From 307bcd2b010d938b09c331f096aef313c16a4792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Zaj=C4=85c?= Date: Sun, 4 Aug 2024 21:49:38 +0200 Subject: [PATCH 1/3] Notifying if no HTTP Host header yields directory listing --- .../directory-listing-no-host-header.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 http/misconfiguration/directory-listing-no-host-header.yaml diff --git a/http/misconfiguration/directory-listing-no-host-header.yaml b/http/misconfiguration/directory-listing-no-host-header.yaml new file mode 100644 index 0000000000..288992d55a --- /dev/null +++ b/http/misconfiguration/directory-listing-no-host-header.yaml @@ -0,0 +1,32 @@ +id: directory-listing-no-host-header + +info: + name: HTTP directory listing when no Host header is provided + author: kazet + severity: info + description: | + The HTTP server is configured to list files in the root directory when no Host header is provided. + metadata: + verified: true + max-request: 1 + +http: + - raw: + - | + GET / HTTP/1.0 + + host-redirects: true + max-redirects: 2 + matchers-condition: and + matchers: + - type: word + case-insensitive: true + words: + - "Index of" + - "<title>Directory listing of" + condition: or + + - type: status + status: + - 200 + From 6bbec9ebf4dad39c67016565a490349349069e62 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran <leedhiyanesh@gmail.com> Date: Mon, 5 Aug 2024 02:15:07 +0530 Subject: [PATCH 2/3] Update directory-listing-no-host-header.yaml --- http/misconfiguration/directory-listing-no-host-header.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/http/misconfiguration/directory-listing-no-host-header.yaml b/http/misconfiguration/directory-listing-no-host-header.yaml index 288992d55a..a65501561d 100644 --- a/http/misconfiguration/directory-listing-no-host-header.yaml +++ b/http/misconfiguration/directory-listing-no-host-header.yaml @@ -29,4 +29,3 @@ http: - type: status status: - 200 - From 2bddcd196bbddae679293e11aaeccadb483c8ee1 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran <leedhiyanesh@gmail.com> Date: Mon, 2 Sep 2024 14:51:41 +0530 Subject: [PATCH 3/3] add flow to fix-false positive --- .../directory-listing-no-host-header.yaml | 38 ++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/http/misconfiguration/directory-listing-no-host-header.yaml b/http/misconfiguration/directory-listing-no-host-header.yaml index a65501561d..fd81eb99f3 100644 --- a/http/misconfiguration/directory-listing-no-host-header.yaml +++ b/http/misconfiguration/directory-listing-no-host-header.yaml @@ -1,31 +1,43 @@ id: directory-listing-no-host-header info: - name: HTTP directory listing when no Host header is provided + name: Directory Listing - No Host header author: kazet - severity: info + severity: unknown description: | The HTTP server is configured to list files in the root directory when no Host header is provided. metadata: verified: true max-request: 1 + tags: misconfig,listing + +flow: http(1) && http(2) http: - raw: - | + GET / HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - '!contains_any(body,"<title>Index of","<title>Directory listing of")' + internal: true + + - raw: + - |+ + @Host: {{Hostname}} GET / HTTP/1.0 + unsafe: true + host-redirects: true max-redirects: 2 - matchers-condition: and - matchers: - - type: word - case-insensitive: true - words: - - "<title>Index of" - - "<title>Directory listing of" - condition: or - - type: status - status: - - 200 + matchers: + - type: dsl + dsl: + - 'contains_any(body,"<title>Index of","<title>Directory listing of")' + - 'status_code == 200' + condition: and