bakerbaker

Thanks, guys. I appreciate the information you provided, and I've since been able to also confirm vulnerability with a script within Nmap.

I'm able to successfully exploit the Apache Struts vulnerability on port 8282 within Metasploitable3. The problem is, I'm not finding a way to detect the vulnerability exists. I've downloaded http-vuln-cve2018-5638 for nmap, but that doesn't show this vulnerability, and I've also attempted struts-pwn with no luck. Additionally, the Nessus scanner shows a critical vulnerability with ManageEngine on that port, which looks like an easy exploit but doesn't indicate Struts is a problem. Nmap shows "Apache Tomcat/Coyote JSP engine 1.1", "Apache-Coyote/1.1", and "Apache Tomcat/8.0.33". Metasploit struts_dmi_rest_exec shows it's vulnerable, and as I stated, I can use this module to exploit the system. Can anyone point me to something outside of a manual check with Metasploit that I can use to check for this vulnerability? Thank you.