ASP auditor v2 BETA
Author david.kierznowski_at_gmail.com
http://michaeldaw.org

purpose: Look for common misconfigurations and information leaks in
ASP.NET applications.

# Changelog:
# --v2.2-- 20/Apr/07
# * Added additional support for Anti-XSS Validation detection.
# * Added ASP Source Directory Leak Check
# * Added Apr/07 ASP.NET Validation Bypass Check
#
# --v2.1-- 25/Sep/06
# * GET /Trace.axd often leaks ASP.NET version when other methods fail.
# * Fixed "?" bug in JavaScript Validate test
# * Added Version into usage()
#
# --v2.0-- 16/Sep/06
# * Version plugin allowing specific ASP.NET versioning.
# * Version brute force capabilities using JavaScript validate
# directories.
# * Check if global ASP.NET validate is being used.
# * Added brute force function and option in usage()

This tool is based on H D Moore’s Dot Net Application Scanner
Author: H D Moore <hdm_at_digitaloffense.net>
URL: http://www.digitaloffense.net/index.html?section=TOOLS

Credits:
HDM thanks for the feedback.

--usage
$ ./asp-audit-latest.pl

Usage:   ./asp-audit-latest.pl [http://target/app/file.aspx] (opts)

        (opts)
            -bf brute force ASP.NET version using JS Validate
            directories.

--example 1
$ ./asp-audit.pl http://www.*hidden*/index.aspx
[*] Sending initial probe request...
[*] Sending path discovery request...
[*] Sending ASP.NET validate discovery request...
[*] Sending application trace request...
[*] Sending null remoter service request...

[ .NET Configuration Analysis ]

  Server   -> Microsoft-IIS/6.0
  Application   -> /
  FilePath   -> D:\VirtualServers\*hidden*
  ADNVersion   -> 1.1.4322.2300

  matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1)  Mar 2005

--example 2
$ ./asp-audit.pl http://www.*hidden*/index.aspx -bf
[*] Sending initial probe request...
[*] Sending path discovery request...
[*] Sending ASP.NET validate discovery request...
[*] Sending application trace request...
[*] Sending null remoter service request...

[ .NET Configuration Analysis ]

    Server  -> Microsoft-IIS/6.0
    AppTrace  -> LocalOnly
    Application  -> /
    FilePath  -> D:\inetpub\*hidden*
    ADNVersion  -> 1.1.4322.2300

    matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1)  Mar 2005

[*] Sending brute force discovery requests...
        Found -> /aspnet_client/system_web/1_1_4322

The tool can be downloaded here:

http://michaeldaw.org/wp-content/uploads/2016/10/asp-audit-latest.tar.gz