Home

Awesome

Shocker

A tool to find and exploit servers vulnerable to Shellshock

Ref: https://en.wikipedia.org/wiki/Shellshock_(software_bug)

Released as open source by NCC Group Plc - https://www.nccgroup.trust/

Developed By:

https://github.com/nccgroup/shocker

Released under AGPL see LICENSE for more information

Help Text

usage: shocker.py

-h, --help show this help message and exit

--Host HOST, -H HOST A target hostname or IP address

--file FILE, -f FILE File containing a list of targets

--port PORT, -p PORT The target port number (default=80)

--command COMMAND Command to execute (default=/bin/uname -a)

--cgi CGI, -c CGI Single CGI to check (e.g. /cgi-bin/test.cgi)

--proxy PROXY A BIT BROKEN RIGHT NOW Proxy to be used in the form 'ip:port'

--ssl, -s Use SSL (default=False)

--threads THREADS, -t THREADS Maximum number of threads (default=10, max=100)

--verbose, -v Be verbose in output

Usage Examples

./shocker.py -H 127.0.0.1 --command "/bin/cat /etc/passwd" -c /cgi-bin/test.cgi

Scans for http://127.0.0.1/cgi-bin/test.cgi and, if found, attempts to cat /etc/passwd

./shocker.py -H www.example.com -p 8001 -s

Scan www.example.com on port 8001 using SSL for all scripts in cgi_list and attempts the default exploit for any found

./shocker.py -f ./hostlist

Scans all hosts listed in the file ./hostlist with the default options

Dependencies

Python 2.7+

Change Log

Changes in version 1.1 (June 2018)

Changes in version 1.0 (March 2016)

Changes in version 0.72 (December 2014)

Changes in version 0.71 (December 2014)

Changes in version 0.7 (November 2014)

Changes in version 0.6 (October 2014)

Changes in version 0.5 (October 2014)

Changes in version 0.4 (October 2014)

Pre 0.4 (October 2014)

TODO

Thanks to...

Anthony Caulfield @ NCC for time and effort reviewing early versions

Brendan Coles @ NCC for his support and contributions