Skip to content

Apache Struts version analyzer (Ansible) based on CVE-2017-5638

License

Notifications You must be signed in to change notification settings

andypitcher/check_struts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 

Repository files navigation

check_struts

This project has been created following 2017 Equifax exploit

The check_struts.sh script aims at retrieving any Apache struts libraries version and location found and/or loaded on the system. It can be run directly on a server, or with the provided Ansible playbook, to handle several servers.

Possible Outputs:

  • "Libs path and versions loaded on the system:"

    The libraries found are currently running on the system, and could be accessible.

  • "Libs path and versions installed on the system:"

    The librairies are present on the filesystem, but not running.

Example with Ansible Playbook:

➜  ansible-playbook git:(master) ✗ ansible-playbook play.yml -i inventory

PLAY [Check Struts] ***********************************************************************************************************************************************************************************************

TASK [ensure a list of packages installed] ************************************************************************************************************************************************************************
ok: [servername]

TASK [Upload script check-struts.sh] ******************************************************************************************************************************************************************************
ok: [servername]

TASK [Check if struts presence/version] ***************************************************************************************************************************************************************************
ok: [servername]

TASK [debug] ******************************************************************************************************************************************************************************************************
skipping: [servername]

TASK [Remove check-struts.sh] *************************************************************************************************************************************************************************************
ok: [servername]

PLAY RECAP ********************************************************************************************************************************************************************************************************
servername                 : ok=4    changed=0    unreachable=0    failed=0   

Apache Struts full CVEs

About

Apache Struts version analyzer (Ansible) based on CVE-2017-5638

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages