- WebApp login error username enumeration (custom per webapp, use python/burp)
- WebApp URL/Cookie differences (customer per webapp, use python/burp)
- Document Metadata from google dork (https://github.com/ElevenPaths/FOCA)
- Public leaks/dumps (mostly just linkedin)
- skype/Lyncsmash (https://github.com/nyxgeek/lyncsmash)
- Exposed SMB/RID Cycling (https://github.com/portcullislabs/enum4linux)
- Kerberos Username Validation (https://nmap.org/nsedoc/scripts/krb5-enum-users.html)
- OWA username enumeration (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/owa_login.rb)
- WordPress logins (https://github.com/wpscanteam/wpscan)
- Openssh username enumeration (https://www.exploit-db.com/exploits/45233)
- SMTP VRFY Username Enumeration (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smtp/smtp_enum.rb)
- SMTP EXPN Username Enumeration (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smtp/smtp_enum.rb)
- SMTP RCPT TO Username Enumeration (http://pentestmonkey.net/tools/user-enumeration/smtp-user-enum)
Monday, November 26, 2018
Ways to Enumerate Users
A couple of methods to identify usernames that can then be used in other areas of a pentest are below. I added as many as I could think of. I limited it to ones mostly seen from the public Internet.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment