If you don't know what the ShellShock Bash exploit is, you should probably Google it. Now that you know...
ShellShocker tests a website for vulnerability to the ShellShock bug. There's a command-line tool for doing testing, and a deployable Flask-powered ShellShock testing website (punch in the URL of your server, we'll tell you what's vulnerable). It's also useful as a Shellshock exploit POC testing framework for researchers.
ShellShocker has two different ways of being run:
- a command line utility, and
- a web interface, which
iswas deployed to Heroku
Usage: shellshocker.py [OPTIONS] URL
Test the URL `URL` for ShellShock vulnerability.
Options:
-v, --verbose Make the tester more verbose for debugging
-c, --command TEXT Command to inject into the payload
-p, --payload [traditional|new]
Choose between the original bug and the new
one
--help Show this message and exit.
vagrant up.
In your Vagrant enviroment, everything'll be set up. If it somehow isn't...
vagrant provision.
If you're not in the virtualenv, activate it: . env/bin/activate.
SEND ME PRs! Please! I can't add every feature people want ;)
- Liam (ArchimedesPi)