{"id":22799914,"url":"https://github.com/chocapikk/vscode-config-file-parser","last_synced_at":"2025-03-30T19:17:29.190Z","repository":{"id":133507080,"uuid":"591200785","full_name":"Chocapikk/VSCode-Config-File-Parser","owner":"Chocapikk","description":"This program is designed to parse Visual Studio Code configuration files (sftp.json) that may be exposed on the internet","archived":false,"fork":false,"pushed_at":"2023-01-26T16:27:18.000Z","size":21,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-05T21:53:37.893Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-20T06:47:43.000Z","updated_at":"2024-08-30T23:29:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"5ac16b15-b8cb-4b2e-8a44-4b4ad0f7da0e","html_url":"https://github.com/Chocapikk/VSCode-Config-File-Parser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FVSCode-Config-File-Parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FVSCode-Config-File-Parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FVSCode-Config-File-Parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FVSCode-Config-File-Parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/VSCode-Config-File-Parser/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246365647,"owners_count":20765549,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T07:10:25.352Z","updated_at":"2025-03-30T19:17:28.889Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vscode.py\n\nThis script is used to parse vscode configuration files from websites, it will extract information such as host, port, username, and password. This information can be used to compromise the machine.\n\n## Usage\n\nTo use this script, you will need to provide an input file containing a list of URLs to parse, and an output file to save the parsed information.\n\n```bash\npython vscode.py input_file.txt output_file.txt [-f file_format]\n```\n\n### Optional arguments\n\n```bash\n-f, --file_format : Output file format (combolist or csv) (default: combolist)\n```\n\n### Example\n\n```bash\npython vscode.py urls.txt parsed_data.txt -f csv\n```\n## Vulnerability\n\nThis script takes advantage of a critical vulnerability (http://www.securityspace.com/smysecure/catid.html?id=1.3.6.1.4.1.25623.1.0.108346) that allows attackers to access sensitive information from vscode configuration files. It is important to note that this information can be used to compromise the machine.\n\n# Dorks\nHere are some dorks you can use to find vulnerable websites with the VsCode SFTP Plugin:\n- inurl:\"/.vscode/sftp.json\"\n- site:domain.com inurl:\"/.vscode/sftp.json\"\n\nAlso you can use LeakPy to find vulnerable urls:\n- leakpy -s leak -P VsCodeSFTPPlugin -p 200 -o out_ws.txt\n\n## Disclaimer\n\nThis script is for educational and research purposes only. The author is not responsible for any misuse or damage caused by this script.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fvscode-config-file-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fvscode-config-file-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fvscode-config-file-parser/lists"}