Thursday, December 26, 2024
Google search engine
HomeData Modelling & AIScript Http-Userdir-Enumeration Method

Script Http-Userdir-Enumeration Method

The http-userdir-enum is an NSE  script of a tool called Nmap, that allows the attacker to enumerate valid usernames that are present and are in a running state on the target system or host with the mod_usedir module. This NSE script of Nmap uses the HTTP requests method to send packets to the target system and enumerates the valid user present on the target system. An HTTP response with status 200 or 403 means that the username is most likely present and valid and later on the basis of the status code, after getting the result of the script, we can manually verify if the user is present on the target system.

http-userdir-enum NSE arguments Script:

  • http-userdir-enum.users: List of usernames with the filename 
  • http-userdir-enum.limit: Maximum numbers of users to check the target system
  • slaxml.debug
  • http.host,http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
  • smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

Usage:

 You can use the script with the “–script” option and state the name of the script.

$ sudo nmap -sV –script=http-userdir-enum <target IP>

To pass the above arguments you can use the “–script-args”. For Example:

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.limit=value  <target IP>

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.users=<value> <Target IP>

Example:

Nmap scan result

 

Output:

80/tcp open  http    syn-ack Apache httpd 2.2.9
|_ http-userdir-enum: Potential Users:
root (403), user (200), test (200)
Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments