Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AMPPS by Softaculous Panel - Directory Listing - Detect

By kannthu

Vidoc logoVidoc Module

What is the "AMPPS by Softaculous Panel - Directory Listing - Detect" module?

The "AMPPS by Softaculous Panel - Directory Listing - Detect" module is designed to detect directory listing misconfigurations in websites that use the AMPPS control panel by Softaculous. AMPPS is a software stack that provides a local web development environment. This module helps identify instances where the directory listing feature is enabled, potentially exposing sensitive information to unauthorized users.

This module has an informative severity level, meaning it provides valuable information about the misconfiguration but does not pose an immediate security risk.

This module was authored by deFr0ggy.


If the directory listing feature is misconfigured and enabled, it can allow anyone to view the contents of directories on the website. This can potentially expose sensitive files, such as configuration files, source code, or other confidential information. It is important to properly configure directory listing settings to prevent unauthorized access to these files.

How does the module work?

The module works by sending HTTP requests to specific paths on the target website, such as "/client/", "/files/", and "/icons/". It then applies matching conditions to the responses received to determine if the directory listing feature is enabled.

The matching conditions used by this module are:

- The response body must contain the following words: "<title>[AMPPS] - Web Local</title>" and "Powered by AMPPS". - The HTTP response status code must be 200 (OK).

If both conditions are met, the module considers the directory listing feature to be enabled and reports the vulnerability.

Here is an example of an HTTP request sent by this module:

GET /client/ HTTP/1.1

It is important to note that this module does not make any changes to the target website. It only detects the presence of a misconfiguration and reports it for further action.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: <title>[AMPPS] - Web Local</title>, Powe...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability