Nmap Development mailing list archives
Re: [NSE] apache-userdir-enum
From: David Fifield <david () bamsoftware com>
Date: Mon, 27 Jul 2009 15:56:01 -0600
On Sun, Jul 12, 2009 at 11:37:06PM +0100, jah wrote:
Attached is a little script that checks for HTTP 200 or 403 responses from HTTP requests for /~some_user/ in attempt to enumerate some valid usernames where apache mod_userdir is enabled. OpenVAS (written for Nessus in 2001 [2]) has a similar script [1], but this one goes the extra mile to try and limit false positives by testing for a directory which is highly unlikely to exist, before it starts testing proper.
I like this script. It's a good idea. Could it be combined with the recently added http-enum.nse script? I like the idea of checking the version detection results and only continuing if it matches "apache". http-enum uses HEAD when possible. It also does a false positive check using "/Nmap404Check", but I think the random one in apache-userdir-enum is better. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] apache-userdir-enum jah (Jul 12)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Aug 08)
- Re: [NSE] apache-userdir-enum jah (Aug 10)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 11)
- Re: [NSE] apache-userdir-enum jah (Aug 17)
- Re: [NSE] apache-userdir-enum jah (Jul 28)
- Re: [NSE] apache-userdir-enum David Fifield (Jul 27)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum jah (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Ron (Aug 22)
- Re: [NSE] apache-userdir-enum Fyodor (Aug 23)