An "Index of Parent Directory" listing is a webpage that displays a directory listing of files and subdirectories within a parent directory. This type of listing is typically generated automatically by a web server when a user requests a directory path without specifying a specific file to display.
Select the directory you wish to protect (e.g., public_html ). Choose and click Save. index of parent directory
If you are a security professional or system administrator tasked with auditing your own servers, these tools help detect unintended directory indexing: An "Index of Parent Directory" listing is a
Save and upload this file to your website's root directory (usually public_html or www ). The minus sign explicitly tells the server to deny requests to list directory contents. If a user attempts to view a folder, they will receive a error page. Method 3: Disabling Indexing via Nginx Choose and click Save
Add the following to your .htaccess file or main server configuration: Options -Indexes Use code with caution. For Nginx Servers
intitle:"index of" "parent directory" (xls OR pdf OR docx) (to find files)
Security professionals and researchers often use "Google Dorking" (advanced search techniques) to find these open directories, which can contain sensitive information. Common search strings include: intitle:"index of" "parent directory"
Kali + Additional Tools + Vulnerable Applications in Docker containers...
A vulnerable VM that you will use to perform a full assessment (from reconnassaince to full compromise)
Another vulnerable VM that you will use to perform a full assessment (from reconnassaince to full compromise)
This video explains how to setup the virtual machines in your system using Virtual Box.
The diagram below shows the lab architecture with WebSploit Full version, Raven, and VTCSEC. The VMs were created in Virtual Box. It is highly recommended that you use Virtual Box. However, if you are familiar with different virtualization platforms, you should be able to run the VMs in VMWare Workstation Pro (Windows), VMWare Fusion (Mac), or vSphere Hypervisor (free ESXi server).
You should create a VM-only network to deploy your vulnerable VMs and perform several of the attacks using WebSploit (Kali Linux), as shown in the video above. You can configure a separate network interface in your WebSploit VM to connect to the rest of your network and subsequently the Internet. Preferably, that interface should be in NAT mode.
Stay in Touch with Omar!