Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nmap NSE net: http-userdir-enum

🗓️ 01 Jun 2011 00:00:00Reported by NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 35 Views

Attempts to enumerate valid usernames on web servers using Apache mod_userdir module or similar

Related
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Apache UserDir Directive Username Enumeration
18 Sep 200100:00
nessus
Circl		CVE-2001-1013
29 May 201815:50
circl
CVE		CVE-2001-1013
2 Feb 200205:00
cve
Cvelist		CVE-2001-1013
2 Feb 200205:00
cvelist
Metasploit		Apache "mod_userdir" User Enumeration
15 Aug 201105:56
metasploit
Nmap		http-userdir-enum NSE Script
22 Aug 200922:04
nmap
NVD		CVE-2001-1013
12 Sep 200104:00
nvd
OpenVAS		Nmap NSE net: http-vmware-path-vuln
1 Jun 201100:00
openvas
OpenVAS		Apache UserDir Sensitive Information Disclosure
3 Nov 200500:00
openvas
OpenVAS		Nmap NSE net: http-userdir-enum
1 Jun 201100:00
openvas
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_nmap_http_userdir_enum_net.nasl 5658 2017-03-21 11:17:56Z cfi $
#
# Autogenerated NSE wrapper
#
# Authors:
# NSE-Script: jah
# NASL-Wrapper: autogenerated
#
# Copyright:
# NSE-Script: The Nmap Security Scanner (http://nmap.org)
# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_summary = "Attempts to enumerate valid usernames on web servers running with the mod_userdir module or similar
enabled.

The Apache mod_userdir module allows user-specific directories to be accessed using the
http://example.com/~user/ syntax.  This script makes http requests in order to discover valid user-
specific directories and infer valid usernames.  By default, the script will use Nmap's
'nselib/data/usernames.lst'.  An HTTP response status of 200 or 403 means the username is
likely a valid one and the username will be output in the script results along with the status code
(in parentheses).

This script makes an attempt to avoid false positives by requesting a directory which is unlikely to
exist.  If the server responds with 200 or 403 then the script will not continue testing it.

SYNTAX:

userdir.users:  The filename of a username list.


http.useragent:  The value of the User-Agent header field sent with
requests. By default it is
''Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)''.
A value of the empty string disables sending the User-Agent header field.



limit:  The maximum number of users to check.



http-max-cache-size:  The maximum memory size (in bytes) of the cache.



http.pipeline:  If set, it represents the number of HTTP requests that'll be
pipelined (ie, sent in a single request). This can be set low to make
debugging easier, or it can be set high to test how a server reacts (its
chosen max is ignored).";

if(description)
{
    script_id(104039);
    script_version("$Revision: 5658 $");
    script_cve_id("CVE-2001-1013");
    script_tag(name:"last_modification", value:"$Date: 2017-03-21 12:17:56 +0100 (Tue, 21 Mar 2017) $");
    script_tag(name:"creation_date", value:"2011-06-01 16:32:46 +0200 (Wed, 01 Jun 2011)");
    script_tag(name:"cvss_base", value:"5.0");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
    script_name("Nmap NSE net: http-userdir-enum");


    script_category(ACT_INIT);
    script_tag(name:"qod_type", value:"remote_analysis");
    script_copyright("NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH");
    script_family("Nmap NSE net");
    script_dependencies("nmap_nse_net.nasl");
    script_mandatory_keys("Tools/Launch/nmap_nse_net");

    script_add_preference(name:"userdir.users", value:"", type:"entry");
    script_add_preference(name:"http.useragent", value:"", type:"entry");
    script_add_preference(name:"limit", value:"", type:"entry");
    script_add_preference(name:"http-max-cache-size", value:"", type:"entry");
    script_add_preference(name:"http.pipeline", value:"", type:"entry");

    script_tag(name : "summary" , value : tag_summary);
    exit(0);
}


include("nmap.inc");

# The corresponding NSE script does't belong to the 'safe' category
if (safe_checks()) exit(0);

phase = 0;
if (defined_func("scan_phase")) {
    phase = scan_phase();
}

if (phase == 1) {
    # Get the preferences
    argv = make_array();

    pref = script_get_preference("userdir.users");
    if (!isnull(pref) && pref != "") {
        argv["userdir.users"] = string('"', pref, '"');
    }
    pref = script_get_preference("http.useragent");
    if (!isnull(pref) && pref != "") {
        argv["http.useragent"] = string('"', pref, '"');
    }
    pref = script_get_preference("limit");
    if (!isnull(pref) && pref != "") {
        argv["limit"] = string('"', pref, '"');
    }
    pref = script_get_preference("http-max-cache-size");
    if (!isnull(pref) && pref != "") {
        argv["http-max-cache-size"] = string('"', pref, '"');
    }
    pref = script_get_preference("http.pipeline");
    if (!isnull(pref) && pref != "") {
        argv["http.pipeline"] = string('"', pref, '"');
    }
    nmap_nse_register(script:"http-userdir-enum", args:argv);
} else if (phase == 2) {
    res = nmap_nse_get_results(script:"http-userdir-enum");
    foreach portspec (keys(res)) {
        output_banner = 'Result found by Nmap Security Scanner (http-userdir-enum.nse) http://nmap.org:\n\n';
        if (portspec == "0") {
            security_message(data:output_banner + res[portspec], port:0);
        } else {
            v = split(portspec, sep:"/", keep:0);
            proto = v[0];
            port = v[1];
            security_message(data:output_banner + res[portspec], port:port, protocol:proto);
        }
    }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2017 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.68119
nmap nseenumerate usernamesapache mod_userdirhttp requestsusername listuser-agent headermaximum userscache sizehttp pipelineweb server scanner
35