Skip to content
Related Articles

Related Articles

Script Http-Userdir-Enumeration Method

Improve Article
Save Article
  • Last Updated : 02 Oct, 2022
Improve Article
Save Article

The http-userdir-enum is an NSE  script of a tool called Nmap, that allows the attacker to enumerate valid usernames that are present and are in a running state on the target system or host with the mod_usedir module. This NSE script of Nmap uses the HTTP requests method to send packets to the target system and enumerates the valid user present on the target system. An HTTP response with status 200 or 403 means that the username is most likely present and valid and later on the basis of the status code, after getting the result of the script, we can manually verify if the user is present on the target system.

http-userdir-enum NSE arguments Script:

  • http-userdir-enum.users: List of usernames with the filename 
  • http-userdir-enum.limit: Maximum numbers of users to check the target system
  • slaxml.debug
  • http.host,http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
  • smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

Usage:

 You can use the script with the “–script” option and state the name of the script.

$ sudo nmap -sV –script=http-userdir-enum <target IP>

To pass the above arguments you can use the “–script-args”. For Example:

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.limit=value  <target IP>

$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.users=<value> <Target IP>

Example:

Nmap scan result

 

Output:

80/tcp open  http    syn-ack Apache httpd 2.2.9
|_ http-userdir-enum: Potential Users:
root (403), user (200), test (200)
My Personal Notes arrow_drop_up
Related Articles

Start Your Coding Journey Now!