Skip to content

erinzm/shellshocker

BranchesTags

Repository files navigation

ShellShocker

![Gitter](https://badges.gitter.im/Join Chat.svg) Stories in Ready Time to close issues Time to merge PRs

ShellShocker

If you don't know what the ShellShock Bash exploit is, you should probably Google it. Now that you know...

What is this for?

ShellShocker tests a website for vulnerability to the ShellShock bug. There's a command-line tool for doing testing, and a deployable Flask-powered ShellShock testing website (punch in the URL of your server, we'll tell you what's vulnerable). It's also useful as a Shellshock exploit POC testing framework for researchers.

How do I use it?

ShellShocker has two different ways of being run:

  • a command line utility, and
  • a web interface, which is was deployed to Heroku

Usage of the CLI:

Usage: shellshocker.py [OPTIONS] URL

  Test the URL `URL` for ShellShock vulnerability.

Options:
  -v, --verbose                   Make the tester more verbose for debugging
  -c, --command TEXT              Command to inject into the payload
  -p, --payload [traditional|new]
                                  Choose between the original bug and the new
                                  one
  --help                          Show this message and exit.

Hacking on the code

vagrant up. In your Vagrant enviroment, everything'll be set up. If it somehow isn't... vagrant provision.

If you're not in the virtualenv, activate it: . env/bin/activate.

SEND ME PRs! Please! I can't add every feature people want ;)

Authors

  • Liam (ArchimedesPi)

About

Tests for the ShellShock vulnerability

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages