Nmap Development mailing list archives

Re: [NSE] apache-userdir-enum

From: David Fifield <david () bamsoftware com>
Date: Mon, 27 Jul 2009 15:56:01 -0600

On Sun, Jul 12, 2009 at 11:37:06PM +0100, jah wrote:

Attached is a little script that checks for HTTP 200 or 403 responses
from HTTP requests for /~some_user/ in attempt to enumerate some valid
usernames where apache mod_userdir is enabled.
OpenVAS (written for Nessus in 2001 [2]) has a similar script [1], but
this one goes the extra mile to try and limit false positives by testing
for a directory which is highly unlikely to exist, before it starts
testing proper.


I like this script. It's a good idea. Could it be combined with the
recently added http-enum.nse script? I like the idea of checking the
version detection results and only continuing if it matches "apache".

http-enum uses HEAD when possible. It also does a false positive check
using "/Nmap404Check", but I think the random one in apache-userdir-enum
is better.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
  - Re: [NSE] apache-userdir-enum jah (Jul 28)
    - Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
    - Re: [NSE] apache-userdir-enum jah (Aug 10)
    - Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
    - Re: [NSE] apache-userdir-enum jah (Aug 17)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum jah (Aug 22)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum Ron (Aug 22)
    - Re: [NSE] apache-userdir-enum Fyodor (Aug 23)

(Thread continues...)