Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Apache Filename Enumeration

By kannthu

Low
Vidoc logoVidoc Module
#apache#misconfig#hackerone
Description

What is "Apache Filename Enumeration?"

The "Apache Filename Enumeration" module is designed to detect a misconfiguration in Apache servers. It targets instances where the server responds with a 406 Not Acceptable error containing a pseudo directory listing when an invalid Accept header is provided. This module has a low severity level.

Impact

If the Apache server is misconfigured, it may expose sensitive information about the server's directory structure. This can potentially aid attackers in identifying potential targets and vulnerabilities.

How the module works?

The "Apache Filename Enumeration" module works by sending a GET request to the "/index" path with a fake Accept header. It then checks the server's response for specific matching conditions. The matching conditions include checking for a 406 status code and the presence of certain words such as "Not Acceptable", "Available variants:", and "

Apache Server at". If these conditions are met, the module flags the server as potentially misconfigured.

Example HTTP request:

GET /index
Accept: fake/value

The module's matching conditions:

- Status code: 406 - Words: "Not Acceptable", "Available variants:", "Apache Server at"

If all the matching conditions are satisfied, the module will report a potential misconfiguration in the Apache server.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index
Headers

Accept: fake/value

Matching conditions
status: 406and
word: Not Acceptable, Available variants:, <ad...
Passive global matcher
No matching conditions.
On match action
Report vulnerability