Drupal User Enumeration Scanner
Drupal users can be enumerated by using this tool.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
Drupal User Enumeration Scanner Detail
Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.
For more information, see:
Try it yourself,
control security posture
control security posture