Information Disclosure: Debug mode¶

Identifier: debug_mode

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Debug mode exposes detailed error information including full stack traces and internal application details, which can help attackers understand system architecture and identify vulnerabilities.

How we test: We analyze error responses and stack traces in application responses to detect if debug mode is enabled. We look for detailed error messages, file paths, code snippets, and other debugging information that should not be exposed in production environments.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  debug_mode:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.