#VERSION,1.03
#LASTMOD,02.11.2007
# (c) 2001-2007 CIRT, Inc., All Rights Reserved
# Apache user enumeration

# This software is distributed under the terms of the GPL, which should have been received
# with a copy of this software in the "LICENSE.txt" file.

# this checks Apache user enumeration. Do this is a plugin so we can do a test of a bogus
# user to see if we're getting bad data or not. Thanks to Jericho for pointing out the FPs

sub nikto_apacheusers
{
 (my $RES , $CONTENT) = fetch("/~root","GET");
 $CONTENT=char_escape($CONTENT);
 if ($CONTENT =~ /forbidden/i) # good on "root"
  {
   (my $RES , $CONTENT) = fetch("/~abcdef993454","GET");

   $CONTENT=char_escape($CONTENT);
   if ($CONTENT !~ /forbidden/i) # Good, it gave an error instead of forbidden
    {
     $VULS++;
     nprint("+ /~root - Enumeration of users is possible by requesting ~username (responds with Forbidden for real users, not found for non-existent users) (GET).");
    }
  }

}

1;