{"id":13539622,"url":"https://github.com/lucifer1993/struts-scan","last_synced_at":"2025-05-16T10:06:47.016Z","repository":{"id":43269597,"uuid":"72543167","full_name":"Lucifer1993/struts-scan","owner":"Lucifer1993","description":"Python2编写的struts2漏洞全版本检测和利用工具","archived":false,"fork":false,"pushed_at":"2019-05-07T02:12:17.000Z","size":26704,"stargazers_count":1427,"open_issues_count":1,"forks_count":506,"subscribers_count":59,"default_branch":"master","last_synced_at":"2025-05-16T10:06:45.280Z","etag":null,"topics":["python2","struts-exp","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Lucifer1993.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-01T14:19:04.000Z","updated_at":"2025-05-15T10:40:27.000Z","dependencies_parsed_at":"2022-07-09T07:16:43.910Z","dependency_job_id":null,"html_url":"https://github.com/Lucifer1993/struts-scan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lucifer1993%2Fstruts-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lucifer1993%2Fstruts-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lucifer1993%2Fstruts-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lucifer1993%2Fstruts-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Lucifer1993","download_url":"https://codeload.github.com/Lucifer1993/struts-scan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254509476,"owners_count":22082891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python2","struts-exp","vulnerability-scanners"],"created_at":"2024-08-01T09:01:29.613Z","updated_at":"2025-05-16T10:06:46.130Z","avatar_url":"https://github.com/Lucifer1993.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner"],"readme":"# struts-scan\n快速检测struts命令执行漏洞，可批量。\n\n# 运行环境\nMAC/Linux下的Python2\n\n# 支持对以下版本的检测\n\nST2-005\n\nST2-008\n\nST2-009\n\nST2-013\n\nST2-016\n\nST2-019\n\nST2-020\n\nST2-devmode\n\nST2-032\n\nST2-033\n\nST2-037\n\nST2-045\n\nST2-046\n\nST2-048\n\nST2-052\n\nST2-053\n\nST2-057\n\n# 使用\n![image](./images/poc.png)\n\n![image](./images/exp.png)\n\n# 增加\n[+]针对各版本的shell命令交互\n\n[+]struts2-052检测(利用后面会加上)\n\n[+]struts2-053检测+利用(需要提供参数)\n\n[+]检测过程中输出超时原因\n\n[+]兼容HTTP/1.0，修复了struts-045检测不准确的问题\n\n[+]struts2-046检测+利用\n\n[+]修改struts2-048的payload\n\n[+]针对某些超时的情况,注释掉 httplib.HTTPConnection._http_vsn = 10 和httplib.HTTPConnection._http_vsn_str = 'HTTP/1.0'这两行再测试一遍,因为有的可能不支持HTTP/1.0的协议。\n\n[+]增加linux和win的可执行文件,windows需要.NET环境。\n\n[+]增加写入文件功能,针对有漏洞的struts版本号会自动写入success.txt文件。\n\n[+]增加struts2-057检测和利用,生产环境还没有找到可利用的例子，实属鸡肋的洞,参考https://github.com/Ivan1ee/struts2-057-exp\n\n# 特别说明\n此工具仅限于漏洞验证，如若使用者引起相关的法律责任请自负，开发者不承担连带责任。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flucifer1993%2Fstruts-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flucifer1993%2Fstruts-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flucifer1993%2Fstruts-scan/lists"}