Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New directory listing template #9714

Merged
merged 4 commits into from
Jun 1, 2024
Merged

New directory listing template #9714

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
124086f
feat: new directory listing template
theMiddleBlue May 6, 2024
dd5224c
fix: trailing spaces
theMiddleBlue May 6, 2024
a6d4f5d
Update directory-listing.yaml
princechaddha Jun 1, 2024
368d473
Fix FN matcher
ritikchaddha Jun 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
100 changes: 100 additions & 0 deletions http/miscellaneous/directory-listing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
id: directory-listing

info:
name: Directory Listing Enabled
author: theMiddle
severity: low
description: Directory Indexing is a web server feature that allows the contents of a directory to be displayed when no index file is present. This can be a security risk as it can expose sensitive files, old backup or unreferenced files.
impact: |
Sensitive files and directories may be exposed to unauthorized users.
remediation: |
Disable directory listing in the web server configuration.
reference:
- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information
- https://portswigger.net/kb/issues/00600100_directory-listing
tags: misc,generic,misconfig,fuzz

flow: |
function target_is_in_scope(url) {
if (url.startsWith(template.http_1_host) || url.startsWith("/")) {
return true;
}
return false;
}

http(1);

if(template.links) {
var path_checked = [];
var paths = [];

for(i=0; i<template.links.length; i++) {
if (target_is_in_scope(template.links[i])) {

var path = template.links[i].replace(template.http_1_host, "");
var path_split = path.split("/");
var path_to_check = "";

for(p in path_split) {
if (path_split[p] != "") {
path_to_check += "/"+path_split[p];

if (!path_checked.includes(path_to_check)) {
path_checked.push(path_to_check);

set("path_to_check", path_to_check);
http(2);
}
}
}

}
}
}

http:
- method: GET
path:
- "{{BaseURL}}"

host-redirects: true
max-redirects: 2
matchers:
- type: dsl
internal: true
dsl:
- contains(header, "text/html")
- status_code_1 == 200
condition: and

extractors:
- type: xpath
name: links
part: body
internal: true
xpath:
- "//*/@href|//*/@src"

- method: GET
path:
- "{{BaseURL}}{{path_to_check}}"

host-redirects: true
max-redirects: 2

matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Index of"
case-insensitive: true

- type: word
part: header
words:
- "text/html"

- type: status
status:
- 200