id: vscode-sftp info: name: VSCode SFTP File Exposure author: geeknik severity: high description: | It discloses sensitive files created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials. metadata: verified: true shodan-query: html:"sftp.json" tags: exposure,vscode,sftp,ssh,files requests: - method: GET path: - "{{BaseURL}}/sftp.json" - "{{BaseURL}}/.config/sftp.json" - "{{BaseURL}}/.vscode/sftp.json" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - '"name":' - '"host":' - '"protocol":' condition: and - type: word part: header words: - "application/json" - type: status status: - 200