Detect directory listing in upload folder

lib/common/common_helper.rb

@@ -232,3 +232,10 @@ def get_random_user_agent
   # return ransom user-agent
   user_agents.sample
 end
+
+# Directory listing enabled on url?
+#
+# @return [ Boolean ]
+def directory_listing_enabled?(url)
+  Browser.get(url.to_s).body[%r{<title>Index of}] ? true : false
+end

lib/wpscan/wp_target.rb

@@ -124,7 +124,12 @@ class WpTarget < WebSite
 
   # @return [ String ]
   def debug_log_url
-    @uri.merge("#{wp_content_dir()}/debug.log").to_s
+    @uri.merge("#{wp_content_dir}/debug.log").to_s
+  end
+
+  # @return [ String ]
+  def upload_dir_url
+    @uri.merge("#{wp_content_dir}/uploads/").to_s
   end
 
   # Script for replacing strings in wordpress databases
@@ -141,4 +146,8 @@ class WpTarget < WebSite
     resp = Browser.get(search_replace_db_2_url)
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
+
+  def upload_directory_listing_enabled?
+    directory_listing_enabled?(upload_dir_url)
+  end
 end

wpscan.rb

@@ -183,6 +183,10 @@ def main
       puts "#{green('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}"
     end
 
+    if wp_target.upload_directory_listing_enabled?
+      puts "#{red('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}"
+    end
+
     if wp_target.has_malwares?
       malwares = wp_target.malwares
       puts "#{red('[!]')} #{malwares.size} malware(s) found:"