Hunt ASP.NET-specific vulnerabilities
hunt-aspnetskillsetup L1★1,791
elementalsouls/Claude-BugHunter ↗What it does
Discover ASP.NET Webforms/WCF/SharePoint misconfigurations and deserialization gadgets
Best for
Legacy ASP.NET pentesting when ViewState, machineKey, and trace endpoint disclosure matter.
Inputs
- · ASP.NET target
- · optional web.config or machineKey sample
Outputs
- · ViewState decryption / bypass detection
- · machineKey recovery technique
- · trace.axd/elmah.axd disclosure payloads
Requires
- · Burp
- · ysoserial.net
- · curl
Preconditions
ASP.NET Classic / Webforms / WCF / SharePoint environment
Failure modes
Assuming modern .NET Core (no ViewState); misidentifying load-balanced machineKey sync failures
Trust signals
- · ViewState signed-vs-encrypted distinction
- · Dual-parser MAC-bypass anti-pattern
- · customErrors mode=Off stack-trace leaks