Kali Linux on USB Stick has over 600 preinstalled penetration-testing programs. It includes Armitage (a graphical cyber attack management tool). Nmap (a port scanner), Wireshark (a packet analyzer) & John the Ripper password cracker. Aircrack-ng (a software suite for penetration-testing wireless LANs). Burp suite and OWASP ZAP web application security scanners. Kali Linux can run natively when installed on a computer’s hard disk. It can be booted from a live CD or live USB. It can run within a virtual machine. It is a supported platform of the Metasploit Project‘s Metasploit Framework. It is a tool for developing and executing security exploits.”
On webservers, which donot have a default index (index.html, index.htm or index.php) file, when a directory on the web server is navigated to, will show up a list of all the files and folders at that particular server. This is called the Directory Listing.
There may be two responses when the index file is missing from a directory :
The situation will be decided on the configuration done in the .htaccess file (Apache server).
To display a forbidden message and disallow directory listing, just add this line to your default .htaccess file : Options –Indexes
The directory listings, may also display server information such as : Apache/2.2.3 (Unix) Server at adityagupta.net Port 80
If now, the attacker would like to get into the server, he would try finding a suitable exploit for the Apache version 2.2.3 running on a Unix server, and use it against adityagupta.net .
In order to allow directory listing, and at the same time, hiding your server version information, add these following lines in the httpd.conf file
With this, only Apache will be displayed in the footer with no other information attached to it.
Most of the unconfigured directory listings has the title as “Index of”.
So, in order to seach fro directory listings, you could use a query, which will search for “index of/” in its title along with your other search query.
For ex – “index of /” games
Some more interesting searches would be
“index of” “admin”
“index of” “password” or “index of /password”
“index of /files”
“index of /backup”
“index of /xampp”
“index of /passwd”
And so on.
Now suppose, I have the username and password of targetdomain.com, and I am now looking for login, One way to proceed now is “index of” “admin” to look for the admin panel, and then login with the credentials.
Also, if you are looking for directory listings with their server information in the footer, following Google dork may help you:
“Index of” “server at”
If an attacker has an exploit for Apache version 2.0.39, he now wants to find the vulnerable targets. His Google dork would be:
“Apache/2.0.39 server at”