Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Exposed VSCode Folders" module is designed to detect misconfigurations in Visual Studio Code (VSCode) directories. It targets the /.vscode endpoint and searches for the presence of "Index of /.vscode" in the response body. This module has a low severity level and was authored by aashiq.
If the module detects an exposed VSCode directory, it indicates a potential security risk. Exposing sensitive configuration files or source code in the /.vscode directory could lead to unauthorized access or information leakage.
The module works by sending an HTTP GET request to the /.vscode endpoint. It then checks the response body for the presence of the phrase "Index of /.vscode". If this phrase is found, it indicates that the VSCode directory is exposed.
Example HTTP request:
GET /.vscode/ HTTP/1.1
Host: [target host]
The module uses the following matching condition:
- Part: Body - Type: Word - Words: "Index of /.vscode" - Negative: False - Condition: ANDIf the matching condition is met, the module reports the vulnerability of exposed VSCode folders.