Script`ajp-brute`

Script types:portrule
Categories:intrusive,brute
Download:https://svn.nmap.org/nmap/scripts/ajp-brute.nse

Script Summary

Performs brute force passwords auditing against the Apache JServ protocol.The Apache JServ Protocol is commonly used by web servers to communicate withback-end Java application server containers.

Script Arguments

ajp-brute.path: URL path to request. Default: /
creds.[service],creds.global: See the documentation for thecreds library.
smbdomain,smbhash,smbnoguest,smbpassword,smbtype,smbusername: See the documentation for thesmbauth library.
passdb,unpwdb.passlimit,unpwdb.timelimit,unpwdb.userlimit,userdb: See the documentation for theunpwdb library.
brute.credfile,brute.delay,brute.emptypass,brute.firstonly,brute.guesses,brute.mode,brute.passonly,brute.retries,brute.start,brute.threads,brute.unique,brute.useraspass: See the documentation for thebrute library.
slaxml.debug: See the documentation for theslaxml library.
http.host,http.max-body-size,http.max-cache-size,http.max-pipeline,http.pipeline,http.truncated-ok,http.useragent: See the documentation for thehttp library.

Example Usage

nmap -p 8009 <ip> --script ajp-brute

Script Output

PORT     STATE SERVICE8009/tcp open  ajp13| ajp-brute:|   Accounts|     root:secret - Valid credentials|   Statistics|_    Performed 1946 guesses in 23 seconds, average tps: 82

Requires

Author:

Patrik Karlsson

License: Same as Nmap--Seehttps://nmap.org/book/man-legal.html