Drupal User Enumeration Scanner

Drupal users can be enumerated by using this tool.

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

Drupal User Enumeration Scanner Detail

Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.

Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.

For more information, see:

http://www.madirish.net/node/465

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product