Description

This plugin will try to find user home directories based on the knowledge gained by other plugins, and an internal knowledge base. For example, if the target URL is:

  • http://test/

And other plugins found this valid email accounts:

This plugin will request:

  • http://test/~test/
  • http://test/test/
  • http://test/~f00b4r/
  • http://test/f00b4r/

If the response is not a 404 error, then we have found a new URL. And confirmed the existance of a user in the remote system. This plugin will also identify the remote operating system and installed applications based on the user names that are available.

Plugin type

Crawl

Options

Name Type Default Value Description Help
identify_os boolean True Try to identify the remote operating system based on the remote users No detailed help available
identify_apps boolean True Try to identify applications installed remotely using the available users No detailed help available

Source

For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
github-logoPlugin source code
Unittest source code

Dependencies

This plugin depends on infrastructure.finger_bing, infrastructure.finger_google, infrastructure.finger_pks.