{"id":13842198,"url":"https://github.com/prakharathreya/Struts2-RCE","last_synced_at":"2025-07-11T14:31:08.517Z","repository":{"id":37708701,"uuid":"238141637","full_name":"prakharathreya/Struts2-RCE","owner":"prakharathreya","description":"A Burp Extender for checking for struts 2 RCE vulnerabilities.","archived":false,"fork":false,"pushed_at":"2024-06-04T10:19:33.000Z","size":25,"stargazers_count":278,"open_issues_count":1,"forks_count":40,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-05T17:30:53.146Z","etag":null,"topics":["burp-extensions","struts2","struts2-rce"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/prakharathreya.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-02-04T06:47:16.000Z","updated_at":"2024-07-03T22:16:22.000Z","dependencies_parsed_at":"2024-01-28T03:58:09.585Z","dependency_job_id":"d850be70-b200-440a-980b-98bf2b4e65d5","html_url":"https://github.com/prakharathreya/Struts2-RCE","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prakharathreya%2FStruts2-RCE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prakharathreya%2FStruts2-RCE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prakharathreya%2FStruts2-RCE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/prakharathreya%2FStruts2-RCE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/prakharathreya","download_url":"https://codeload.github.com/prakharathreya/Struts2-RCE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729899,"owners_count":17515186,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","struts2","struts2-rce"],"created_at":"2024-08-04T17:01:29.177Z","updated_at":"2024-11-21T12:31:00.681Z","avatar_url":"https://github.com/prakharathreya.png","language":null,"funding_links":[],"categories":["Others (1002)","Others"],"sub_categories":[],"readme":"# Struts2-RCE\nA Burp Extender to check for struts 2 RCE vulnerabilities.\n\n# Description\n\nThis burp extension helps identify Struts2 remote code execution vulnerabilities in the struts2 web application. This Burp extension detects the following 18 RCEs: \n\n* S2-001 \n* S2-007\n* S2-008\n* S2-012\n* S2-013\n* S2-014\n* S2-015\n* S2-016\n* S2-019\n* S2-029\n* S2-032\n* S2-033\n* S2-037\n* S2-045\n* S2-048\n* S2-053\n* S2-057\n* S2-DevMode\n\n## Loading the extension\n\n```bash\nBurp Suite-\u003eExtender-\u003eAdd-\u003eSelect the Struts.jar file-\u003eNext.\n```\nOnce loaded without any error a new tab will pop up within the existing burp instance.\n\n## Usage\n\nA single HTTP request can be scanned just by Right-clicking on the selected request and clicking on 'Check for Struts RCE'.\n\n\nScanning multiple requests or scanning a complete application requires a complete crawl of the application. Note, this extension will not attempt to find any new parameter rather it will target only the existing parameters.\n\n```bash\nBurp-\u003eTarget-\u003eSite map-\u003eContents-\u003eSelect all the URLs to be scanned-\u003eRight click-\u003e'Check for Struts RCE'.\n```\n\nIf the URL or any parameter is prone to any Struts2 vulnerabilities it will populate under the “Struts Finder” tab. If not vulnerable, no data will reflect.\n\n**Note:** Make sure **Extender** is checked under **Session Handling Rules**.\n```bash\nBurp-\u003eProject options-\u003eSession Handling Rules-\u003eClick on Edit-\u003eScope-\u003eTools Scope-\u003eCheck mark Extender-\u003eSave.\n```\n\n**Credits**\n\n* Prakhar Athreya\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprakharathreya%2FStruts2-RCE","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprakharathreya%2FStruts2-RCE","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprakharathreya%2FStruts2-RCE/lists"}