prakharathreya/Struts2-RCE prakharathreya/Struts2-RCE

  • Stars
    star
    279
  • Rank 147,467 (Top 3 %)
  • Language
  • Created over 4 years ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
prakharathreya/Struts2-RCE
github

prakharathreya

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Burp Extender for checking for struts 2 RCE vulnerabilities.

Struts2-RCE

A Burp Extender for checking for struts 2 RCE vulnerabilities.

Description

This burp extension helps identifying Struts2 remote code execution vulnerabilities in struts2 web application. This Burp extension detects following 18 RCEs and they are

  • S2-001
  • S2-007
  • S2-008
  • S2-012
  • S2-013
  • S2-014
  • S2-015
  • S2-016
  • S2-019
  • S2-029
  • S2-032
  • S2-033
  • S2-037
  • S2-045
  • S2-048
  • S2-053
  • S2-057
  • S2-DevMode

Loading the extension

Burp Suite->Extender->Add->Select the Struts.jar file->Next.

Once loaded without any error a new tab will popup within existing burp instance.

Usage

A single HTTP request can be scanned just by Right clicking on the selected request and click on 'Check for Struts RCE'.

Scanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.

Burp->Target->Site map->Contents->Select all the URLs to be scanned->Right click->'Check for Struts RCE'.

If the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.

Note: Make sure Extender is checked under Session Handling Rules.

Burp->Project options->Session Handling Rules->Click on Edit->Scope->Tools Scope->Check mark Extender->Save.

Credits

  • Prakhar Athreya