Skip to content

Configuration: Directory listing

Identifier: directory_listing

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

Directory listing happens when an attacker can view all the files in a directory on your server because the proper access restrictions aren't in place. This is dangerous because it can reveal sensitive files, internal configurations, or even credentials, giving attackers a map of where important or vulnerable resources might be hiding. It usually results from default settings or misconfigurations where directory browsing isn't disabled and developers forget to lock down unnecessary directories. If not fixed, attackers might use this information to plan further attacks, making it easier to compromise your system.

Configuration

Example

Example configuration:

---
security_tests:
  directory_listing:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.