Skip to content
/ check_struts Public

Apache Struts version analyzer (Ansible) based on CVE-2017-5638

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andypitcher/check_struts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
ansible-playbook
ansible-playbook
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
check-struts.sh
check-struts.sh
 
 

Repository files navigation

check_struts

This project has been created following 2017 Equifax exploit

The check_struts.sh script aims at retrieving any Apache struts libraries version and location found and/or loaded on the system. It can be run directly on a server, or with the provided Ansible playbook, to handle several servers.

Possible Outputs:

  • "Libs path and versions loaded on the system:"

    The libraries found are currently running on the system, and could be accessible.

  • "Libs path and versions installed on the system:"

    The librairies are present on the filesystem, but not running.

Example with Ansible Playbook:

➜  ansible-playbook git:(master) ✗ ansible-playbook play.yml -i inventory

PLAY [Check Struts] ***********************************************************************************************************************************************************************************************

TASK [ensure a list of packages installed] ************************************************************************************************************************************************************************
ok: [servername]

TASK [Upload script check-struts.sh] ******************************************************************************************************************************************************************************
ok: [servername]

TASK [Check if struts presence/version] ***************************************************************************************************************************************************************************
ok: [servername]

TASK [debug] ******************************************************************************************************************************************************************************************************
skipping: [servername]

TASK [Remove check-struts.sh] *************************************************************************************************************************************************************************************
ok: [servername]

PLAY RECAP ********************************************************************************************************************************************************************************************************
servername                 : ok=4    changed=0    unreachable=0    failed=0

Apache Struts full CVEs

About

Apache Struts version analyzer (Ansible) based on CVE-2017-5638

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages