A CUI Struts2 Vulnerability Exploit
一款命令行下的St2漏洞扫描+利用工具
Made By 苍冥
特别感谢WP团队的太子、哈喽、以及其他给我提建议的小伙伴们
Belongs to WindPunish Team
WindPunish团队所有
Declearation: This script is to examine the Struts2 vulnerability of YOUR SITE, I will not take responsibility for the abuse of this script. If you misuse it, then that's your problem.
声明: 这工具只是用来检测你的网站的Struts2漏洞, 任何用此工具做的破坏等本人概不负责, 如果你滥用这工具,那是你自己的责任。
“双刃剑可亦正亦邪”
-苍冥
This script is still in development...
工具还在开发中,别急,反正我不急。
用法在这里,工具还没写好,只是初期的网站St2漏洞检测。
Usage:
RushSt2.py -u www.abcdefg.com/login.action
RushSt2.py -f url_list.txt
RushSt2.py -u www.abcdefg.com/login.action -e S2-016
RushSt2.py -u www.abcdefg.com/login.action -m POST
RushSt2.py -u www.abcdefg.com/login.action --upload C:/webshell.jsp
RushSt2.py -u www.abcdefg.com/login.action --cmd-shell