Brute forcing usernames
For small but regular instances, a small tool that enables you to quickly check something will suffice. What about those bigger jobs? Maybe you've got a big haul from open source intelligence gathering and you want to see which of those users use an application you are targeting. This recipe will show you how to automate the process of checking for usernames that you have stored in a file.
Getting ready
Before you use this recipe, you will need to acquire a list of usernames to test. This can either be something you have created yourself, or you can use a word list found within Kali. If you need to create your own list, a good place to start would be to use common names that are likely to be found in a web application. These could include usernames such as user, admin, administrator, and so on.
How to do it…
This script will attempt to check usernames in a list provided to determine whether or not an account exists within the application:
#brute force username...
