Awesome

⚡   xShock ShellShock   ⚡

<img src="https://i.imgur.com/PHIwqe7.png" width="60%"></img>

Written by TMRSWRR

Version 1.0.0

xShock ShellShock (CVE-2014-6271)

This tool exploits shellshock.

Instagram: TMRSWRR

🖼️ Screenshots 🖼️

<img src="https://i.imgur.com/lBI2Bnf.png" width="32%"></img> <img src="https://i.imgur.com/T5AgZjX.png" width="32%"></img> <img src="https://i.imgur.com/lyfeMxJ.png" width="32%"></img> <img src="https://i.imgur.com/WREKK5f.png" width="32%"></img> <img src="https://i.imgur.com/xuQuwaV.png" width="32%"></img> <img src="https://i.imgur.com/S5RHqGP.png" width="32%"></img>

📹 How to use 📹

Click on the image...

📒 Read Me 📒

All founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt.

🧰 Features 🧰

This tool include:

• CGI VULNERABILITY
• DIRECTORY SCAN
• RUN COMMAND WITH FOUNDED CGI
• SHOW VULNERABLE URLS
• UPDATE PROXY

📀 Installation 📀

Installation with requirements.txt

git clone https://github.com/capture0x/xShock/
cd xShock
pip3 install -r requirements.txt

Usage

python3 main.py

CGI VULNERABILITY

Checks cgi-bin directory on the target site

e.g:

http://targetsite.com

DIRECTORY SCAN

This works with wordlists. Scans url on the target site. Important notice: Please enter full path of wordlist after the url.(Not file. It should be directory)

e.g: http:// targetsite.com/cgi-bin/selectedworlist

e.g:

http://targetsite.com/cgi-bin
/usr/share/wordlists/dirb  --> This is directory of wordlist. Not file!

RUN COMMAND WITH FOUNDED CGI

By entering the url in the vuln.txt file, you can try running commands in the found urls.

http://targetsite.com/cgi-bin/status

SHOW VULNERABLE URLS

Shows founded urls in vuln.txt file.

UPDATE PROXY

You can update proxies from web manually.

Known Issues

--

Bugs and enhancements

For bug reports or enhancements, please open an issue here.

Copyright 2020