Skip to content

This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.

Notifications You must be signed in to change notification settings

649/Apache-Struts-Shodan-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

APACHE STRUTS SHODAN EXPLOIT POC

Original code can be found here.

This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers. Shodan search parameter has been left out to weed out any skids trying to use this tool for malicious reasons. This tool is created to be treated as a proof of concept for researchers not an attack tool.

It's important to also mention this tool verifies if the host is vulnerable before performing the exploit process. Making simulated attacks stealthy.

Prerequisites

You're required to install Python 3.x

apt-get install python3

You are also required to have Shodan module installed

pip install shodan

Using Shodan API

This tool requires you to own an upgraded Shodan API

You may obtain one for free in Shodan if you sign up using a .edu email.

alt text

About

This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages