DevMisconfig Hunter

DevMisconfig Hunter is an open-source security tool designed to identify common developer misconfigurations in web applications and servers.

A significant number of real-world security incidents occur due to simple mistakes during development or deployment, such as exposed configuration files, missing security headers, debug mode enabled in production, insecure CORS policies, or weak TLS configurations. These issues are often overlooked but can be easily exploited.

This project focuses on building a lightweight and practical tool that scans a given target application and detects such common misconfigurations before they can be abused.

The primary objectives of the project include:

• Detecting exposed sensitive files such as .env, .git, and backup archives

• Auditing HTTP security headers

• Identifying debug mode exposure

• Detecting directory listing and insecure CORS configurations

• Analyzing TLS versions and certificate properties

• Providing structured output with basic risk classification