https://github.com/qi4L/Struts2Scan-go

用golang实现的Struts2扫描工具
https://github.com/qi4L/Struts2Scan-go

Last synced: 13 days ago
JSON representation

用golang实现的Struts2扫描工具

• Host: GitHub
• URL: https://github.com/qi4L/Struts2Scan-go
• Owner: qi4L
• Archived: true
• Created: 2023-03-10T07:46:15.000Z (almost 2 years ago)
• Default Branch: master
• Last Pushed: 2024-01-11T06:29:34.000Z (about 1 year ago)
• Last Synced: 2024-11-27T13:50:13.684Z (about 2 months ago)
• Language: Go
• Size: 32.2 KB
• Stars: 69
• Watchers: 3
• Forks: 9
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - qi4L/Struts2Scan.go - 用golang实现的Struts2扫描工具 (Go)

README

        
用Golang重写[Struts2-Scan](https://github.com/HatBoy/Struts2-Scan)项目。

工具参数说明

```

Usage of main.exe:

  -u url

      you target, example: https://192.168.1.1

  -c command

      you want execute command, example: "whoami"

  -n name

      漏洞名，可选S2-001, S2-003, S2-005, S2-007, S2-008, S2-009, S2-012, S2-013, S2-015, S2-016, S2-019,

                S2-029, S2-032, S2-033, S2-037, S2-045, S2-046, S2-048, S2-052, S2-053, S2-devMode, S2-057,allPoc(除了s2-052)

                (单独使用POC | EXP 例: S2-001 | s2-001_Cmd | s2-001_WebPath)

  -d data

          POST , 需要使用的payload使用{exp}填充, 如: name=test&passwd={exp}

  -t Type

      指定contentType头

```

+ 一键检测

```

GolangStruts2.exe -u http://127.0.0.1 -n allPoc

```

+ 单个利用

```

GolangStruts2.exe -u http://127.0.0.1 -n S2-001 -c whoami

```