The Honerix infrastructure leverages plugin modules to mimic the behavior of different web applications, trying to push attackers into deploying their malicious payload. This page lists and describes available plugins; by clicking on the plugin name you are redirected to the results for that module.
Remote Code Execution can be performed via "method:" prefix when Dynamic Method Invocation is enabled
Plugin ID: 35eaed8dafb6344a5574db94a4e0ce45
Apache Struts2 (2.3.5-2.3.31 and 2.5-2.5.10) RCE on file upload with Jakarta Multipart parser
Plugin ID: ffb3ec6a0a9e06a692cee5cb41a1ae77
Struts2 (v2.0.0 - 2.3.15) is vulnerable to remote OGNL injection which leads to arbitrary Java method execution on the target server.
Plugin ID: fe0kao2aihoongoo6eithungeozei8wo