Lucene search

K
nmapPatrik KarlssonNMAP:AJP-HEADERS.NSE
HistoryMay 07, 2012 - 6:49 p.m.

ajp-headers NSE Script

2012-05-0718:49:22
Patrik Karlsson
nmap.org
103

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol server and returns the server response headers.

Script Arguments

ajp-headers.path

The path to request, such as /index.php. Default /.

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 8009 <ip> --script ajp-headers

Script Output

PORT     STATE SERVICE
8009/tcp open  ajp13
| ajp-headers:
|   X-Powered-By: JSP/2.2
|   Set-Cookie: JSESSIONID=goTHax+8ktEcZsBldANHBAuf.undefined; Path=/helloworld
|   Content-Type: text/html;charset=ISO-8859-1
|_  Content-Length: 149

Requires


local ajp = require "ajp"
local shortport = require "shortport"
local stdnse = require "stdnse"

description = [[
Performs a HEAD or GET request against either the root directory or any
optional directory of an Apache JServ Protocol server and returns the server response headers.
]]

---
-- @usage
-- nmap -p 8009 <ip> --script ajp-headers
--
-- @output
-- PORT     STATE SERVICE
-- 8009/tcp open  ajp13
-- | ajp-headers:
-- |   X-Powered-By: JSP/2.2
-- |   Set-Cookie: JSESSIONID=goTHax+8ktEcZsBldANHBAuf.undefined; Path=/helloworld
-- |   Content-Type: text/html;charset=ISO-8859-1
-- |_  Content-Length: 149
--
-- @args ajp-headers.path The path to request, such as <code>/index.php</code>. Default <code>/</code>.


portrule = shortport.port_or_service(8009, 'ajp13', 'tcp')

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

local arg_path   = stdnse.get_script_args(SCRIPT_NAME .. '.path') or "/"

action = function(host, port)
  local method
  local helper = ajp.Helper:new(host, port)
  helper:connect()

  local status, response = helper:get(arg_path)
  helper:close()

  if ( not(status) ) then
    return stdnse.format_output(false, "Failed to retrieve server headers")
  end
  return stdnse.format_output(true, response.rawheaders)
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:AJP-HEADERS.NSE