Home

Awesome

shellshock-scanner

A simple Shellshock scanner in python

Test 1: uses the command sleep in different headers and check differences between delays to check the vulnerability. Test 2: uses the command ping -cX 127.0.0.1 and check differences between delays. Test 3: try to print a string and get it (causes a lot of False Positives)

Receives a host list and a cgi list (and the number of threads).

It uses only 1 thread per host to avoid time differences caused by multiple requests at the same time.

It can cause some False positives (Retest the possible possitives).

I know is not the most portable code that you have ever seen but... it works ^ ^u. Anyway, any improvement is always welcome :)

TODO Tests:

  1. Try to write a file in /var/www and read it? (this would be quite intrusive)
  2. Send mail with info
  3. Ping IP address (then have a listener)

Output CSV file

Columns:

Useful stuff

If a 100K lines CSV is a bit Long, you can search quickly for Vulnerable lines with the command: $ grep '^[^,],[^,],True' <output.csv>

Or Warning = True lines with: $ grep '^[^,],[^,],[^,],[^,],True' <output.csv>

Have fun :D