# Struts2-RCE
A Burp Extender for checking for struts 2 RCE vulnerabilities.
# Description
This burp extension helps identifying Struts2 remote code execution vulnerabilities in struts2 web application. This Burp extension detects following 18 RCEs and they are
* S2-001
* S2-007
* S2-008
* S2-012
* S2-013
* S2-014
* S2-015
* S2-016
* S2-019
* S2-029
* S2-032
* S2-033
* S2-037
* S2-045
* S2-048
* S2-053
* S2-057
* S2-DevMode
## Loading the extension
```bash
Burp Suite->Extender->Add->Select the Struts.jar file->Next.
```
Once loaded without any error a new tab will popup within existing burp instance.
## Usage
A single HTTP request can be scanned just by Right clicking on the selected request and click on 'Check for Struts RCE'.
Scanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.
```bash
Burp->Target->Site map->Contents->Select all the URLs to be scanned->Right click->'Check for Struts RCE'.
```
If the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.
**Note:** Make sure **Extender** is checked under **Session Handling Rules**.
```bash
Burp->Project options->Session Handling Rules->Click on Edit->Scope->Tools Scope->Check mark Extender->Save.
```
**Credits**
* Prakhar Athreya
没有合适的资源?快使用搜索试试~ 我知道了~
Burpsuite插件2.zip
共18个文件
jar:16个
properties:1个
md:1个
需积分: 0 0 下载量 38 浏览量
2023-03-21
00:59:42
上传
评论
收藏 158.51MB ZIP 举报
温馨提示
Burpsuite插件2.zip
资源推荐
资源详情
资源评论
收起资源包目录
Burpsuite插件2.zip (18个子文件)
NPSauto-1.0.jar 12KB
URISearch_V1.1_T00LS_bate.jar 41KB
TsojanScan-1.4.3-jar-with-dependencies.jar 9.96MB
OutLook-1.2.0.jar 15.07MB
passive-scan-client-0.3.1.jar 48KB
J2EEScan.jar 8.29MB
RouteVulScan-1.4.jar 32.83MB
sqlmap4burp++.0.2.jar 33KB
turbo-intruder-all.jar 36.72MB
Struts2-RCE-master
struts_ext_v2.jar 23KB
README.md 1KB
HTTPHeadModifer.v0.1.jar 182KB
knife-2.1-jar-with-dependencies.jar 17.27MB
JWT4B-jar-with-dependencies.jar 3.7MB
HaE-2.4.6-J8.jar 1.04MB
jython
jython-standalone-2.7.2.jar 41.06MB
log4j2burpscanner-0.22.0-jdk8.jar 7.19MB
log4j2burpscanner.properties 54B
共 18 条
- 1
资源评论
admin-r꯭o꯭ot꯭
- 粉丝: 2w+
- 资源: 24
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- MyBatis 动态 SQL:灵活而强大的查询构建器.pdf
- com.accordion.prettyo.apk
- 毕业设计:基于SSM的mysql-ssm软件bug管理系统(源码 + 数据库 + 说明文档)
- MTSQL8.0.35windows(64bit)-mysql-installer-community-8.0.35.0
- 人工智能引领音乐创作新时代之Suno AI
- Public-bicycle-usage-forecast-master.zip
- 通道处理过程模拟:从理论到实践.pdf
- 数据库第七次作业E-R图第一题
- 大厂面试真题Java语法基础面试专题及答案
- IMG20240428211124.jpg
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功