Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AWStats Listing

By kannthu

Vidoc logoVidoc Module

What is the "AWStats Listing" module?

The "AWStats Listing" module is designed to detect exposed AWStats internal information. AWStats is a popular open-source web analytics tool used to analyze web server log files. This module focuses on identifying misconfigurations or vulnerabilities related to AWStats.

Severity: Low

Author: tess


If the AWStats Listing module detects an exposed AWStats installation, it could potentially expose sensitive information about the web server and its usage. This information could be leveraged by attackers to gain insights into the server's configuration and potentially exploit any vulnerabilities.

How does the module work?

The AWStats Listing module works by sending a GET request to the "/awstats/data" path on the target server. It then applies two matching conditions to determine if the AWStats installation is exposed:

    - The module checks if the response body contains the string "Index of /awstats/data/" and "\">awstats". This indicates that the AWStats data directory is accessible and potentially exposed. - The module also verifies that the response status code is 200, indicating a successful request.

If both conditions are met, the module reports a potential vulnerability or misconfiguration related to the exposed AWStats installation.

Example HTTP request:

GET /awstats/data

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of /awstats/data/, ">awstatsand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability