Skip to main content

hunt-aspnet

Identifies and exploits ASP.NET vulnerabilities, focusing on deserialization issues and security misconfigurations.

Install this skill

or
66/100

Security score

The hunt-aspnet skill was audited on May 26, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 125

Curl to non-GitHub URL

SourceSKILL.md
125curl -sk -X POST "https://target.example/page.aspx" \
medium line 162

Curl to non-GitHub URL

SourceSKILL.md
162curl -sk -o /dev/null -w "%{http_code}\n" "https://target.example/trace.axd"
medium line 170

Curl to non-GitHub URL

SourceSKILL.md
170curl -sk "https://target.example/" -o body.html
medium line 173

Curl to non-GitHub URL

SourceSKILL.md
173curl -sk "https://target.example/Service.svc?wsdl" | xmllint --format - | head -60
medium line 191

Curl to non-GitHub URL

SourceSKILL.md
191curl -sk "https://target.example/Telerik.Web.UI.WebResource.axd?type=rau" -X POST
low line 125

External URL reference

SourceSKILL.md
125curl -sk -X POST "https://target.example/page.aspx" \
low line 139

External URL reference

SourceSKILL.md
139r = S.get("https://target.example/path/page.aspx")
low line 153

External URL reference

SourceSKILL.md
153r = S.post("https://target.example/path/page.aspx",
low line 162

External URL reference

SourceSKILL.md
162curl -sk -o /dev/null -w "%{http_code}\n" "https://target.example/trace.axd"
low line 170

External URL reference

SourceSKILL.md
170curl -sk "https://target.example/" -o body.html
low line 173

External URL reference

SourceSKILL.md
173curl -sk "https://target.example/Service.svc?wsdl" | xmllint --format - | head -60
low line 185

External URL reference

SourceSKILL.md
185Referer: http://x.com/<script> (referer not validated in classic ASP.NET)
low line 191

External URL reference

SourceSKILL.md
191curl -sk "https://target.example/Telerik.Web.UI.WebResource.axd?type=rau" -X POST
low line 259

External URL reference

SourceSKILL.md
259`https://target-portal.example/_layouts/15/ToolPane.aspx?DisplayMode=Edit` returns 200 anonymously. The form contains `__VIEWSTATE` (signed only — `__VIEWSTATEENCRYPTED=""`), and `__REQUESTDIGEST` is
Scanned on May 26, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawbackendsecurity-engineerbackend-developerdata-analystgithubdevelopmentdata analytics
elementalsouls/Claude-BugHunter