ASP Auditor v2 BETA
ASP auditor v2 BETA
Author david.kierznowski_at_gmail.com
http://michaeldaw.org
purpose: Look for common misconfigurations and information leaks in
ASP.NET applications.
# Changelog: # --v2.2-- 20/Apr/07 # * Added additional support for Anti-XSS Validation detection. # * Added ASP Source Directory Leak Check # * Added Apr/07 ASP.NET Validation Bypass Check # # –v2.1– 25/Sep/06 # * GET /Trace.axd often leaks ASP.NET version when other methods fail. # * Fixed “?” bug in JavaScript Validate test # * Added Version into usage() # # –v2.0– 16/Sep/06 # * Version plugin allowing specific ASP.NET versioning. # * Version brute force capabilities using JavaScript validate # directories. # * Check if global ASP.NET validate is being used. # * Added brute force function and option in usage()
This tool is based on H D Moore’s Dot Net Application Scanner
Author: H D Moore <hdm_at_digitaloffense.net>
URL: http://www.digitaloffense.net/index.html?section=TOOLS
Credits:
HDM thanks for the feedback.
--usage
$ ./asp-audit-latest.pl
Usage: ./asp-audit-latest.pl [http://target/app/file.aspx] (opts)
(opts)
-bf brute force ASP.NET version using JS Validate
directories.
–example 1
$ ./asp-audit.pl http://www.*hidden*/index.aspx
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
Application -> /
FilePath -> D:\VirtualServers\*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
–example 2
$ ./asp-audit.pl http://www.*hidden*/index.aspx -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
AppTrace -> LocalOnly
Application -> /
FilePath -> D:\inetpub\*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
[*] Sending brute force discovery requests…
Found -> /aspnet_client/system_web/1_1_4322
The tool can be downloaded here:
http://michaeldaw.org/projects/asp-audit-latest.tar.gz
Hi,
unfortunately your download link is broken :(
Greets
A bit of a bug me thinks.. I have modified the href to /projects/ as a temp. fix. Thanks for reporting it.
The problem has been resolved. You should be able to download it now via the link above.
Hi there,
I was playing with the tool and thought isn’t the code below better to check if ASP.NET Validate is enabled or not.
#my $fake_asp = “FAQ$$.aspx<script>FAQ$$</script>”;
my $fake_asp = “<script>FAQ$$</script>”;
#if ($fake_uri =~ m/(.*)\//) { $fake_uri = $1 }
#$fake_uri .= “/$fake_asp”;
$fake_uri .= “?$fake_asp”;
Yeh, quite obvious bug. Yes that is what it should have said. You can see my eyes were getting droopy at this point :)
[...] ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly. [...]
[...] ASP Auditor The purpose of this tool is to look for common misconfiguration and information leaks in ASP.NET [...]
[...] Java, there is Milk (based on Orizon), LAPSE, and SWAAT (only JSP). ASP classic and ASP.NET have ASP Auditor, SWAAT, and DN_BOFinder. Javascript has JSLint. There are also static code analysis tools [...]
[...] 1. SPIKE Proxy 2. WebScarab 3. Burp Intruder 4. Wapiti 5. RFuzz The Web Destroyer 6. OWASP WSFuzzer 7. SPI Fuzzer 8. Suru Web Proxy 9. AppScan 10. ASP Auditor [...]