Lucifer1993 / Struts Scan
Python2编写的struts2漏洞全版本检测和利用工具
Stars: ✭ 1,256
Labels
Projects that are alternatives of or similar to Struts Scan
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (-34.24%)
Mutual labels: vulnerability-scanners
Safety
Safety checks your installed dependencies for known security vulnerabilities
Stars: ✭ 982 (-21.82%)
Mutual labels: vulnerability-scanners
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (-15.92%)
Mutual labels: vulnerability-scanners
Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-98.57%)
Mutual labels: vulnerability-scanners
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-32.56%)
Mutual labels: vulnerability-scanners
Regslscan
A tool for scanning registery key permissions. Find where non-admins can create symbolic links.
Stars: ✭ 39 (-96.89%)
Mutual labels: vulnerability-scanners
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (-36.62%)
Mutual labels: vulnerability-scanners
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-94.27%)
Mutual labels: vulnerability-scanners
Ripv6
Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Stars: ✭ 10 (-99.2%)
Mutual labels: vulnerability-scanners
Iva
IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.
Stars: ✭ 49 (-96.1%)
Mutual labels: vulnerability-scanners
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+670.14%)
Mutual labels: vulnerability-scanners
Intrigue Core
Discover Your Attack Surface!
Stars: ✭ 1,013 (-19.35%)
Mutual labels: vulnerability-scanners
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (-28.74%)
Mutual labels: vulnerability-scanners
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+627.47%)
Mutual labels: vulnerability-scanners
Atscan
Advanced dork Search & Mass Exploit Scanner
Stars: ✭ 817 (-34.95%)
Mutual labels: vulnerability-scanners
Nettacker
Automated Penetration Testing Framework
Stars: ✭ 982 (-21.82%)
Mutual labels: vulnerability-scanners
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+604.14%)
Mutual labels: vulnerability-scanners
Pentest Tools Framework
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities
Stars: ✭ 48 (-96.18%)
Mutual labels: vulnerability-scanners
struts-scan
快速检测struts命令执行漏洞,可批量。
运行环境
MAC/Linux下的Python2
支持对以下版本的检测
ST2-005
ST2-008
ST2-009
ST2-013
ST2-016
ST2-019
ST2-020
ST2-devmode
ST2-032
ST2-033
ST2-037
ST2-045
ST2-046
ST2-048
ST2-052
ST2-053
ST2-057
使用
增加
[+]针对各版本的shell命令交互
[+]struts2-052检测(利用后面会加上)
[+]struts2-053检测+利用(需要提供参数)
[+]检测过程中输出超时原因
[+]兼容HTTP/1.0,修复了struts-045检测不准确的问题
[+]struts2-046检测+利用
[+]修改struts2-048的payload
[+]针对某些超时的情况,注释掉 httplib.HTTPConnection._http_vsn = 10 和httplib.HTTPConnection._http_vsn_str = 'HTTP/1.0'这两行再测试一遍,因为有的可能不支持HTTP/1.0的协议。
[+]增加linux和win的可执行文件,windows需要.NET环境。
[+]增加写入文件功能,针对有漏洞的struts版本号会自动写入success.txt文件。
[+]增加struts2-057检测和利用,生产环境还没有找到可利用的例子,实属鸡肋的洞,参考https://github.com/Ivan1ee/struts2-057-exp
特别说明
此工具仅限于漏洞验证,如若使用者引起相关的法律责任请自负,开发者不承担连带责任。
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].