Drupal User Enumeration Scanner

Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.

Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.

For more information, see:

• http://www.madirish.net/node/465