StrutsHoneypot updated for Apache Struts content-disposition vulnerability

With an exploit now in-the-wild for the Apache Struts content-disposition vulnerability, Cymmetria Research is releasing an updated version of StrutsHoneypot.

This exploit has been a bit more complex to develop for, and StrutsHoneypot will only detect it, not block. PHP does not easily allow for handling of raw data when posting multipart data.

You can download StrutsHoneypot here:

StrutsHoneypot was written by Nir Krakowski (@nirkrakowksi) and Imri Goldberg (@lorgandon), and you can contact us at with any bugs or requests.

Please consider trying out MazeRunner Community Edition, the free version of our cyber deception platform:


Share this: