Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Web Config file

By kannthu

Informative
Vidoc logoVidoc Module
#config#exposure
Description

What is the "Web Config file?" module?

The "Web Config file" module is designed to detect misconfigurations in the web.config file of a website. It targets the web.config file, which is a configuration file used by ASP.NET applications to specify settings for the application's behavior.

This module has an informative severity level, which means it provides valuable information but does not indicate a vulnerability or immediate threat.

This module was authored by Yash Anand and DhiyaneshDK.

Impact

The "Web Config file" module helps identify potential misconfigurations in the web.config file. These misconfigurations can have various impacts, such as exposing sensitive information, allowing unauthorized access, or affecting the functionality of the ASP.NET application.

How does the module work?

The "Web Config file" module works by sending HTTP requests to specific paths, such as "/web.config" and "/../../web.config". It then applies matching conditions to determine if the web.config file contains certain elements, such as "" and "".

For example, the module sends a GET request to "/web.config" and checks if the response status is 200 (OK). It also checks if the response body contains the "" and "" elements.

The module uses these matching conditions to identify potential misconfigurations in the web.config file.

For more information, you can refer to the GitHub repository.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/web.config/../../web.config
Matching conditions
word: <configuration>, <system.webServer>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability