Open In App

Script Http-Userdir-Enumeration Method

Improve
Improve
Like Article
Like
Save
Share
Report

The http-userdir-enum is an NSE  script of a tool called Nmap, that allows the attacker to enumerate valid usernames that are present and are in a running state on the target system or host with the mod_usedir module. This NSE script of Nmap uses the HTTP requests method to send packets to the target system and enumerates the valid user present on the target system. An HTTP response with status 200 or 403 means that the username is most likely present and valid and later on the basis of the status code, after getting the result of the script, we can manually verify if the user is present on the target system.

http-userdir-enum NSE arguments Script:

  • http-userdir-enum.users: List of usernames with the filename 
  • http-userdir-enum.limit: Maximum numbers of users to check the target system
  • slaxml.debug
  • http.host,http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
  • smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

Usage:

 You can use the script with the “–script” option and state the name of the script.

$ sudo nmap -sV –script=http-userdir-enum <target IP>

To pass the above arguments you can use the “–script-args”. For Example:

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.limit=value  <target IP>

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.users=<value> <Target IP>

Example:

Nmap scan result

 

Output:

80/tcp open  http    syn-ack Apache httpd 2.2.9
|_ http-userdir-enum: Potential Users:
root (403), user (200), test (200)

Last Updated : 02 Oct, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads