File `ajp-brute`

脚本使用类型: portrule
脚本所属分类: intrusive, brute
脚本下载地址: http://nmap.org/svn/scripts/ajp-brute.nse

User Summary

Performs brute force passwords auditing against the Apache JServ protocol. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers.

Script Arguments

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

执行格式

nmap -p 8009 <ip> --script ajp-brute

Script Output

PORT     STATE SERVICE
8009/tcp open  ajp13
| ajp-brute: 
|   Accounts
|     root:secret - Valid credentials
|   Statistics
|_    Performed 1946 guesses in 23 seconds, average tps: 82

Requires

Author: Patrik Karlsson

License: VER007 整理 http://www.ver007.com

File ajp-brute