id: unauth-ftp info: name: FTP Anonymous Login author: C3l3si4n severity: medium reference: - https://tools.ietf.org/html/rfc2577 tags: network,ftp description: | Anonymous FTP access allows anyone to access your public_ftp folder, allowing unidentified visitors to download (and possibly upload) files on your website. Anonymous FTP creates the potential for a security hole for hackers and is not recommended. network: - inputs: - data: "USER anonymous\r\nPASS nuclei\r\n" host: - "{{Host}}:21" - "{{Hostname}}" matchers: - type: word words: - "Anonymous access allowed," part: response