Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Exposed VSCode Folders

By kannthu

Low
Vidoc logoVidoc Module
#vscode#exposure
Description

What is "Exposed VSCode Folders?"

The "Exposed VSCode Folders" module is designed to detect misconfigurations in Visual Studio Code (VSCode) directories. It targets the /.vscode endpoint and searches for the presence of "Index of /.vscode" in the response body. This module has a low severity level and was authored by aashiq.

Impact

If the module detects an exposed VSCode directory, it indicates a potential security risk. Exposing sensitive configuration files or source code in the /.vscode directory could lead to unauthorized access or information leakage.

How the module works?

The module works by sending an HTTP GET request to the /.vscode endpoint. It then checks the response body for the presence of the phrase "Index of /.vscode". If this phrase is found, it indicates that the VSCode directory is exposed.

Example HTTP request:

GET /.vscode/ HTTP/1.1
Host: [target host]

The module uses the following matching condition:

- Part: Body - Type: Word - Words: "Index of /.vscode" - Negative: False - Condition: AND

If the matching condition is met, the module reports the vulnerability of exposed VSCode folders.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/.vscode/
Matching conditions
word: Index of /.vscode
Passive global matcher
No matching conditions.
On match action
Report vulnerability