Skip to content

Latest commit

 

History

History
49 lines (38 loc) · 2.06 KB

README.md

File metadata and controls

49 lines (38 loc) · 2.06 KB
Raw

ShellShocker

![Gitter](https://badges.gitter.im/Join Chat.svg) Stories in Ready Time to close issues Time to merge PRs

ShellShocker

If you don't know what the ShellShock Bash exploit is, you should probably Google it. Now that you know...

What is this for?

ShellShocker tests a website for vulnerability to the ShellShock bug. There's a command-line tool for doing testing, and a deployable Flask-powered ShellShock testing website (punch in the URL of your server, we'll tell you what's vulnerable). It's also useful as a Shellshock exploit POC testing framework for researchers.

How do I use it?

ShellShocker has two different ways of being run:

  • a command line utility, and
  • a web interface, which is was deployed to Heroku

Usage of the CLI:

Usage: shellshocker.py [OPTIONS] URL

  Test the URL `URL` for ShellShock vulnerability.

Options:
  -v, --verbose                   Make the tester more verbose for debugging
  -c, --command TEXT              Command to inject into the payload
  -p, --payload [traditional|new]
                                  Choose between the original bug and the new
                                  one
  --help                          Show this message and exit.

Hacking on the code

vagrant up. In your Vagrant enviroment, everything'll be set up. If it somehow isn't... vagrant provision.

If you're not in the virtualenv, activate it: . env/bin/activate.

SEND ME PRs! Please! I can't add every feature people want ;)

Authors

  • Liam (ArchimedesPi)