Contact us
Request demo →
Contact us
German website

Open Directories: how does it work and what is the risk?

by Sebastiaan Bosman Blog 11 Nov 2021

Open directories are like online file storing systems to access files remotely. A directory works like a digital filing cabinet, organising folders and files such as invoices, back-ups, important mail, IP, and more. Having this operate via the cloud means you can access your files from anywhere. However, some directories lack security, also known as open directories, and are accessible to more people than you would like.

Security via obscurity?

Often, security of such files and directories is left until the end of the (development) process, making it more prone to being forgotten altogether. In addition, there is still a large misconception that if there are no direct connections to a directory, it is therefore safe. Protecting something by making it “hard to find” is, unfortunately, ineffective as there’s almost always a workaround. It’s still very much possible to detect directories without ‘clicking’ your way to them.

Instead, simply using sources such as Shodan, Censys, and Google Dorks allows anyone to insert a query for a list of open directories and data dumps of a certain file type. 

Directories via a web request

Even simpler, a well-formulated web request can result in the directory listing when there is no index file in the website category. Such Directory Listing is a feature that can be turned on or off. Acenutix explains: requesting a domain “without specifying a file (such as index.htmlindex.php, or default.asp), the web server processes this request, returns the index file for that directory, and the browser displays the website. However, if the index file did not exist and if directory listing was turned on, the web server would return the contents of the directory instead."

That looks something like this:

Example open directories


How bad is it?

The image above is illustrative of the kinds of directories and data files that are openly accessible in this way. These are leftover files, VPN files, and some database dumps. Though only one small data leak can have a huge impact on an organisation or individuals, the risk level increases when more of these files can be found.

We wanted to determine the extent of the problem. How many directories and files can be found with a relatively quick investigation? To find out, we used a combination of Shodan and our own Attack Surface Management platform to look for such open directories. The result: over 475,000 directories leading to millions of files, with some dumps as big as 30 gigabytes, from all over the world.

What did we find?

The research itself will be explained in more detail over the coming weeks, when we discuss the method and specific findings. We will also present a complete overview of the data dumps, exports, and leftover files we have found, and the potential impact of such data leaks. Our CISO Vincent Thiele and Security Analyst Soufian El Yadmani share their insights during our live webinar on 1 December. And most importantly: they will also explain how you can detect and prevent an incident from an open directory.

Click below to register and for more details about their webinar.

Register for the webinar >>

Open directories: our research findings

In our previous blogs to this open directory series, we talked about what open directories are and why they pose a risk, and how we set up our own research into the extent of the issue. That also featured a sneak peek into the results. Now that we have presented the findings in our webinar, this article will cover the statistics and most striking examples. And most importantly: what are our conclusions and tips to make your own directories data leak free?

read more

Open Directories: A Peek Into Our Research

In our previous blog, we explained what open directories are and how they can result in a data leak. As mentioned there, we conducted research into the risks of open directories ourselves, to see the extent of the problem. We’ll go into the method and preliminary results of that research here, while leaving the most telling examples and conclusions for our webinar on Wednesday 1 December.

read more

Editorial: 6 steps to achieving zero shadow IT

Shadow IT has long been a problem for organisations. Formal IT is routed through the IT department, where it’s approved, purchased, set up, and, importantly, supported and maintained. Shadow IT falls outside this process, and is normally split into two categories: / Systems that the IT department doesn’t know about. / Systems the IT department knows about but needs to keep running as they are integral to business operations. The second category is the real Shadow IT and the biggest problem for businesses. So how can you protect your business from the perils of shadow IT? Here are Pieter's six steps.

read more

Do you have a question?

Our experts have the answers

Contact us