mazen160 / Struts Pwn
Licence: mit
An exploit for Apache Struts CVE-2017-5638
Stars: ✭ 391
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Struts Pwn
CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-94.88%)
Mutual labels: exploit, apache
Slowloris
Asynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-86.96%)
Mutual labels: exploit, apache
Htshells
Self contained htaccess shells and attacks
Stars: ✭ 708 (+81.07%)
Mutual labels: exploit, apache
Struts Pwn cve 2018 11776
An exploit for Apache Struts CVE-2018-11776
Stars: ✭ 300 (-23.27%)
Mutual labels: exploit, apache
Exploit Cve 2016 10033
PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container
Stars: ✭ 356 (-8.95%)
Mutual labels: exploit
Gtfo
Search gtfobins and lolbas files from your terminal
Stars: ✭ 336 (-14.07%)
Mutual labels: exploit
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (-16.62%)
Mutual labels: exploit
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (-1.02%)
Mutual labels: exploit
Linux Kernel Exploitation
A collection of links related to Linux kernel security and exploitation
Stars: ✭ 3,859 (+886.96%)
Mutual labels: exploit
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+973.4%)
Mutual labels: exploit
Devilbox
A modern Docker LAMP stack and MEAN stack for local development
Stars: ✭ 3,598 (+820.2%)
Mutual labels: apache
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-6.39%)
Mutual labels: exploit
Cve 2018 7600
💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
Stars: ✭ 330 (-15.6%)
Mutual labels: exploit
Androrat
AndroRAT | Remote Administrator Tool for Android OS Hacking
Stars: ✭ 340 (-13.04%)
Mutual labels: exploit
struts-pwn
An exploit for Apache Struts CVE-2017-5638
Usage
Testing a single URL.
python struts-pwn.py --url 'http://example.com/struts2-showcase/index.action' -c 'id'
Testing a list of URLs.
python struts-pwn.py --list 'urls.txt' -c 'id'
Checking if the vulnerability exists against a single URL.
python struts-pwn.py --check --url 'http://example.com/struts2-showcase/index.action'
Checking if the vulnerability exists against a list of URLs.
python struts-pwn.py --check --list 'urls.txt'
Requirements
- Python2 or Python3
- requests
Legal Disclaimer
This project is made for educational and ethical testing purposes only. Usage of struts-pwn for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
License
The project is licensed under MIT License.
Author
Mazin Ahmed
- Website: https://mazinahmed.net
- Email: mazin AT mazinahmed DOT net
- Twitter: https://twitter.com/mazen160
- Linkedin: http://linkedin.com/in/infosecmazinahmed
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].