Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySnooping (Information Retrieval)

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Directory Names List

This article contains the source code of a script that will list each document directory on your domain.

Why would you need a directory list like that?

Maybe you don't need a directory list. If your site is small or has few directories, no doubt you have a working knowledge of what is on your server.

However, if your site is large, with dozens or more directories, it is good to have a list of directory names available. Scanning through the list helps you stay familiar with what's on your site and gives you the opportunity to investigate any you don't recall being there.

Even if your site has few directories, give the script a try. You might find a surprise or two.

The script is PHP. No customization required. Upload it to your server and type its URL into your browser.

It is pretty fast. Willmaster.com has 1553 directories (as of this morning). The script finds and lists them in under 3 seconds – unless the server happens to be extra busy at that moment.

Here is the source code:

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<title> </title>
<style type="text/css">
body { margin:0; font-family:sans-serif; font-size:14px; }
th { font-size:.8em; }
p, li, td { font-size:1em; line-height:120%; }
h1 { font-size:1.8em; }
h2 { font-size:1.6em; }
h3 { font-size:1.4em; }
h4 { font-size:1.2em; }
h5 { font-size:1em; }
a { text-decoration:none; color:#1c5292; font-weight:bold; }
a, a img { border:none; outline:none; }
.normal { font-weight:normal; font-style:normal; font-decoration:none; }
#content { margin:0 0 0 150px; padding:75px 0 100px 50px; width:550px; border-left:6px groove #2F83E5; }
.inputfield { width:300px; padding:7px 3px 5px 4px; font-family:sans-serif; font-size:1em; line-height:1em; border:1px solid black }
.submitfield { width:311px; font-weight:bold; } /* input width plus left-right padding plus left-right border */
</style>
</head>
<body><div id="content">

<div style="position:fixed; left:50px; top:50px;">
<a href="//www.willmaster.com/">
<img src="//www.willmaster.com/images/wmlogo_icon.gif" style="width:50px; height:50px; border:none;" alt="Willmaster logo">
</a>
</div>

<h1 style="position:relative; top:-30px; letter-spacing:1px;">Directory Lister</h1>

<?php
$goahead = false;
if( isset($_POST['lookdir']) and strlen($_POST['lookdir']) ) { $goahead = true; }
if( strpos($_POST['lookdir'],'/') != 1 ) { $_POST['lookdir'] = '/'.$_POST['lookdir']; }
$_POST['lookdir'] = preg_replace('!/*$!','/',$_POST['lookdir']);
$_POST['lookdir'] = preg_replace('!^'.quotemeta($_SERVER['DOCUMENT_ROOT']).'!','',$_POST['lookdir']);
$_POST['lookdir'] = preg_replace('!//*!','/',$_POST['lookdir']);

function GetDirectoryList($d)
{
   $lookd = array();
   $d = preg_replace('!/*$!','',$d);
   foreach( glob("$d/*",GLOB_ONLYDIR) as $dir ) { $lookd[] = $dir; }
   return $lookd;
}

function GetNextBlock($ld)
{
   $lookd = array();
   foreach( $ld as $dir )
   {
      foreach( GetDirectoryList($dir) as $d ) { $lookd[] = $d; }
   }
   return $lookd;
}
?>

<?php if($goahead): ?>
<p><b>Listing</b></p>
<pre>
<?php
$Directory = $LookDir = array();
$LookDir[] = $_SERVER['DOCUMENT_ROOT'].$_POST['lookdir'];
if( file_exists($LookDir[0]) )
{
   while( count($LookDir) )
   {
      foreach( $LookDir as $dir ) { $Directory[] = $dir; }
      $LookDir = GetNextBlock($LookDir);
   }
   sort($Directory);
   $offset = strlen($_SERVER['DOCUMENT_ROOT']);
   foreach( $Directory as $dir ) { echo substr($dir,$offset), "\n"; }
}
else
{
   $LookDir[0] = preg_replace('!^'.quotemeta($_SERVER['DOCUMENT_ROOT']).'!','',$LookDir[0]);
   if( strlen($LookDir[0]) > 1 ) { $LookDir[0] = preg_replace('!/$!','',$LookDir[0]); }
   echo "<h4>No such directory:\n<span class='normal'>", $LookDir[0], '</span></h4>';
}
?>
</pre>
<h3>DONE</h3>
<p>
<a href="<?php echo($_SERVER['PHP_SELF']); ?>">Return to front page.</a>
</p>

<?php else: ?>
<form method="post" action="<?php echo($_SERVER['PHP_SELF']); ?>">
<p>
List subdirectories starting at:<br>
<input type="text" class="inputfield" name="lookdir" value="<?php echo( preg_replace('![^/]*$!','',$_SERVER['PHP_SELF']) ); ?>">
</p>
<div style="position:relative;">
<p>
<input type="submit" class="submitfield" value="List subdirectories" onclick="WorkingOn()">
</p>
<div id="working" style="display:none; position:absolute; top:-15px; left:-5px; border:5px solid gold; width:300px; background-color:white; color:gold; font-size:18px; font-weight:bold; font-family:verdana,sans-serif; padding:10px; text-align:center;">
Working...
<div style="position:absolute; top:-1px; right:0px; font-size:11px; font-weight:bold; color:blue; cursor:pointer;" onclick="WorkingOff()">[X]</div>
</div>
</div><!-- style="position:relative;" -->
</form>
<script type="text/javascript">
function WorkingOn() { document.getElementById("working").style.display="block"; }
function WorkingOff() { document.getElementById("working").style.display="none"; }
</script>
<?php endif; ?>

</div></body></html>

Copy the source code and save it as a plain text file with a .php extension. DirectoryList.php for example. (Or save it as sdf3432feue8DSKSDD.php for security reasons. See "Security Considerations" further below.)

Upload it to your server and type its URL into your browser.

You'll be asked which directory to start at. (The field will be pre-filled with the directory where the script is located.) To specify the document root directory, use: /

Click the "List Subdirectories" button and the script will respond with a list of the start directory's subdirectory names.

Security Considerations

It is prudent to protect the script from use by the the general public. It isn't their business what your directory names are. Knowing the directory names might give a cracker information from which s/he can deduce enough to do damage.

Protection by obfuscation is one way. Not the best way, but generally better than nothing at all. Obfuscation is naming the script file something unlikely to be guessed. Or putting the script into a subdirectory with such a name.

Protection by password is better. Put the script into a password protected directory.

Protection by disabling the script is better still. Rename the script with a .txt or .cgi extension to disable its use. The source code might be viewed, but the script can't be used as named.

Protection by removal is best of all. Upload the script only when you wish to use it. Use the script. Then immediately delete the script from the server.

It is good, and may even be revealing, to have a list of server directory names at hand. But do keep security in mind.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC