module

Apache "mod_userdir" User Enumeration

Disclosed
01/01/1970
Created
05/30/2018

Description

Apache with the UserDir directive enabled generates different error
codes when a username exists and there is no public_html directory and when the username
does not exist, which could allow remote attackers to determine valid usernames on the
server.

Author

Heyder Andrade

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use auxiliary/scanner/http/apache_userdir_enum
    msf /(m) > show actions
        ...actions...
    msf /(m) > set ACTION < action-name >
    msf /(m) > show options
        ...show and set options...
    msf /(m) > run
  
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.