id: dir-listing

info:
  name: Directory listing enabled
  author: _harleo,pentest_swissky,hczdmr
  severity: info
  reference:
    - https://portswigger.net/kb/issues/00600100_directory-listing
  metadata:
    max-request: 1
  tags: miscellaneous,misc,generic

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        part: body
        words:
          - "Directory listing for "
          - "Index of /"
          - "[To Parent Directory]"
          - "Directory: /"
        condition: or
        case-insensitive: true

      - type: regex
        part: body
        regex:
          - '\d{1,2}\/\d{1,2}\/\d{4}\s+\d+:\d+\s+[\sAPM]+(&lt;dir&gt;|\d+)\s+<[Aa]\s+[hH][rR][eE][fF]="\/'
          - '\s+-\s+\/<\/(title|h1)>'
        condition: and
# digest: 4a0a00473045022100d2c81552e6b9b07932e21e06c3a3cc8019036c44e46889da615831f82fbec53902205d0b29532ee61d34844a212e673bd3937dada8500e17e41db17091686c2ea197:922c64590222798bb761d5b6d8e72950