Drupal User Enumeration Scanner
Drupal users can be enumerated by using this tool.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Toolbox
-
Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.
For more information, see:
Try it yourself,
control security posture
control security posture