{"id":13616232,"url":"https://github.com/xfiftyone/STS2G","last_synced_at":"2025-04-14T00:31:53.358Z","repository":{"id":41194717,"uuid":"234452448","full_name":"xfiftyone/STS2G","owner":"xfiftyone","description":"Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang","archived":false,"fork":false,"pushed_at":"2022-01-10T14:04:39.000Z","size":239,"stargazers_count":571,"open_issues_count":0,"forks_count":98,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-10-29T16:58:07.906Z","etag":null,"topics":["golang","golang-application","security","struts2-exp","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xfiftyone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-17T02:17:24.000Z","updated_at":"2024-10-18T02:18:47.000Z","dependencies_parsed_at":"2022-07-14T10:31:24.097Z","dependency_job_id":null,"html_url":"https://github.com/xfiftyone/STS2G","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xfiftyone%2FSTS2G","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xfiftyone%2FSTS2G/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xfiftyone%2FSTS2G/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xfiftyone%2FSTS2G/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xfiftyone","download_url":"https://codeload.github.com/xfiftyone/STS2G/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248782272,"owners_count":21160716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","golang-application","security","struts2-exp","vulnerability"],"created_at":"2024-08-01T20:01:25.535Z","updated_at":"2025-04-14T00:31:52.968Z","avatar_url":"https://github.com/xfiftyone.png","language":"Go","readme":"# STS2G\nStruts2漏洞测试-Golang版，部分POC参考了众多优秀项目如[Struts2-Scan](https://github.com/HatBoy/Struts2-Scan)，漏洞测试环境采用[vulhub](https://github.com/vulhub/vulhub/tree/master/struts2).  \n目前两种模式`scan`和`exec`支持：  \n*struts2-001*  、*struts2-005*  、*struts2-007*  、*struts2-008*  、*struts2-009*  、*struts2-012*  、*struts2-013*  、*struts2-015*  、*struts2-016*  、*struts2-045*  、*struts2-046*  、*struts2-048*  、*struts2-053*  、*struts2-057*  \n## 使用方法  \n```\n...\\STS2G-master\u003ego build\n\nD:\\Struts2-Test\u003eST2SG.exe -h\nNAME:\n   ST2SG - Struts2 Scanner Written in Golang\n\nUSAGE:\n   ST2SG --url http://xxxxxxx.com/test.action --vn 15 --mode scan\n\nAUTHOR:\n   x51\n\nCOMMANDS:\n   help, h  Shows a list of commands or help for one command\n\nGLOBAL OPTIONS:\n   --mode value  Specify work mode\n   --vn value    Vulnerability number (default: 0)\n   --url value   Set target url\n   --cmd value   Exec command(Only works on mode exec.)\n   --data value  Specific vulnerability packets\n   --help, -h    show help (default: false)\n```\n![avatar](./Example.png)  \n### 默认扫描模式(不建议):  \n```ST2SG --url http://xxx.com/index.action --mode scan```  \n### 指定漏洞扫描模式：  \n```ST2SG --url http://xxx.com/index.action --vn 15 --mode scan```  \n### 命令执行模式：  \n```ST2SG --url http://xxx.com/index.action --vn 15 --mode exec --cmd \"cat /etc/passwd\"```  \n### 自定义参数：  \n*基于以上方法，分两种情况，自定义GET参数名，和自定义POST数据包内容，POST方式需要在数据包中指定一下要测试的参数并用fuckit标记出来.*  \n#### POST  \n```ST2SG --mode scan --url http://xxx.com/index.action --vn 007 --data \"name=fuckit\u0026pass=qwer\"```  \n以Struts2-001为例，登录请求包如下：  \n```\nPOST /login.action HTTP/1.1\nHost: 192.168.123.128:8080\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 25\nOrigin: http://192.168.123.128:8080\nConnection: close\nReferer: http://192.168.123.128:8080/\nCookie: JSESSIONID=51B574E47166823D7622CA583D71954E\nUpgrade-Insecure-Requests: 1\n\nusername=aaa\u0026password=bbb\n```  \n![avatar](./s001.png)  \n#### GET  \n```ST2SG --mode scan --url http://xxx.com/index.action --vn 009 --data \"name\"```  \n以Struts2-009为例，GET请求如下：  \n```\nhttp://192.168.123.128:8080/ajax/example5.action?age=1\u0026name=aaa\n```  \n![avatar](./s009.png)  \n## 补充  \n1、强烈建议使用vn参数；  \n2、自定义POC只需在utils中修改/增加为自己的即可；  \n3、部分漏洞支持获取webpath，功能函数已经在各自漏洞模块中实现（func GetWebPath），可自行调用；  \n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxfiftyone%2FSTS2G","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxfiftyone%2FSTS2G","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxfiftyone%2FSTS2G/lists"}