module

Apache "mod_userdir" User Enumeration

Try Surface Command
Back to search
Disclosed
N/A
Created
2018-05-30

Description

Apache with the UserDir directive enabled generates different error
codes when a username exists and there is no public_html directory and when the username
does not exist, which could allow remote attackers to determine valid usernames on the
server.

Author

Heyder Andrade heyder.andrade@alligatorteam.org

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/scanner/http/apache_userdir_enum
    msf auxiliary(apache_userdir_enum) > show actions
        ...actions...
    msf auxiliary(apache_userdir_enum) > set ACTION < action-name >
    msf auxiliary(apache_userdir_enum) > show options
        ...show and set options...
    msf auxiliary(apache_userdir_enum) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today