Test Shell Shock Exploit on a linux server using php
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Shell Shock Tester

Test Shell Shock Exploit on a linux server using php

i will add more description later

this script test the 4 exploits of Shell Shock on any Linux server with php 5+

all the configuration is actually in the main code in the configuration part, you can set:

  • server server ip (+cgi page if needed)
  • folder where exploit will write (or none but can be the mess, for better test need to add rights)
  • and some more options (like the exploit file name and ext to be easily retrieved)

The code will try to write file in /tmp/exploit/ (default folder who need to be created) using the Shell Shock Exploit. If the script create thoose file, that mean your server is Vulnerable to the exploit...

To create the folder you can use the shell command: mkdir -p /tmp/exploit && chown www-data:www-data /tmp/exploit && chmod 777 /tmp/exploit

Once done with the script you can safely remove this temp folder.

All is describe in detail in the source code...

If you got any question feel free to send me a message/mail