Skip to content

Finger Service Users Enumeration

Hello Guys,

I am going to discuss a way to enumerate users of target system where Finger Protocol enables. but first, it’s better to understand what is finger protocol and how its work. In this post, ill Explain some theory behind Finger Service and protocol after that we’ll cover main enumeration part.

Let’s Get Started,


  1. Finger Service
  2. Explain Finger Protocol
  3. Tools for Emunration Finger.
    1. finger command
    2. Metasploit Module
    3. finger-user-enum

Finger Service

The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79. An RUIP (Remote User Information Program) is started on the remote end of the connection to process the request. The local host sends the RUIP one line query based upon the Finger query specification and waits for the RUIP to respond. The RUIP receives and processes the query, returns an answer, then initiates the close of the connection. The local host receives the answer and the close signal, then proceeds closing its end of the connection.

Explain Finger Protocol

The Finger protocol is based on Request for Comments document RFC 742 as an interface to the name and finger programs that provide status reports on a particular computer system or a particular person at network sites. The finger program was written in 1971 by Les Earnest who created the program to solve the need of users who wanted information on other users of the network. Information on who is logged-in was useful to check the availability of a person to meet. This was probably the earliest form of presence information for remote network users.

read more on Wikipedia

Enumeration on Finger Demon.

1)Finger command

In Kali Linux have found a finger command which is useful for identifying a user on target finger server.

Find Logged in users on target.

finger @TARGET-IP

the above command show u which user is currently logged in to a target system.

if there is no user logged in this will show no username.

Check User is existed or not.

now lets check a user on the target system.


if user is found it will show like this 

as we know the default username of super admin is root in Unix system Silvia is a user on the target system.

if the username is not found it will show like below.

The finger command is very useful for checking users on target but it’s painful if we brute-force for a username.

here i explain something cool utills which is do bruteforce for you. 🙂 😉

2) Metasploit

fire up your msfconsole and use scanner/finger/finger_users module .

msf > use auxiliary/scanner/finger/finger_users
msf auxiliary(scanner/finger/finger_users) > set rhosts
msf auxiliary(scanner/finger/finger_users) > set users_file /tmp/rockyou-top1000.txt
msf auxiliary(scanner/finger/finger_users) > run

this will show like this.



 tool download from 
Thanks @Pentestmonkey for this tools.
cd /tmp/
tar -xvf finger-user-enum-1.0.tar.gz
cd finger-user-enum-1.0
perl -t -U /tmp/rockyou-top1000.txt
this will print all present user on target if found in the dictionary.

That’s all for this post.
thanks for reading

If you found this is useful for u and any suggestions, complaint and feedback please comment below.


Published inganeral


  1. Ajmal ABoobacker Ajmal ABoobacker

    so your system is SUNDAY .nice article bro keep it up the machine is also an awesome one i am on the way to exploit it .thanks for article .

Leave a Reply

Your email address will not be published. Required fields are marked *