ASP auditor v.2 beta

[darkking]

ASP auditor v2 BETA

Author david.kierznowski_at_gmail.com

http://michaeldaw.org

purpose: Look for common misconfigurations and information leaks in

ASP.NET applications.

This tool is based on H D Moore’s Dot Net Application Scanner

Author: H D Moore

URL: http://www.digitaloffense.net/index.html?section=TOOLS

HDM thanks for the feedback.

Changelog:

* Combined code from Asp Auditor v1 BETA and HDM’s DNAScanner.

* Version plugin allowing specific ASP.NET versioning.

* Version brute force capabilities using JavaScript validate

directories.

* Check if global ASP.NET validate is being used.

* Added brute force as option in usage()

-usage

$ ./asp-audit-latest.pl

Usage: ./asp-audit-latest.pl [[url]http://target/app/file.aspx][/url] (opts)

(opts)
-bf brute force ASP.NET version using JS Validate
directories.

–example 1
$ ./asp-audit.pl [url]http://www.*hidden*/index.aspx[/url]
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…

[ .NET Configuration Analysis ]

Server -> Microsoft-IIS/6.0
Application -> /
FilePath -> D:VirtualServers*hidden*
ADNVersion -> 1.1.4322.2300

matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005

–example 2
$ ./asp-audit.pl [url]http://www.*hidden*/index.aspx[/url] -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…

[ .NET Configuration Analysis ]

Server -> Microsoft-IIS/6.0
AppTrace -> LocalOnly
Application -> /
FilePath -> D:inetpub*hidden*
ADNVersion -> 1.1.4322.2300

matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005

[*] Sending brute force discovery requests…
Found -> /aspnet_client/system_web/1_1_4322

[url]http://michaeldaw.org/projects/asp-audit-latest.tar.gz[/url]