Set up Metasploit Module for Apache Struts 2 REST

Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)

A metasploit module designed for exploiting this vulnerability was released today. Using this module, vulnerable websites can be exploited and easily gain a shell. The name of this module is ‘struts2_rest_xstream’

How to install Metasploit Module for Struts?

Download Metasploit Module For Apache Struts 2 REST (CVE-2017-9805)

First you have to download the module by executing the command


Next you will have to move this downloaded file to metasploits directory

cp struts2_rest_xstream.rb /usr/share/metasploit-framework/modules/exploits/multi/http/

Now start metasploit to check whether the module is being loaded correctly.


Now load the module by running

use exploit/multi/http/struts2_rest_xstream