File http-drupal-enum-users
Script types:
portrule
Categories:
discovery, intrusive
Download: http://nmap.org/svn/scripts/http-drupal-enum-users.nse
User Summary
Enumerates Drupal users by exploiting a an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.
For more information,see: * http://www.madirish.net/node/465
Script Arguments
http-drupal-enum-users.root
base path. Defaults to "/"
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-drupal-enum-users --script-args http-drupal-enum-users.root="/path/" <targets>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-drupal-enum-users: | admin | alex | manager |_ user
Requires
Author: Hani Benhabiles
License: Same as Nmap--See http://nmap.org/book/man-legal.html