Drupal User Enumeration Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Drupal User Enumeration Scanner Detail

Drupal users can be enumerated by using this tool.

Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.

Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.

For more information, see:

Some Advice for Common Problems

Access content permission is required, but this permission is usually granted to anonymous users.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service