From 124086fe323035a56e0ff8da07e7a0a7f63c3fb1 Mon Sep 17 00:00:00 2001
From: theMiddleBlue <menin.andrea@gmail.com>
Date: Mon, 6 May 2024 20:04:28 +0200
Subject: [PATCH 1/4] feat: new directory listing template

---
 http/miscellaneous/directory-listing.yaml | 90 +++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 http/miscellaneous/directory-listing.yaml

diff --git a/http/miscellaneous/directory-listing.yaml b/http/miscellaneous/directory-listing.yaml
new file mode 100644
index 00000000000..f1331867817
--- /dev/null
+++ b/http/miscellaneous/directory-listing.yaml
@@ -0,0 +1,90 @@
+id: directory-listing
+
+info:
+  name: Directory Listing Enabled
+  author: theMiddle
+  severity: low
+  description: Directory Indexing is a web server feature that allows the contents of a directory to be displayed when no index file is present. This can be a security risk as it can expose sensitive files, old backup or unreferenced files.
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information
+    - https://portswigger.net/kb/issues/00600100_directory-listing
+  tags: miscellaneous,misc,generic,misconfguration,web
+
+flow: |
+  function target_is_in_scope(url) {
+    if (url.startsWith(template.http_1_host) || url.startsWith("/")) {
+      return true;
+    }
+    return false;
+  }
+
+  http(1);
+
+  if(template.links) {
+    var path_checked = [];
+    var paths = [];
+    
+    for(i=0; i<template.links.length; i++) {
+      if (target_is_in_scope(template.links[i])) {
+        
+        var path = template.links[i].replace(template.http_1_host, "");
+        var path_split = path.split("/");
+        var path_to_check = "";
+        
+        for(p in path_split) {
+          if (path_split[p] != "") {
+            path_to_check += "/"+path_split[p];
+
+            if (!path_checked.includes(path_to_check)) {
+              path_checked.push(path_to_check);
+
+              set("path_to_check", path_to_check);
+              http(2);
+            }
+          }
+        }
+
+      }
+    }
+  }
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    redirects: true
+    matchers:
+      - type: status
+        internal: true
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+    extractors:
+      - type: xpath
+        name: links
+        part: body
+        internal: true
+        xpath:
+          - "//*/@href|//*/@src"
+
+  - method: GET
+    path:
+      - "{{BaseURL}}{{path_to_check}}"
+    redirects: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        internal: true
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+      - type: word
+        words:
+          - "<title>Index of"
+        part: body

From dd5224cb5f572262f9a075e001dba586fd21fd35 Mon Sep 17 00:00:00 2001
From: theMiddleBlue <menin.andrea@gmail.com>
Date: Mon, 6 May 2024 20:28:36 +0200
Subject: [PATCH 2/4] fix: trailing spaces

---
 http/miscellaneous/directory-listing.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/http/miscellaneous/directory-listing.yaml b/http/miscellaneous/directory-listing.yaml
index f1331867817..b183a7f32ee 100644
--- a/http/miscellaneous/directory-listing.yaml
+++ b/http/miscellaneous/directory-listing.yaml
@@ -23,14 +23,14 @@ flow: |
   if(template.links) {
     var path_checked = [];
     var paths = [];
-    
+
     for(i=0; i<template.links.length; i++) {
       if (target_is_in_scope(template.links[i])) {
-        
+
         var path = template.links[i].replace(template.http_1_host, "");
         var path_split = path.split("/");
         var path_to_check = "";
-        
+
         for(p in path_split) {
           if (path_split[p] != "") {
             path_to_check += "/"+path_split[p];

From a6d4f5de35b8926c46a2e3c90fdf1c264ef16140 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sat, 1 Jun 2024 10:29:33 +0400
Subject: [PATCH 3/4] Update directory-listing.yaml

---
 http/miscellaneous/directory-listing.yaml | 45 ++++++++++++++---------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/http/miscellaneous/directory-listing.yaml b/http/miscellaneous/directory-listing.yaml
index b183a7f32ee..9e73bb7eaaa 100644
--- a/http/miscellaneous/directory-listing.yaml
+++ b/http/miscellaneous/directory-listing.yaml
@@ -5,10 +5,14 @@ info:
   author: theMiddle
   severity: low
   description: Directory Indexing is a web server feature that allows the contents of a directory to be displayed when no index file is present. This can be a security risk as it can expose sensitive files, old backup or unreferenced files.
+  impact: |
+    Sensitive files and directories may be exposed to unauthorized users.
+  remediation: |
+    Disable directory listing in the web server configuration.
   reference:
     - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information
     - https://portswigger.net/kb/issues/00600100_directory-listing
-  tags: miscellaneous,misc,generic,misconfguration,web
+  tags: misc,generic,misconfig,fuzz
 
 flow: |
   function target_is_in_scope(url) {
@@ -52,16 +56,17 @@ http:
   - method: GET
     path:
       - "{{BaseURL}}"
-    redirects: true
+
+    host-redirects: true
+    max-redirects: 2
     matchers:
-      - type: status
+      - type: dsl
         internal: true
-        status:
-          - 200
-      - type: word
-        words:
-          - "text/html"
-        part: header
+        dsl:
+          - contains(header, "text/html")
+          - status_code_1 == 200
+        condition: and
+
     extractors:
       - type: xpath
         name: links
@@ -73,18 +78,22 @@ http:
   - method: GET
     path:
       - "{{BaseURL}}{{path_to_check}}"
-    redirects: true
+
+    host-redirects: true
+    max-redirects: 2
+
     matchers-condition: and
     matchers:
-      - type: status
-        internal: true
-        status:
-          - 200
       - type: word
+        part: body
         words:
-          - "text/html"
-        part: header
+          - "<title>Index of"
+
       - type: word
+        part: header
         words:
-          - "<title>Index of"
-        part: body
+          - "text/html"
+
+      - type: status
+        status:
+          - 200

From 368d4737d0fd869e93c79c18a923c4ae9e95d410 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Sat, 1 Jun 2024 19:11:04 +0530
Subject: [PATCH 4/4] Fix FN matcher

---
 http/miscellaneous/directory-listing.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/http/miscellaneous/directory-listing.yaml b/http/miscellaneous/directory-listing.yaml
index 9e73bb7eaaa..f3c9456350a 100644
--- a/http/miscellaneous/directory-listing.yaml
+++ b/http/miscellaneous/directory-listing.yaml
@@ -88,6 +88,7 @@ http:
         part: body
         words:
           - "<title>Index of"
+        case-insensitive: true
 
       - type: word
         part: header