Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: HatBoy/Struts2-Scan
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: lNwNl/Struts2-Scan
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Able to merge. These branches can be automatically merged.
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Nov 6, 2022

  1. Update Struts2Scan.py

    去除原本对于是否可以进行漏洞利用的判断,由此去除了判断中存在的bug
    lNwNl authored Nov 6, 2022
    Copy the full SHA
    603707a View commit details
  2. Create Dockerfile

    添加Dockerfile
    lNwNl committed Nov 6, 2022
    Copy the full SHA
    5bb06c8 View commit details
Showing with 23 additions and 3 deletions.
  1. +20 −0 Dockerfile
  2. +3 −3 Struts2Scan.py
20 changes: 20 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
FROM python:3.6-slim-stretch

LABEL MAINTAINER "NwN"

RUN echo "deb http://mirrors.ustc.edu.cn/debian/ stretch main \
deb http://mirrors.ustc.edu.cn/debian-security stretch/updates main \
deb http://mirrors.ustc.edu.cn/debian stretch-updates main"> /etc/apt/sources.list

RUN apt-get update && \
apt-get install -y git

RUN /usr/local/bin/python -m pip install --upgrade pip && \
pip install requests bs4 click

RUN git clone https://github.com/HatBoy/Struts2-Scan.git

RUN echo '#!/bin/bash \
sleep infinity' > start.sh

ENTRYPOINT ["/bin/bash", "start.sh"]
6 changes: 3 additions & 3 deletions Struts2Scan.py
Original file line number Diff line number Diff line change
@@ -1499,9 +1499,9 @@ def main(info, version, url, file, name, data, header, encode, proxy, exec, reve
if name and url:
# 指定漏洞利用
name = name.upper().replace('-', '_')
if name not in s2_list:
click.secho("[ERROR] 暂不支持{name}漏洞利用".format(name=name), fg="red")
exit(0)
# if name not in s2_list:
# click.secho("[ERROR] 暂不支持{name}漏洞利用".format(name=name), fg="red")
# exit(0)
s = s2_dict[name](url, data, header, encode)
s.check()
if not s.is_vul: