Some FTP servers do not require user authentication for file access. These servers permit anonymous login activities. If you don’t have a specific purpose, you should not let anonymous login to your FTP server. You can use this tool to check whether your FTP servers permits anonymous login.
FTP (File Transfer Protocol) is a protocol that enables file transfer between the server and the client. For example, you can transfer the files created for your website to your server with FTP protocol.
You can connect to the FTP server by using FTP clients with graphical interface (ex. Filezilla, CuteFTP, Cyberduck), by using the command line (ex. bash, iterm, powershell) or by using your browser.
It is important to know that FTP works by using TCP and does not encrypt during transfer (a cleartext protocol).
Some FTP servers permit anonymous login activities. This is generally used by FTP servers that are required to be accessed by everyone. Because when you want to share a file on FTP, it is not possible to give everyone a username and password. But if the FTP server is not configured correctly, it might let anonymous login activities even if you don’t want such activities. In this case, people with malicious intent might access to your files. Anonymous FTP vulnerability is an important vulnerability frequently browsed by attackers on the internet.
You can use our free and online Anonymous FTP Vulnerability Control tool to easily check Anonymous FTP vulnerability. To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script ftp-anon -p 21 target command on nmap tool which can be installed to all operating systems.
Also, you can use ftp/anonymous auxiliary module of “Metasploit Framework” to check the vulnerability.
Lastly, you can use any FTP client that enables running FTP commands for manual check. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:
ftp securityforeveryone.com Connected to 172.19.0.100 Name (172.19.0.100:root): anonymous 331 Anonymous login ok, send your password Password: 230-Welcome to the securityforeveryone's FTP Server
If you are using the Windows operating system, you can check this with Filezilla, CuteFTP, Cyberduck etc. that has a graphical interface.
If your FTP server permits anonymous login activities, you can eliminate the vulnerability by applying the following recommendations.