Now you can request a feature, improvement or collaborate with us.

Apache Users enumerate the usernames on any system that uses Apache with the UserDir

System administrators can monitor external threats using apache-users.

Server User Url Http Status
Disclaimer

This tool is intended to help system administrators and other security researchers assess threats on the systems they OWN. Unauthorized use of this tool on the system you don't own is prohibited. And we don't take resposibility

Options

Apache User features

  • Enumerate the usernames on any system Enumerate the usernames on any system
  • Checks up to 800+ Users Checks up to 800+ Users
Online theHarvester
About this tool

This tools can help system administrators assess external threats to there apache servers. This scripts works by checking if the user is available on an apache system. For this tool to work it requires that the apache system be running UserDir module. With out this UserDir Module this script can't work at all.

How Apache UserDir works

By using this module you are allowing multiple users to host content within the same origin. The same origin policy is a key principle of Javascript and web security. By hosting web pages in the same origin these pages can read and control each other and security issues in one page may affect another. This is particularly dangerous in combination with web pages involving dynamic content and authentication and when your users don't necessarily trust each other.