userenumeration

timing-attack-checker

timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond to a valid username than to an invalid username.  This can be handy for bruteforcing a list of valid usernames.  I’ll work […]

Windows User Enumeration for Time Restricted Accounts

Sid released an advisory about an interesting username enumeration vulnerability over the weekend: notsosecure.com Username enumeration vulnerabilities are a classic mistake that vendors seem fated to repeat.  It’s surprising to see one in such a mature product, though.  Well spotted, Sid.

ftp-user-enum

Username guessing tool for use against the default Solaris ftp service and GNU inetutils ftpd.  Recent changes are detailed in the CHANGELOG. Download ftp-user-enum v1.0 here. SHA1sum: 2fbd86dba9f701627d415ed76100b2768b271862 MD51sum: c19ec3eb1eab6282a16514b51eb5f1c6 User documentation are also avaialble in PDF format.

finger-user-enum

Username guessing tool primarily for use against the default Solaris finger service. Also supports relaying of queries through another finger server.  Recent changes are detailed in the CHANGELOG. Download finger-user-enum v1.0 here. SHA1sum: 017e214e786df5a25336291acd3b9c8a46b3bd7b MD51sum: f18832f9d2b5210e5f51bd89f44abeee User documentation is also available in PDF format.

smtp-user-enum

Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.  Recent changes are detailed in the CHANGELOG. Download smtp-user-enum v1.2 here. MD5 and SHA1 checksums are the packages can be downloaded.  They’re based on the package name (below v.v represents the version, e.g. 1.1): http://pentestmonkey.net/tools/smtp-user-enum/smtp-user-enum-v.v-beta.tar.gz.md5 […]