Categories: safe, vuln, discovery
Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers.
The script searches for callback functions in the response to detect JSONP endpoints. It also tries to determine callback function through URL(callback function may be fully or partially controllable from URL) and also tries to bruteforce the most common callback variables through the URL.
The URL path to request. The default path is "/".
slaxml.debugSee the documentation for the slaxml library.
httpspider.doscraping, httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhostSee the documentation for the httpspider library.
http.host, http.max-cache-size, http.max-pipeline, http.pipeline, http.useragentSee the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
nmap -p 80 --script http-jsonp-detection <target>
80/tcp open http syn-ack | http-jsonp-detection: | The following JSONP endpoints were detected: |_/rest/contactsjp.php Completely controllable from URL
License: Same as Nmap--See https://nmap.org/book/man-legal.html