ident-user-enum

ident-user-enum is a simple Perl script designed to query the ident service on remote hosts to identify which OS-level user owns the process listening on specific TCP ports. This information is valuable during penetration testing as it allows security professionals to prioritize attacking services running with elevated privileges like root.

The tool connects to port 113/TCP (ident service) on the target and requests ownership details for the specified ports. Services running as root or other privileged users become high-priority targets since they may offer greater access if compromised.

Additionally, the usernames discovered can be used as a wordlist for password brute-force or guessing attacks against other network services on the same target, significantly improving attack success rates.

The tool establishes a TCP connection to port 113 (ident/auth service) on the target host and sends ident queries in the format 'port,remote-port' for each specified local port. The ident server responds with the username associated with the process listening on the queried local port, assuming the ident service is running and configured to disclose this information. It leverages Perl libraries libnet-ident-perl and libio-socket-ip-perl for network communication and parsing.