ajp-ghostcat
OfficialExploit Apache Tomcat AJP misconfigurations.
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses vulnerabilities in Apache Tomcat's AJP connector, enabling attackers to read sensitive files, execute arbitrary code, and bypass access controls on exposed Tomcat instances.
Core Features & Use Cases
- Ghostcat File Read (CVE-2020-1938): Read sensitive files like
web.xmlor configuration files from web applications. - Remote Code Execution: Achieve RCE by uploading a JSP payload and forcing its execution via AJP attribute injection, provided a file upload primitive exists.
- Tomcat Manager Bypass: Use AJP proxying to bypass IP restrictions and gain access to the Tomcat Manager interface for deploying applications or further exploitation.
- Use Case: A penetration tester discovers an exposed AJP port (8009) on a target's web server. They use this Skill to read the
application.propertiesfile, revealing database credentials, which are then used to pivot to the database.
Quick Start
Use the ajp-ghostcat skill to read the /WEB-INF/web.xml file from the target at 10.10.10.5 on port 8009.
Dependency Matrix
Required Modules
ajpShooternmappython3
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ajp-ghostcat Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#ajp-ghostcat Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.