The Honerix infrastructure leverages plugin modules to mimic the behavior of different web applications, trying to push attackers into deploying their malicious payload. This page lists and describes available plugins; by clicking on the plugin name you are redirected to the results for that module.
Apache Struts2 (2.3.5-2.3.31 and 2.5-2.5.10) RCE on file upload with Jakarta Multipart parser
Plugin ID: ffb3ec6a0a9e06a692cee5cb41a1ae77
A generic PHP code execution plug-in
Plugin ID: e7733d8bb9d29b4e06297bd5a6744e6c
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014.
Plugin ID: shoh5iegea0gocuquich6ox3iebeicho
Detect exploitation attempts using the JexBoss tool
Plugin ID: cb6ab62591958ca04e5d3994891aad50
This handler intercepts attempts to deploy a webshell that leverage an authentication bypass vulnerability within the JMX console.
Plugin ID: 07ab85560cd0291cf07f625058cd000f
D-Link unauthenticated command execution on DIR-300 and DIR-600 devices
Plugin ID: 2391bb809ecfe8898fe8d1ed8bb4cd02
JBoss Web Console Remote Java Deserialization Exploit
Plugin ID: 0ff09ed75f6e28ce1e20e5facf919cce
Worm exploiting insecure JBoss settings
Plugin ID: 9342be4e03f14af0c0caaee8aca75bc0
Detect attempts at exploiting the PHP-CGI vulnerability
Plugin ID: 467b271b5f34576f13a4ab3762501b44
Remote command execution vulnerability found in k5n.us WebCalendar, version 1.2.4 or less.
CVE: CVE-2012-1495 , CVE-2012-1496
Plugin ID: wohngaesoonievongahmoomado4choul