:

DEBUG /Foobar-debug.aspx HTTP/1.1
Host: {%Hostname%}
Command: stop-debug
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 2

The module then applies the following matching conditions:

- The response status must be 200. - The response body must contain the word "OK". - The response header must contain the word "Content-Length: 2".

If all the matching conditions are met, the module reports a vulnerability related to ASP.NET debugging being enabled.




max-request: 1

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
status: 200and
word: OKand
word: Content-Length: 2
Passive global matcher
No matching conditions.
On match action
Report vulnerability