# This software is distributed under the terms of the GPL, which should have been received
# with a copy of this software in the "LICENSE.txt" file.
# this checks Apache user enumeration. Do this is a plugin so we can do a test of a bogus
# user to see if we're getting bad data or not. Thanks to Jericho for pointing out the FPs
# The original Nikto check looked like:
# check,apache,/,~root,"Forbidden",GET,"Enumeration of users is possible by requesting ~username (responds with Forbidden for real users, not found for non-existent users)."
if ($CONTENT !~ /forbidden/i) # Good, it gave an error instead of forbidden
{
$VULS++;
nprint("+ /~root - Enumeration of users is possible by requesting ~username (responds with Forbidden for real users, not found for non-existent users) (GET).");