From 124086fe323035a56e0ff8da07e7a0a7f63c3fb1 Mon Sep 17 00:00:00 2001
From: theMiddleBlue <menin.andrea@gmail.com>
Date: Mon, 6 May 2024 20:04:28 +0200
Subject: [PATCH] feat: new directory listing template

---
 http/miscellaneous/directory-listing.yaml | 90 +++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 http/miscellaneous/directory-listing.yaml

diff --git a/http/miscellaneous/directory-listing.yaml b/http/miscellaneous/directory-listing.yaml
new file mode 100644
index 0000000000..f133186781
--- /dev/null
+++ b/http/miscellaneous/directory-listing.yaml
@@ -0,0 +1,90 @@
+id: directory-listing
+
+info:
+  name: Directory Listing Enabled
+  author: theMiddle
+  severity: low
+  description: Directory Indexing is a web server feature that allows the contents of a directory to be displayed when no index file is present. This can be a security risk as it can expose sensitive files, old backup or unreferenced files.
+  reference:
+    - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information
+    - https://portswigger.net/kb/issues/00600100_directory-listing
+  tags: miscellaneous,misc,generic,misconfguration,web
+
+flow: |
+  function target_is_in_scope(url) {
+    if (url.startsWith(template.http_1_host) || url.startsWith("/")) {
+      return true;
+    }
+    return false;
+  }
+
+  http(1);
+
+  if(template.links) {
+    var path_checked = [];
+    var paths = [];
+    
+    for(i=0; i<template.links.length; i++) {
+      if (target_is_in_scope(template.links[i])) {
+        
+        var path = template.links[i].replace(template.http_1_host, "");
+        var path_split = path.split("/");
+        var path_to_check = "";
+        
+        for(p in path_split) {
+          if (path_split[p] != "") {
+            path_to_check += "/"+path_split[p];
+
+            if (!path_checked.includes(path_to_check)) {
+              path_checked.push(path_to_check);
+
+              set("path_to_check", path_to_check);
+              http(2);
+            }
+          }
+        }
+
+      }
+    }
+  }
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    redirects: true
+    matchers:
+      - type: status
+        internal: true
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+    extractors:
+      - type: xpath
+        name: links
+        part: body
+        internal: true
+        xpath:
+          - "//*/@href|//*/@src"
+
+  - method: GET
+    path:
+      - "{{BaseURL}}{{path_to_check}}"
+    redirects: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        internal: true
+        status:
+          - 200
+      - type: word
+        words:
+          - "text/html"
+        part: header
+      - type: word
+        words:
+          - "<title>Index of"
+        part: body