id: dir-listing info: name: Directory listing enabled author: _harleo,pentest_swissky,hczdmr severity: info reference: - https://portswigger.net/kb/issues/00600100_directory-listing metadata: max-request: 1 tags: misc,generic http: - method: GET path: - "{{BaseURL}}" matchers: - type: word part: body words: - "Directory listing for " - "Index of /" - "[To Parent Directory]" - "Directory: /" condition: or case-insensitive: true - type: regex part: body regex: - '\d{1,2}\/\d{1,2}\/\d{4}\s+\d+:\d+\s+[\sAPM]+(<dir>|\d+)\s+<[Aa]\s+[hH][rR][eE][fF]="\/' - '\s+-\s+\/<\/(title|h1)>' condition: and # digest: 4a0a004730450220694964aca1f99a8c8e11abbcace086f90ce7149fe37b79591889f8ec8ed1314f022100f16bf78eb9e11659dee636757e051924bf47ef324f494e4299ab21efee7c66c2:922c64590222798bb761d5b6d8e72950