`

The IP address 172.16.10.11 on port 80 should give you a similar

result, though it also discovered a nice new endpoint, /backup, and

that directory indexing mode is enabled:

+ Server: Apache/2.4.55 (Ubuntu)

--snip--

+ OSVDB-3268: /backup/: Directory indexing found.

+ OSVDB-3092: /backup/: This might be interesting...

Directory indexing is a server-side setting that lists files located

at certain web paths when an index file exists (such as index.html or

index.php). Directory indexing is interesting to find because it could

highlight sensitive files in an application, such as configuration files

with connection strings, local database files (such as SQLite files)

and other environmental files. Open the browser in Kali to

http://172.16.10.11/backup to see the content of this endpoint

(Figure 5-1).

Figure 5-1

Directory indexing found on 172.16.10.11/backup

Directory indexing lets you browse files in the browser. You can

click directories to open them, click files to download them, and so

on. On the web page, you should identify two folders: acme-hyper-

branding and acme-impact-alliance. The acme-hyper-branding

folder appears to contain a file named app.py. Download it to Kali so

it’s available for later inspection by clicking on it.

Building a Directory Indexing Scanner

What if we wanted to run a scan against a list of URLs to check

whether directory indexing is enabled on any of them, as well as

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks