module
Apache "mod_userdir" User Enumeration
Disclosed | Created |
---|---|
01/01/1970 | 05/30/2018 |
Disclosed
01/01/1970
Created
05/30/2018
Description
Apache with the UserDir directive enabled generates different error
codes when a username exists and there is no public_html directory and when the username
does not exist, which could allow remote attackers to determine valid usernames on the
server.
codes when a username exists and there is no public_html directory and when the username
does not exist, which could allow remote attackers to determine valid usernames on the
server.
Author
Heyder Andrade
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/scanner/http/apache_userdir_enum msf /(m) > show actions ...actions... msf /(m) > set ACTION < action-name > msf /(m) > show options ...show and set options... msf /(m) > run

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.