Skip to content

A burp extension, check Sturts2 RCE through passive scan.一款检测Struts2 RCE漏洞的burp被动扫描插件~

Notifications You must be signed in to change notification settings

ghn1ng/Struts2Burp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Struts2Burp

一款检测Struts2 RCE漏洞的burp被动扫描插件,仅检测url后缀为.do以及.action的数据包

本项目旨在学习以及自我项目检测,请勿用于非法用途!

使用

git clone https://github.com/x1a0t/Struts2Burp
cd Struts2Burp
mvn clean package -DskipTests

将目录target下生成的jar包导入burp即可

GUI只是个流量列表,同时可简单生成存在的漏洞的exp,在列表中漏洞所在列右键

无过多需求可直接采用原版,切换到mini分支即可

检测范围

  • S2-001
  • S2-003/S2-005
  • S2-007
  • S2-009
  • S2-012
  • S2-013/S2-014
  • S2-015
  • S2-016
  • S2-032
  • S2-045
  • S2-046
  • S2-057
  • S2-059
  • S2-061
  • Devmode

About

A burp extension, check Sturts2 RCE through passive scan.一款检测Struts2 RCE漏洞的burp被动扫描插件~

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%