id: dir-listing info: name: Directory listing enabled author: _harleo,pentest_swissky,hczdmr severity: info reference: - https://portswigger.net/kb/issues/00600100_directory-listing tags: misc,generic metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}" matchers: - type: word part: body words: - "Directory listing for " - "Index of /" - "[To Parent Directory]" - "Directory: /" condition: or case-insensitive: true - type: regex part: body regex: - '\d{1,2}\/\d{1,2}\/\d{4}\s+\d+:\d+\s+[\sAPM]+(<dir>|\d+)\s+<[Aa]\s+[hH][rR][eE][fF]="\/' - '\s+-\s+\/<\/(title|h1)>' condition: and