Script ajp-request

Script types: portrule
Categories: discovery, safe
Download: https://svn.nmap.org/nmap/scripts/ajp-request.nse

Script Summary

Requests a URI over the Apache JServ Protocol and displays the result (or stores it in a file). Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used.

The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers.

Script Arguments

username

the username to use to access protected resources

path

the path part of the URI to request

filename

the name of the file where the results should be stored

password

the password to use to access protected resources

method

AJP method to be used when requesting the URI (default: GET)

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 8009 <ip> --script ajp-request

Script Output

PORT     STATE SERVICE
8009/tcp open  ajp13
| ajp-request:
| <!DOCTYPE HTML>
| <html>
| <head>
| <title>JSP Test</title>
|
| </head>
| <body>
| <h2>Hello, World.</h2>
| Fri May 04 02:09:40 UTC 2012
| </body>
|_</html>

Requires

• ajp
• io
• shortport
• stdnse
• table

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html